How To: Enable encryption for local storage in PVE 6.2.4?

mpizzolo

Member
Oct 15, 2019
18
0
21
50
Hello,

We already have a remote rbd ceph octopus cluster w/encryption, but would like to turn on encryption for some nodes that have local NVMe drives. Is there a good way of enabling encryption for unshared local storage? Am not looking to use arrays at all if at all possible, just single point of failure standalone JBOD disks.

Note: /dev/nvme0n1 was encrypted with LUKS and appears as a Device Mapper configured disk.

1592249603929.png

1592249689212.png


Thanks,
Marco
 
We didn't follow one single guide, but rather pulled from a couple of different sources to understand what was required. The overall process was roughly:

  1. Wipe all disks but OS Boot ( wipefs --all --force /dev/nvme0n1 )
  2. For each NVMe we ran: zpool create -f -o ashift=12 disk0 /dev/nvme0n1
  3. For each NVMe we ran: zpool set feature@encryption=enabled disk0
  4. For each NVMe we ran: zfs create -o encryption=on -o keyformat=passphrase disk0/encrypted
  5. For each NVMe we finally ran: pvesm add zfspool disk0_encrypted -pool disk0/encrypted
  6. We limited the hosts for whom the device was available to just the host for whom they are local.
Incrementing device and disk# for each.

I hope this helps.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!