Sources: image, root, SSH
Every extraction command (inventory, drift, migrate, and readiness per line) accepts a source three ways. They are mutually exclusive.
--image <file> — a cold disk image
Vrtmv detects the format from magic bytes and mounts it read-only. Supported formats:
| Format | Notes |
|---|---|
| raw | attached via losetup |
| qcow2 | attached via qemu-nbd |
| vmdk | attached via qemu-nbd |
| OVA | a tar bundle of a VMDK — extract first |
| ploop | needs ploop tools — extract first |
Mounting needs root and the relevant tooling (see Installation). LVM-backed roots are activated automatically; btrfs subvolumes and multi-device/RAID are not yet handled. The attach is read-only at the block layer, so a journal replay can never modify the source.
vrtmv assess <image>detects the format from magic bytes alone — no mounting, no root, no VM access.
--root <dir> — an already-mounted filesystem
Point Vrtmv at a directory that is the root of the source filesystem (a loop mount you manage, a snapshot, a sidecar-attached volume). No privileges beyond read access are required.
--ssh user@host — a running Linux VM or bare-metal server
Collect state from a live host over SSH into a local bundle, then analyse it exactly as if it were an image. This is how Vrtmv reverse-engineers workloads that can't be imaged:
- Running Linux VMs — a live guest you can't or don't want to snapshot.
- Legacy bare-metal servers — physical machines that predate the virtualization estate, with no disk image to hand. Vrtmv treats them as first-class migration sources: collect over SSH, translate, and rebuild the workload on a modern VM or target OS.
Options:
| Flag | Purpose |
|---|---|
--ssh-port <n> | Non-default SSH port. |
--ssh-key <file> | Identity file (otherwise agent / ssh_config). |
--jump user@bastion | ProxyJump / bastion. |
--sudo | Wrap the remote read in sudo (needs passwordless sudo). |
Host and jump arguments are validated against argument-injection before any process is spawned.
Which to use
Cold image (--image) is the most audit-defensible: the source is never booted and cannot change during analysis. --root is operationally simplest when you already have the filesystem mounted. --ssh is for running hosts you cannot take offline.