lejeczek
2018-Dec-20 16:56 UTC
[libvirt-users] luks ecrypted storage poll - lvm - possible?
hi everyone, do we get to encrypt lvm pools in/with libvirt? I'm on Centos 7.x but see mention of it, not even on the net. Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt? many thanks, L.
John Ferlan
2018-Dec-20 21:57 UTC
Re: [libvirt-users] luks ecrypted storage poll - lvm - possible?
On 12/20/18 11:56 AM, lejeczek wrote:> hi everyone, > > do we get to encrypt lvm pools in/with libvirt?The pool or the volumes?> > I'm on Centos 7.x but see mention of it, not even on the net.I have no idea which libvirt version is in Centos versions, but support was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further clarify" that only LUKS encryption is supported.> > Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm > where at least the part when dev gets luksOpened is taken care of by > libvirt?It should work with the appropriate secret and volume being used. John> > many thanks, L. > > _______________________________________________ > libvirt-users mailing list > libvirt-users@redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-users
Daniel P. Berrangé
2018-Dec-21 09:28 UTC
Re: [libvirt-users] luks ecrypted storage poll - lvm - possible?
On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:> > > On 12/20/18 11:56 AM, lejeczek wrote: > > hi everyone, > > > > do we get to encrypt lvm pools in/with libvirt? > > The pool or the volumes? > > > > > I'm on Centos 7.x but see mention of it, not even on the net. > > I have no idea which libvirt version is in Centos versions, but support > was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a > followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further > clarify" that only LUKS encryption is supported. > > > > > Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm > > where at least the part when dev gets luksOpened is taken care of by > > libvirt? > > It should work with the appropriate secret and volume being used.Only for the QEMU driver. AFAIR, we never wired up any luks support into the LXC driver. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Apparently Analagous Threads
- Re: luks ecrypted storage poll - lvm - possible?
- luks ecrypted storage poll - lvm - possible?
- LUKS encypted partition using --key-file can only be decrypted with --key-file
- LUKS on EL6 / enable block device after reboot
- [libguestfs PATCH 3/3] LUKS-on-LVM inspection test: test /dev/mapper/VG-LV translation