Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc(XCP-ng): Add guide for encrypting VMs and SRs #325

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

doc(XCP-ng): Add guide for encrypting VMs and SRs #325

wants to merge 1 commit into from

Conversation

thomas-dkmt
Copy link
Collaborator

@thomas-dkmt thomas-dkmt commented Feb 26, 2025
edited
Loading

Add a guide in the XCP-ng documentation, at the Virtual Machines (VMs) page, on encrypting VMs and shared storage in XCP-ng.

This answers a user request on the forum.

@thomas-dkmt thomas-dkmt requested a review from bleader February 26, 2025 08:08
stormi
stormi reviewed Feb 26, 2025
View reviewed changes
docs/vms/vms.md Outdated

:::warning

- The methods described below are suggestions. They are not officially supported by Xen Orchestra.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Xen Orchestra? Do you mean XCP-ng?

stormi
stormi reviewed Feb 26, 2025
View reviewed changes
docs/vms/vms.md Outdated
:::warning

- The methods described below are suggestions. They are not officially supported by Xen Orchestra.
- These approaches apply only to VMs and do not cover encryption for [dom0](../guides/dom0-memory.md).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good to provide a link to explain what dom0 is, but the guide about dom0 memory doesn't seem appropriate to me.

You should improve the glossary, instead: https://docs.xcp-ng.org/appendix/glossary/

bleader
bleader reviewed Feb 26, 2025
View reviewed changes
docs/vms/vms.md Outdated

This guide outlines two common approaches: encrypting data within the VM and using encrypted shared storage repositories (SRs).

:::warning
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is good that you added this warning, but we were envisionning this more in the guides folder as it is indeed suggestions more than an official documentation.

docs/vms/vms.md Outdated
- **eCryptfs:** Encrypt specific directories (e.g., home directories).

##### Example: Setting up LUKS encryption in Debian

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add a section about full disk encryption in the installer, debian has an option to do so, not sure we should cover the whole process but we could say that this is the easiest way. Your guide below is good to encrypt additionnal volume, but not the installation filesystem as this needs to be done at installation time, you can't encrypt a disk after that, as the encryption process will fill the disk with "random".

@stormi
Copy link
Member

stormi commented Mar 3, 2025

Don't forget to remove (WIP) if you think it's ready for a merge

stormi
stormi approved these changes Mar 3, 2025
View reviewed changes
@thomas-dkmt thomas-dkmt changed the title (WIP) doc(XCP-ng): Add guide for encrypting VMs and SRs doc(XCP-ng): Add guide for encrypting VMs and SRs Mar 3, 2025
@thomas-dkmt
doc(XCP-ng): Add guide for encrypting VMs and SRs
c3dc001 
Add a guide to the VM page on encrypting VMs and shared storage in XCP-ng

Signed-off-by: Thomas Moraine <thomas.moraine@vates.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stormi stormi stormi approved these changes

@bleader bleader Awaiting requested review from bleader

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thomas-dkmt @stormi @bleader