doc: documented encrypting /var/lib/libvirt on a VPS
This commit is contained in:
parent
43ac0f3ac2
commit
aebff70524
31
README.md
31
README.md
|
@ -66,3 +66,34 @@ as copy-pasting your public SSH key into the console doesn't work really.
|
|||
Make sure the SSH config allows this
|
||||
(and turn passwort root access off afterwards).
|
||||
|
||||
|
||||
## Encrypting /var/lib/libvirt partition
|
||||
|
||||
**Status: tested with Hetzner VPS, not deployed in production yet**
|
||||
|
||||
Messing with file systems and partitions
|
||||
should not be done by automation scripts,
|
||||
so I created the LUKS-encrypted /dev/sdb partition manually.
|
||||
|
||||
(So far, /dev/sdb was added via a Hetzner volume,
|
||||
but it can be any partition actually)
|
||||
|
||||
To create a partition in the VPS volume
|
||||
(which was formatted to ext4 originally),
|
||||
- I ran `fdisk /dev/sdb`,
|
||||
- entered `o` to create a DOS partition table,
|
||||
- added `n` to add a new primary partition, using all available space,
|
||||
- and `w` to save to disk and exit.
|
||||
|
||||
Then I ran `cryptsetup luksFormat /dev/sdb1`
|
||||
and entered the passphrase from `pass 0x90/ararat/sdb-crypt`
|
||||
to create a LUKS volume.
|
||||
|
||||
Now I could decrypt the new volume with
|
||||
`cryptsetup luksOpen /dev/sdb1 sdb_crypt`
|
||||
and entering the passphrase from `pass 0x90/ararat/sdb-crypt`.
|
||||
|
||||
Finally, I ran `mkfs.ext4`
|
||||
to create an ext4 file system
|
||||
in the encrypted partition.
|
||||
|
||||
|
|
Loading…
Reference in a new issue