Hi there,
I’ve started encrypting all of my company’s data here with native ZFS encryption. I’m using passphrase as a keyformat. I’m also running LXD 3.0.3 with ZFS 0.8.5 on Ubuntu 18.
The next step is to start encrypting all the datasets with our virtual machines. I have 2 things in mind here:
-
How can I create a container via LXC on a ZFS-encrypted dataset? Would encrypting the parent (e.g
tank/containers
) be enough so thattank1/containers/my-machine
be encrypted? -
Does anyone have a good method for turning existing containers into encrypted ones? The best I could come up with was rsync the rootfs of the container to another, encrypted dataset, unmount the original one, and mount the encrypted one to the LXD container path.
Maybe some functionality has been added in newer versions? I couldn’t find anything in the documentation…
Thanks in advance!