[PVE-User] VM encryption and high availability

Alexandre DERUMIER aderumier at odiso.com
Mon Oct 8 08:50:47 CEST 2018


It's also possible to manage luks encryption at qemu level

I have an opened bugzilla about this, but don't have time yet to work on it

Advantage is that it's could work with any storage

----- Mail original -----
De: "Daniel Berteaud" <daniel at firewall-services.com>
À: "proxmoxve" <pve-user at pve.proxmox.com>
Envoyé: Lundi 8 Octobre 2018 08:30:17
Objet: Re: [PVE-User] VM encryption and high availability

Le 05/10/2018 à 16:55, Martin LEUSCH a écrit : 
> Hi, 
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I 
> didn't own the iSCSI server, I plane to encrypt some disk image to 
> increase confidentiality. 
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical 
> volume and use them in Proxmox, is there a way to achieve that? 

You can, this is what I use. Just declare your iSCSI volume, but don't 
use it yet. Create a LUKS volume on it (just on one node): 

cryptsetup luksFormat /dev/sdc 


Then open your new LUKS device: 

cryptsetup open --type=luks /dev/sdc clear 

Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one 
node before using it). 

Now, when you reboot one of your node, you just have to unlock the 
device with 

cryptsetup open --type=luks /dev/sdc clear 

Before you can access the data 


Logo FWS 

*Daniel Berteaud* 

Société de Services en Logiciels Libres 
Tel : 05 56 64 15 32 
Matrix: @dani:fws.fr 

pve-user mailing list 
pve-user at pve.proxmox.com 

More information about the pve-user mailing list