[libvirt-users] luks ecrypted storage poll - lvm - possible?
lejeczek
peljasz at yahoo.co.uk
Fri Dec 21 11:22:00 UTC 2018
On 21/12/2018 09:28, Daniel P. Berrangé wrote:
> On Thu, Dec 20, 2018 at 04:57:41PM -0500, John Ferlan wrote:
>>
>> On 12/20/18 11:56 AM, lejeczek wrote:
>>> hi everyone,
>>>
>>> do we get to encrypt lvm pools in/with libvirt?
>> The pool or the volumes?
>>
>>> I'm on Centos 7.x but see mention of it, not even on the net.
>> I have no idea which libvirt version is in Centos versions, but support
>> was added in libvirt 3.9.0 (Nov. 2017) via commit 2518fd3b6a with a
>> followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further
>> clarify" that only LUKS encryption is supported.
>>
>>> Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm
>>> where at least the part when dev gets luksOpened is taken care of by
>>> libvirt?
>> It should work with the appropriate secret and volume being used.
> Only for the QEMU driver. AFAIR, we never wired up any luks support
> into the LXC driver.
With LXC it does not look, did not look good at all, but I had hope. A
while ago I filed this: https://bugzilla.redhat.com/show_bug.cgi?id=1641381
I cannot start lxc containers even off not encrypted lvm volumes.
> Regards,
> Daniel
More information about the libvirt-users
mailing list