[libvirt-users] luks ecrypted storage poll - lvm - possible?
hi everyone, do we get to encrypt lvm pools in/with libvirt? I'm on Centos 7.x but see mention of it, not even on the net. Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt? many thanks, L.
On 12/20/18 11:56 AM, lejeczek wrote:
hi everyone,
do we get to encrypt lvm pools in/with libvirt?
The pool or the volumes?
I'm on Centos 7.x but see mention of it, not even on the net.
I have no idea which libvirt version is in Centos versions, but support was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further clarify" that only LUKS encryption is supported.
Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt?
It should work with the appropriate secret and volume being used. John
many thanks, L.
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:
On 12/20/18 11:56 AM, lejeczek wrote:
hi everyone,
do we get to encrypt lvm pools in/with libvirt?
The pool or the volumes?
I'm on Centos 7.x but see mention of it, not even on the net.
I have no idea which libvirt version is in Centos versions, but support was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further clarify" that only LUKS encryption is supported.
Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt?
It should work with the appropriate secret and volume being used.
Only for the QEMU driver. AFAIR, we never wired up any luks support into the LXC driver. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 21/12/2018 09:28, Daniel P. Berrangé wrote:
On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:
On 12/20/18 11:56 AM, lejeczek wrote:
hi everyone,
do we get to encrypt lvm pools in/with libvirt? The pool or the volumes?
I'm on Centos 7.x but see mention of it, not even on the net. I have no idea which libvirt version is in Centos versions, but support was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further clarify" that only LUKS encryption is supported.
Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt? It should work with the appropriate secret and volume being used.
Only for the QEMU driver. AFAIR, we never wired up any luks support into the LXC driver.
With LXC it does not look, did not look good at all, but I had hope. A while ago I filed this: https://bugzilla.redhat.com/show_bug.cgi?id=1641381 I cannot start lxc containers even off not encrypted lvm volumes.
Regards, Daniel
participants (3)
-
Daniel P. Berrangé -
John Ferlan -
lejeczek