Hello, i use encrypted zvol's for my desktop vm's by manually creating them, and then linking them to the VM's using the qm set command, for example:
but is there an equivalent command for containers?
I just tried creating a mountpoint in GUI for a container, then detaching it, then destroying it, and then manually creating an encrypted filesystem:
UPDATE: while writing this post, i figured it out.
If that encrypted filesystem exists, then i can attach it as a mountpoint simply by doing:
and it works. After shutting down the container it first needs to be unmounted with
Before starting the container simply loading the key suffices, no need to manually mount it again, it seems proxmox will do that automatically.
Sorry, this post started out as a question, but turned out to be a short guide instead.
Code:
qm set 102 -scsi0 /dev/zvol/zpool_800G/debian-root,discard=on,ssd=1,cache=directsync,iothread=1but is there an equivalent command for containers?
Code:
zfs create -o refquota=8G -o encryption=on -o keylocation=prompt -o keyformat=passphrase zpool_800G/subvol-112-disk-1UPDATE: while writing this post, i figured it out.
If that encrypted filesystem exists, then i can attach it as a mountpoint simply by doing:
Code:
pct set 112 -mp0 zpool_800G:subvol-112-disk-1,mp=/testand it works. After shutting down the container it first needs to be unmounted with
zfs unmount zpool_800G/subvol-112-disk-1, before i can unload the key.Before starting the container simply loading the key suffices, no need to manually mount it again, it seems proxmox will do that automatically.
Sorry, this post started out as a question, but turned out to be a short guide instead.
