[PVE-User] VM encryption and high availability
Alexandre DERUMIER
aderumier at odiso.com
Mon Oct 8 08:50:47 CEST 2018
Hi,
It's also possible to manage luks encryption at qemu level
I have an opened bugzilla about this, but don't have time yet to work on it
https://bugzilla.proxmox.com/show_bug.cgi?id=1894
Advantage is that it's could work with any storage
----- Mail original -----
De: "Daniel Berteaud" <daniel at firewall-services.com>
À: "proxmoxve" <pve-user at pve.proxmox.com>
Envoyé: Lundi 8 Octobre 2018 08:30:17
Objet: Re: [PVE-User] VM encryption and high availability
Le 05/10/2018 à 16:55, Martin LEUSCH a écrit :
> Hi,
>
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I
> didn't own the iSCSI server, I plane to encrypt some disk image to
> increase confidentiality.
>
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical
> volume and use them in Proxmox, is there a way to achieve that?
You can, this is what I use. Just declare your iSCSI volume, but don't
use it yet. Create a LUKS volume on it (just on one node):
cryptsetup luksFormat /dev/sdc
[...]
Then open your new LUKS device:
cryptsetup open --type=luks /dev/sdc clear
Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one
node before using it).
Now, when you reboot one of your node, you just have to unlock the
device with
cryptsetup open --type=luks /dev/sdc clear
Before you can access the data
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32
Matrix: @dani:fws.fr
/www.firewall-services.com/
_______________________________________________
pve-user mailing list
pve-user at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list