Proxmox auto start-up script and auto shutdown script

M

macamba

Well-Known Member
Mar 8, 2011
85
5
48
For saving power at home I am working scheduling my Proxmox Lab to auto start in the morning and auto shutdown in the evening.
1) Auto start-up is time-based triggered from the BIOS (and if needed on another time triggered with a WoL command)
A) Auto start-up works via BIOS time-based trigger
B) Question is how can I auto load a key on boot for encypted ZFS dataset?

2) Auto shutdown is time-based triggered via CRON
A) Basic script is working, just added '00 22 * * * root /sbin/shutdown -h now' to /etc/crontab
B) Question is how to cleanly shutdown VM's and Containers on the host?

Macamba
 
Hi,
macamba said:
B) Question is how can I auto load a key on boot for encypted ZFS dataset?
Click to expand...
I am not sure about this, but also: what is the point of encrypting your system if it will immediately decrypt itself on boot without any further interaction? That would require the key being stored basically next to the encrypt ZFS dataset, which seems a bit pointless to me. A potential attacker that has access to your machine could then easily overcome the encryption.

You might be able to set up some external device that holds the information to decrypt it. Similar to a YubiKey that can be used to log into your machine. Then you could at least separate the key easily from the system when you don't need it and an attacker would need physical access to the machine and the key. While I haven't tested anything like that myself, a quick search around the internet indicates that this is possible.
macamba said:
B) Question is how to cleanly shutdown VM's and Containers on the host?
Click to expand...
Proxmox VE will issue a shutdown command to all your VMs automatically and, by default, wait 180 seconds for them to shutdown properly. You can read more about that in the manual [1].

[1]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#qm_startup_and_shutdown
 
sterzy said:
I am not sure about this, but also: what is the point of encrypting your system if it will immediately decrypt itself on boot without any further interaction? That would require the key being stored basically next to the encrypt ZFS dataset, which seems a bit pointless to me.
Click to expand...
I can't speak for the OT but, in my situation, a physical attack is not my primary concern. I just want all data stored on my disks to be encrypted so when I replace a disk, I don't have to manually delete it. That's why I, too, am interested in a way to have my encrypted ZFS datasets auto-mounted at boot.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back