10:56 a.m.
hi everyone,
do we get to encrypt lvm pools in/with libvirt?
I'm on Centos 7.x but see mention of it, not even on the net.
Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm
where at least the part when dev gets luksOpened is taken care of by
libvirt?
many thanks, L.
3:57 p.m.
On 12/20/18 11:56 AM, lejeczek wrote:
hi everyone,
do we get to encrypt lvm pools in/with libvirt?
The pool or the volumes?
I'm on Centos 7.x but see mention of it, not even on the net.
I have no idea which libvirt version is in Centos versions, but support
was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a
followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further
clarify" that only LUKS encryption is supported.
Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm
where at least the part when dev gets luksOpened is taken care of by
libvirt?
It should work with the appropriate secret and volume being used.
John
many thanks, L.
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
3:28 a.m.
On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:
On 12/20/18 11:56 AM, lejeczek wrote:
> hi everyone,
>
> do we get to encrypt lvm pools in/with libvirt?
The pool or the volumes?
>
> I'm on Centos 7.x but see mention of it, not even on the net.
I have no idea which libvirt version is in Centos versions, but support
was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a
followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further
clarify" that only LUKS encryption is supported.
>
> Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm
> where at least the part when dev gets luksOpened is taken care of by
> libvirt?
It should work with the appropriate secret and volume being used.
Only for the QEMU driver. AFAIR, we never wired up any luks support
into the LXC driver.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
5:22 a.m.
On 21/12/2018 09:28, Daniel P. Berrangé wrote:
On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:
>
> On 12/20/18 11:56 AM, lejeczek wrote:
>> hi everyone,
>>
>> do we get to encrypt lvm pools in/with libvirt?
> The pool or the volumes?
>
>> I'm on Centos 7.x but see mention of it, not even on the net.
> I have no idea which libvirt version is in Centos versions, but support
> was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a
> followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further
> clarify" that only LUKS encryption is supported.
>
>> Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm
>> where at least the part when dev gets luksOpened is taken care of by
>> libvirt?
> It should work with the appropriate secret and volume being used.
Only for the QEMU driver. AFAIR, we never wired up any luks support
into the LXC driver.
With LXC it does not look, did not look good at all, but I had hope. A
while ago I filed this: https://bugzilla.redhat.com/show_bug.cgi?id=1641381
I cannot start lxc containers even off not encrypted lvm volumes.
Regards,
Daniel
2163
days inactive
2164
days old
3 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
John Ferlan -
lejeczek