To be able to access it, you need to provide the created kernel keyring. ![]() ![]() Sample Output: Step 4 – Unlocking an encrypted Stratis pool with kernel keyringĪfter a system reboot, you will not be able to access the pool: # stratis pool list To get a detailed view, use the command below: lsblk Verify the creation using the command: # stratis fs list This can be done using a command with the below syntax: # stratis fs create įor example: stratis filesystem create pool1 filesystem1 Once the pool has been created, you need to create a filesystem on it to be able to write data on the pool. We have a pool with the name pool1, with a 30 GB capacity. Once created, verify using the command: # stratis pool list In the above command, replace key-description with the created key description and pool_name with the desired name for the pool.įor example: stratis pool create -key-desc pool1key pool1 /dev/sdb /dev/sdc /dev/sdd Verify this with the command: # stratis key listĬreate an encrypted pool using the command with the below syntax: stratis pool create -key-desc block-device1 block-device2 block-device-n This will be used to access the pool after subsequent reboots. You should now have the kernel keyring created. # stratis key set -capture-key pool1keyĮnter key data followed by the return key: Enter Key and press Enter For example: wipefs -all /dev/sdb /dev/sdc /dev/sddĪfter cleaning the disk(s), proceed and obtain the key set to use for the encryption. Replace block-device1 and block-device2 with the block device names. In this guide, we have 3 secondary disks attached to the system.īegin by wiping away any partition tables, filesystems, or any RAID signatures on the device sudo wipefs -all block-device1 block-device2 Jul 07 13:10:27 stratisd: Using StratEngine Step 2 – Creating an encrypted Stratis poolĪ Stratis pool can be created using one or multiple block devices. Jul 07 13:10:27 stratisd: stratis daemon version 2.4.2 st> Jul 07 13:10:27 systemd: Starting Stratis daemon. ![]() └─2501 /usr/libexec/stratisd -log-level debug Loaded: loaded (/usr/lib/systemd/system/rvice enabled vendor preset: enabled)Īctive: active (running) since Thu 13:10:27 EDT 6s ago Once installed, start the Stratis service using the command: systemctl enable -now stratisdĬheck if the service is running: # systemctl status stratisd Stratis resides in the default RHEL/CentOS/Rocky Linux/Alma Linux repositories and can be installed using the command: sudo su. I have 3 disks each of 10GB attached to my system which will be used to create the encrypted Stratis pool. Identify the block devices using the command: $ lsblk In this guide, we will use several disks attached to the system. Block devices that are not in use/mounted.This guide provides you with the required knowledge on how to use encrypted Stratis pool with Network Bound Disk Encryption (NBDE). After a system reboot, you are required to provide the created kernel keyring to access the pool. When this type of pool is created, the kernel keyring is used as the primary encryption mechanism. Encrypted pools are created on Stratis to improve security. Stratis allows one to create either encrypted or unencrypted pools. There are many features associated with Stratis pool, these include: In other words, they do not have a fixed total size, and their size grows as data is saved to them. Normally, the filesystems are thinly provisioned. Filesystem: A pool can contain one or more file systems that are formatted to XFS and used to store files. ![]() blockdev: these are the block devices on Stratis.It is made up of one or more block devices and its total size is the sum of the block devices’ size. Pool: this is the chief component of Stratis.Stratis is a local storage management service that enables one to manage pools from physical storage devices easily. Our previous guide taught us how to configure Stratis Storage on Rocky Linux 8 | AlmaLinux 8. Welcome to this guide on how to use the encrypted Stratis pool with Network Bound Disk Encryption (NBDE).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |