Project

General

Profile

Actions

Feature #36885

closed

Add Clevis/Tang disk encryption template

Added by Jan Loeser about 1 year ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

For disk encryption Clevis/Tang is often used. This commit introduces a Kickstart partition template taking care of disk encryption and a snippet responsible for binding the LUKS device via Clevis to a given Tang server.

The default partition template encrypts the disk with a passphrase which can be provided via `disk_enc_passphrase` host parameter. If no host parameter is provided, the default passphrase is 'linux'.

If, in addition, `disk_enc_tang_servers` host parameter is provided (can be one address as string or multiple addresses as array), the LUKS device will be bind to these Tang servers using Clevis. In this case, the passphrase will be removed.

This commit targets mainly all operating systems of the Red Hat family, however the snippet can also be used for Ubuntu operating system.


Related issues 1 (1 open0 closed)

Related to Foreman - Bug #37505: Template can not be rendered (clevis and tang). Ready For TestingActions
Actions

Also available in: Atom PDF