Hi, It's also possible to manage luks encryption at qemu level
I have an opened bugzilla about this, but don't have time yet to work on it https://bugzilla.proxmox.com/show_bug.cgi?id=1894 Advantage is that it's could work with any storage ----- Mail original ----- De: "Daniel Berteaud" <[email protected]> À: "proxmoxve" <[email protected]> Envoyé: Lundi 8 Octobre 2018 08:30:17 Objet: Re: [PVE-User] VM encryption and high availability Le 05/10/2018 à 16:55, Martin LEUSCH a écrit : > Hi, > > I have a Proxmox cluster and use LVM over iSCSI as storage. As I > didn't own the iSCSI server, I plane to encrypt some disk image to > increase confidentiality. > > Firstly, I didn't found a way to encrypt iSCSI target or LVM logical > volume and use them in Proxmox, is there a way to achieve that? You can, this is what I use. Just declare your iSCSI volume, but don't use it yet. Create a LUKS volume on it (just on one node): cryptsetup luksFormat /dev/sdc [...] Then open your new LUKS device: cryptsetup open --type=luks /dev/sdc clear Now you can use /dev/mapper/clear as LVM (pvcreate && vgcreate on one node before using it). Now, when you reboot one of your node, you just have to unlock the device with cryptsetup open --type=luks /dev/sdc clear Before you can access the data -- Logo FWS *Daniel Berteaud* FIREWALL-SERVICES SAS. Société de Services en Logiciels Libres Tel : 05 56 64 15 32 Matrix: @dani:fws.fr /www.firewall-services.com/ _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
