Fresh FDE zfs-mirror installation
- Thread starter bea
- Start date
Hey @news , you seem to be a very funny person, as much as smart, but the game we play here is about helping each other, that's why I asked for help.
Anyone knows if what I ask is possible?
I have been reading many different things on Proxmox encryption but I have not understood how I could install (on my 2-disk computer) PVE with ZFS mirror on the top of LUKS. Or if that is possible at all.
Anyone knows if what I ask is possible?
I have been reading many different things on Proxmox encryption but I have not understood how I could install (on my 2-disk computer) PVE with ZFS mirror on the top of LUKS. Or if that is possible at all.
Maybe this may help you to your project - https://forum.proxmox.com/threads/p...raid1-on-luks-a-couple-last-questions.140010/ 
I saw that post before but I did not go through the whole thread where it comes the interesting part... Thank you!
There I see a step-by-step guide made by @Dunuin and then @Anotheruser announcing they managed to do it.
Unfortunately that guide is a bit too advanced for me, I would have questions on most of its steps.
Perhaps they want to publish a more detailed guide : )
Otherwise I guess I'll look for something else.
There I see a step-by-step guide made by @Dunuin and then @Anotheruser announcing they managed to do it.
Unfortunately that guide is a bit too advanced for me, I would have questions on most of its steps.
Perhaps they want to publish a more detailed guide : )
Otherwise I guess I'll look for something else.
Yes, that's what I have now, LUKS-encrypted VMs. The main problem I find is I can't (or don't know how to) encrypt LXC containers, so I end up having heavy VMs and the host quickly runs out of resources. If I had an encrypted host, I could use containers and have many diferent services I cannot afford now.
Maybe I did not explain correctly, or I don't exactly understand what you mean. I currently have encrypted VMs because I configured LUKS through the installer of each guest OS (Debian).
ZFS encryption would be nice, but I don't use it. I discarded it because I think it was problematic -if I remember properly- with ZFS replication and I need ZFS replication for the cluster "pseudo" HA.
By the way, what's "pw"?
ZFS encryption would be nice, but I don't use it. I discarded it because I think it was problematic -if I remember properly- with ZFS replication and I need ZFS replication for the cluster "pseudo" HA.
By the way, what's "pw"?
pw=password.
Maybe you just install pve on 1 ssd. Then partition the 2nd one for pve and an additional image use, "mirror" pve over, config with proxmox-boot-tool, test by removing the 1st ssd. When iO do the same to 1st ssd. After having unencrypted pve and free partition, doing luks onto, setup 2nd pool (rpool still exists).
Maybe you just install pve on 1 ssd. Then partition the 2nd one for pve and an additional image use, "mirror" pve over, config with proxmox-boot-tool, test by removing the 1st ssd. When iO do the same to 1st ssd. After having unencrypted pve and free partition, doing luks onto, setup 2nd pool (rpool still exists).
ZFS has native encryption, still works on 8.3:
https://gist.github.com/yvesh/ae77a68414484c8c79da03c4a4f6fd55
https://gist.github.com/yvesh/ae77a68414484c8c79da03c4a4f6fd55
iO is german "in Ordnung" meaning "ok" in english, sorry
That looks like a good way would try that as it looks much easier than rework a pve inst. to use luke under a vm pool.
Bisher noch nicht die Muse gehabt, da weiter rumzuprobieren.