[PVE-User] VM encryption and high availability

Alexandre DERUMIER aderumier at odiso.com
Mon Oct 8 08:50:47 CEST 2018


Hi,

It's also possible to manage luks encryption at qemu level

I have an opened bugzilla about this, but don't have time yet to work on it
https://bugzilla.proxmox.com/show_bug.cgi?id=1894

Advantage is that it's could work with any storage

----- Mail original -----
De: "Daniel Berteaud" <daniel at firewall-services.com>
À: "proxmoxve" <pve-user at pve.proxmox.com>
Envoyé: Lundi 8 Octobre 2018 08:30:17
Objet: Re: [PVE-User] VM encryption and high availability

Le 05/10/2018 à 16:55, Martin LEUSCH a écrit : 
> Hi, 
> 
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I 
> didn't own the iSCSI server, I plane to encrypt some disk image to 
> increase confidentiality. 
> 
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical 
> volume and use them in Proxmox, is there a way to achieve that? 


You can, this is what I use. Just declare your iSCSI volume, but don't 
use it yet. Create a LUKS volume on it (just on one node): 


cryptsetup luksFormat /dev/sdc 

[...] 


Then open your new LUKS device: 


cryptsetup open --type=luks /dev/sdc clear 


Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one 
node before using it). 


Now, when you reboot one of your node, you just have to unlock the 
device with 


cryptsetup open --type=luks /dev/sdc clear 


Before you can access the data 

-- 

Logo FWS 

*Daniel Berteaud* 

FIREWALL-SERVICES SAS. 
Société de Services en Logiciels Libres 
Tel : 05 56 64 15 32 
Matrix: @dani:fws.fr 
/www.firewall-services.com/ 

_______________________________________________ 
pve-user mailing list 
pve-user at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user 



More information about the pve-user mailing list