Encrypted usb as VM storage

[orosmannaro]

I would like to use an USB SSD as PVE storage for VM.

I would like to encrypt the SSD (decrypt the entire disk when mount and encrypt it when umount).

Is it possible?


TIA

 

[fabian]

I would like to use an USB SSD as PVE storage for VM.

I would like to encrypt the SSD (decrypt the entire disk when mount and encrypt it when umount).

Is it possible?


TIA

you can set something like that up, but it's not integrated into PVE. just use the regular tools (dmcrypt/LUKS/cryptsetup) to setup the encryption, mount the decrypted volume and tell PVE about it (using the "directory" storage plugin).

 

[orosmannaro]

I fabian. Thanks for your reply.

I configured LUKS and a PVE storage using a directory mounted on a partition of the crypted USB disk.

But installation of VM get stuck.

I must to restart Proxmox with some problem (the system doesn't shutdown because it wasn't able to umount the USB disk).

I write down here my steps, to explain my situation and, may be, help someone else in the future:

Check if CPU support AES-NI:

grep aes /proc/cpuinfo

Load mcrypt module:

modprobe dm_crypt

Install LUKS:

apt-get install cryptsetup

Here I have this warning: cryptsetup: WARNING: could not determine root device from /etc/fstab (maybe it depends on ZFS?)

Encrypt the USB disk partition:

cryptsetup -y -v luksFormat /dev/sdc1

Create a mapping for this encrypted partition:

cryptsetup luksOpen /dev/sdc1 usbvm

Format the virtual device:

mkfs.ext4 /dev/mapper/usbvm

Mount virtual device on a directory;

mkdir /mnt/usbvm
mount /dev/mapper/usbvm /mnt/usbvm

Now it was simple to create a PVE directory storage and a VM on it.

As I said, for some reason the VM installation becomes unresponsive, even if Proxmox resource monitor doesn't show CPU/RAM overload.

I will continue to experiment.