From e53946f3846409a8f374c83e33ef52e13626b16b Mon Sep 17 00:00:00 2001
From: Nick Pegg <nick@nickpegg.com>
Date: Mon, 24 Aug 2020 00:06:48 -0700
Subject: [PATCH 1/3] [post] "Key was rejected by service" error

---
 ...0-08-23_key_rejected_by_service_error.yaml | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 posts/2020-08-23_key_rejected_by_service_error.yaml

diff --git a/posts/2020-08-23_key_rejected_by_service_error.yaml b/posts/2020-08-23_key_rejected_by_service_error.yaml
new file mode 100644
index 0000000..9dce740
--- /dev/null
+++ b/posts/2020-08-23_key_rejected_by_service_error.yaml
@@ -0,0 +1,37 @@
+date: 2020-08-23
+title: '"Key was rejected by service" when loading kernel modules on VMs'
+---
+Here's a quick blurb about something I recently ran into and found a fix for, and
+I'm hoping that the search indexing gods find this and help some other poor
+soul who has run into this sort of thing.
+
+I've been playing around with KVM virtual machines on my home server recently,
+and have started using the `virt-sparsify` and `virt-resize` CLI tools
+respectively to generate a compressed golden machine image and apply that image
+to a new VM. After doing this and booting the new machine, I got this failure
+after trying to load in a kernel module:
+
+```
+$ sudo modprobe bridge
+modprobe: ERROR: could not insert 'bridge': Key was rejected by service
+```
+
+Uhhh, what? This seems to point to some secure boot signing-related thing, but
+I'm pretty sure nothing has gone awry with that since all I did was make a disk
+clone. After a bunch of experimenting, I discovered that cloning with
+straight `dd` would work fine, and would somehow taint the target disk so that
+future `virt-resize` runs would always result in a working target!
+
+This was really weird, so I dug through the [`virt-resize`
+manpage](https://libguestfs.org/virt-resize.1.html), and came across the
+`--no-sparse` flag which has this in its description:
+
+> The main time this can be a problem is if the target is a host partition (eg. virt-resize source.img /dev/sda4) because the usual partitioning tools tend to leave whatever data happened to be on the disk before.
+>
+> If you have to reuse a target which contains data already, you should use the --no-sparse option. Note this can be much slower.
+
+Well shit. My target VM that's receiving the image is using a LVM logical
+volume for its drive, which I'm sure has some leftover data on it.
+**`virt-resize --no-sparse` fixes this issue for me, as does zeroing out the LV
+before applying the image.** With the sparse copying, some old junk data must
+have been lurking in the new VM's partition, causing the issues.

From ef5d0a3069639f400aa7c4f8609514a9458a134a Mon Sep 17 00:00:00 2001
From: Nick Pegg <nick@nickpegg.com>
Date: Mon, 24 Aug 2020 00:07:43 -0700
Subject: [PATCH 2/3] tweak title

---
 posts/2020-08-23_key_rejected_by_service_error.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/posts/2020-08-23_key_rejected_by_service_error.yaml b/posts/2020-08-23_key_rejected_by_service_error.yaml
index 9dce740..9a5d9ef 100644
--- a/posts/2020-08-23_key_rejected_by_service_error.yaml
+++ b/posts/2020-08-23_key_rejected_by_service_error.yaml
@@ -1,5 +1,5 @@
 date: 2020-08-23
-title: '"Key was rejected by service" when loading kernel modules on VMs'
+title: '"Key was rejected by service" kernel module error on cloned VMs'
 ---
 Here's a quick blurb about something I recently ran into and found a fix for, and
 I'm hoping that the search indexing gods find this and help some other poor

From aee4d60cb24ca38e4f4c6f3d3cfe9f7d9608bbb2 Mon Sep 17 00:00:00 2001
From: Nick Pegg <nick@nickpegg.com>
Date: Mon, 24 Aug 2020 00:10:33 -0700
Subject: [PATCH 3/3] give example of virt-sparsify and virt-resize

---
 posts/2020-08-23_key_rejected_by_service_error.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/posts/2020-08-23_key_rejected_by_service_error.yaml b/posts/2020-08-23_key_rejected_by_service_error.yaml
index 9a5d9ef..19c577b 100644
--- a/posts/2020-08-23_key_rejected_by_service_error.yaml
+++ b/posts/2020-08-23_key_rejected_by_service_error.yaml
@@ -8,9 +8,14 @@ soul who has run into this sort of thing.
 I've been playing around with KVM virtual machines on my home server recently,
 and have started using the `virt-sparsify` and `virt-resize` CLI tools
 respectively to generate a compressed golden machine image and apply that image
-to a new VM. After doing this and booting the new machine, I got this failure
-after trying to load in a kernel module:
+to a new VM. For example:
+```
+sudo virt-sparsify --compress --convert qcow2 /dev/vg0/debian-base debian-base.qcow2
+sudo virt-resize --expand /dev/sda2 --no-sparse debian-base.qcow2 /dev/vg0/new-vm
+```
 
+After doing this and booting the new machine, I got this failure after trying
+to load in a kernel module:
 ```
 $ sudo modprobe bridge
 modprobe: ERROR: could not insert 'bridge': Key was rejected by service