[PVE-User] VM encryption and high availability
Daniel Berteaud
daniel at firewall-services.com
Mon Oct 8 08:30:17 CEST 2018
Le 05/10/2018 à 16:55, Martin LEUSCH a écrit :
> Hi,
>
> I have a Proxmox cluster and use LVM over iSCSI as storage. As I
> didn't own the iSCSI server, I plane to encrypt some disk image to
> increase confidentiality.
>
> Firstly, I didn't found a way to encrypt iSCSI target or LVM logical
> volume and use them in Proxmox, is there a way to achieve that?
You can, this is what I use. Just declare your iSCSI volume, but don't
use it yet. Create a LUKS volume on it (just on one node):
cryptsetup luksFormat /dev/sdc
[...]
Then open your new LUKS device:
cryptsetup open --type=luks /dev/sdc clear
Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one
node before using it).
Now, when you reboot one of your node, you just have to unlock the
device with
cryptsetup open --type=luks /dev/sdc clear
Before you can access the data
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32
Matrix: @dani:fws.fr
/www.firewall-services.com/
More information about the pve-user
mailing list