[PVE-User] VM encryption and high availability

Daniel Berteaud daniel at firewall-services.com
Mon Oct 8 08:30:17 CEST 2018

Le 05/10/2018 à 16:55, Martin LEUSCH a écrit :
> Hi,
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I
> didn't own the iSCSI server, I plane to encrypt some disk image to
> increase confidentiality.
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical
> volume and use them in Proxmox, is there a way to achieve that?

You can, this is what I use. Just declare your iSCSI volume, but don't
use it yet. Create a LUKS volume on it (just on one node):

cryptsetup luksFormat /dev/sdc


Then open your new LUKS device:

cryptsetup open --type=luks /dev/sdc clear

Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one
node before using it).

Now, when you reboot one of your node, you just have to unlock the
device with

cryptsetup open --type=luks /dev/sdc clear

Before you can access the data


Logo FWS

	*Daniel Berteaud*

Société de Services en Logiciels Libres
Tel : 05 56 64 15 32
Matrix: @dani:fws.fr

More information about the pve-user mailing list