Hello,
I have a bunch of questions about setting up storage in a recommended/safest way.
My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc.
The tricky thing is, I want all(or some) of the storage to be encrypted at startup and I would unlock it manually on restart.
What I've tried and didn't work reliably:
- The whole storage disk is luks-encrypted, and it contains a single partition inside
- The disk is passed-through to a VM running OpenMediaVault
- I'm using the luks plugin for OMV to unlock the drive
- I'm sharing a bunch of directories via NFS/SMB to my other VMs and externally.
The issue is - OMV doesn't behave well with its shares not being available(encrypted disk initially not mounted), so when I unlock it _sometimes_ NFS shares are not working correctly. The whole thing feels very fragile.
Of course, I could build a dummy OMV shares structure on the initial FS, then use a script to unlock and mount the encrypted drive inside those dirs, but I want to avoid heavily modifying the behavior of the NAS.
So,
I'm thinking of the following strategy:
- Again, the whole disk is encrypted and contains a single partition
- The disk is added as a Proxmox storage that contains qcow2 files
- The qcow2s are attached to the NAS vm or wherever needed as storage partitions so even if the disk is not unlocked at startup, the vms would boot, but will be unable to mount the locked qcow2's
- A simple addition on the host to allow unlocking the storage disk via some sort of UI
The downsides/questions I'm concerned about:
- One more layer of abstraction - instead of passing-trhough a native disk and partition, now I would have a fully-encrypted disk, a partition on top, that contains qcow's that contain a fs+partition inside them. I'm wondering if there is a more elegant way to organize this kind of storage
- Is there any concern/danger in having big qcow2 files - let's say 1-2TB or the file size itself doesn't matter at all?
- Does Proxmox itself behave well if a virtual disk that is attached to a vm isn't available on startup? Let's say I have a NAS vm - the system disk is available, but the storage qcow2 is encrypted at Proxmox startup and vm startup?
- Can a virtual disk be dynamically "turned on" when it becomes available? In the example above - let's say the NAS is started without its storage virtual disk. When I unlock the encrypted disk and the qcow2 becomes available, can I attach it to a running vm so it can be mounted live i.e. virtually hot-plugged?
- Is there a "recommended" way to add additional functionality to the Proxmox host? A way of running custom scripts on the host and adding to/extending the Proxmox UI? As a generic way, I was thinking simply running a separate web UI having the tools to unlock the encrypted storage. I've seen people add Cockpit/Webmin to the host, but I don't want to bloat the Proxmox install.
Am I overengineering it? Maybe there's a simpler and more elegant way of achieving what I wanted. My very simple thought is - I want my storage to be encrypted so even if somebody steals the hardware, the data is encrypted until I decrypt it manually - which would happen only in a long power outage where the UPS will shut it down. Any advice is welcome
I have a bunch of questions about setting up storage in a recommended/safest way.
My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc.
The tricky thing is, I want all(or some) of the storage to be encrypted at startup and I would unlock it manually on restart.
What I've tried and didn't work reliably:
- The whole storage disk is luks-encrypted, and it contains a single partition inside
- The disk is passed-through to a VM running OpenMediaVault
- I'm using the luks plugin for OMV to unlock the drive
- I'm sharing a bunch of directories via NFS/SMB to my other VMs and externally.
The issue is - OMV doesn't behave well with its shares not being available(encrypted disk initially not mounted), so when I unlock it _sometimes_ NFS shares are not working correctly. The whole thing feels very fragile.
Of course, I could build a dummy OMV shares structure on the initial FS, then use a script to unlock and mount the encrypted drive inside those dirs, but I want to avoid heavily modifying the behavior of the NAS.
So,
I'm thinking of the following strategy:
- Again, the whole disk is encrypted and contains a single partition
- The disk is added as a Proxmox storage that contains qcow2 files
- The qcow2s are attached to the NAS vm or wherever needed as storage partitions so even if the disk is not unlocked at startup, the vms would boot, but will be unable to mount the locked qcow2's
- A simple addition on the host to allow unlocking the storage disk via some sort of UI
The downsides/questions I'm concerned about:
- One more layer of abstraction - instead of passing-trhough a native disk and partition, now I would have a fully-encrypted disk, a partition on top, that contains qcow's that contain a fs+partition inside them. I'm wondering if there is a more elegant way to organize this kind of storage
- Is there any concern/danger in having big qcow2 files - let's say 1-2TB or the file size itself doesn't matter at all?
- Does Proxmox itself behave well if a virtual disk that is attached to a vm isn't available on startup? Let's say I have a NAS vm - the system disk is available, but the storage qcow2 is encrypted at Proxmox startup and vm startup?
- Can a virtual disk be dynamically "turned on" when it becomes available? In the example above - let's say the NAS is started without its storage virtual disk. When I unlock the encrypted disk and the qcow2 becomes available, can I attach it to a running vm so it can be mounted live i.e. virtually hot-plugged?
- Is there a "recommended" way to add additional functionality to the Proxmox host? A way of running custom scripts on the host and adding to/extending the Proxmox UI? As a generic way, I was thinking simply running a separate web UI having the tools to unlock the encrypted storage. I've seen people add Cockpit/Webmin to the host, but I don't want to bloat the Proxmox install.
Am I overengineering it? Maybe there's a simpler and more elegant way of achieving what I wanted. My very simple thought is - I want my storage to be encrypted so even if somebody steals the hardware, the data is encrypted until I decrypt it manually - which would happen only in a long power outage where the UPS will shut it down. Any advice is welcome