Feature #36885
closed
Add Clevis/Tang disk encryption template
Description
For disk encryption Clevis/Tang is often used. This commit introduces a Kickstart partition template taking care of disk encryption and a snippet responsible for binding the LUKS device via Clevis to a given Tang server.
The default partition template encrypts the disk with a passphrase which can be provided via `disk_enc_passphrase` host parameter. If no host parameter is provided, the default passphrase is 'linux'.
If, in addition, `disk_enc_tang_servers` host parameter is provided (can be one address as string or multiple addresses as array), the LUKS device will be bind to these Tang servers using Clevis. In this case, the passphrase will be removed.
This commit targets mainly all operating systems of the Red Hat family, however the snippet can also be used for Ubuntu operating system.
Updated by The Foreman Bot about 1 year ago
- Status changed from New to Ready For Testing
Updated by Jan Loeser 7 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|98d3bf5be6d4aaba36a889645211fb8897cc1b4c.
Updated by Richard Stempfl 6 months ago
- Related to Bug #37505: Template can not be rendered (clevis and tang). added
Updated by Ewoud Kohl van Wijngaarden 5 months ago
- Category set to Unattended installations
- Triaged changed from No to Yes