How to Create Encrypted Resources? (User Guide Incomplete)

forbin · June 12, 2025, 1:20am

I read the Linstor and DRBD user guides, and did the following, but the guides do not explain what to do next.

linstor encryption create-passphrase
linstor enter passphrase
linstor resource-group create --storage-pool sp0 --place-count 2 -l LUKS,STORAGE rg0
linstor resource-group set-property rg0 PeerSlotsNewResource 3
linstor resource-group drbd-options rg0 --auto-promote=no
linstor rg spawn-resources rg0 site622 500G

All that worked, and it leaves me with a resource that is in state “created” on both nodes. I’m used to seeing “UpToDate” and “Syncing”.

What’s the next step to bring the encrypted resource up so I can put a filesystem on it?

Devin · June 13, 2025, 5:07pm

The layer-list you used here doesn’t include replication (DRBD).
linstor resource-group create --storage-pool sp0 --place-count 2 -l LUKS,STORAGE rg0
You’ve created just simple LVM volumes with LUKS encryption. Please note the user’s guide here where it mentions adding a DRBD layer.

Basic steps to use encryption:

Create a master passphrase

Add luks to the layer-list. Note that all plugins (e.g., Proxmox) require a DRBD layer as the top most layer if they do not explicitly state otherwise.

Don’t forget to re-enter the master passphrase after a controller restart.

Try adding DRBD to your layer list.
linstor resource-group create --storage-pool sp0 --place-count 2 -l DRBD,LUKS,STORAGE rg0

forbin · June 23, 2025, 6:47pm

Hi Devin,

Apologies for the late reply. I had to travel on short notice and was gone for a week. Yes, you are correct. I was following the example commands and did not realize I needed to add the string “DRBD” to the layer list (although that makes perfect sense). I added it and the DRBD disk was created and is now doing its initial sync. Sync speed is still much lower than I am used to seeing, only 95MB as opposed to 300+ MB usually. But that’s another issue.

kreeuwijk · July 15, 2025, 10:23am

How can I achieve the above with Piraeus? Is there a way to set the layer list on the LinstorCluster or the StorageClass resources to enable encryption on the cluster?

kreeuwijk · July 15, 2025, 10:58am

Ah it’s the layerList parameter on the StorageClass:

parameters:
  placementCount: "2"
  storagePool: "lvm-thin"
  resourceGroup: "lvm"
  layerList: "drbd luks storage"

Topic		Replies	Views
Cannot create new VM - fresh install LINSTOR drbd , linstor	3	128	November 13, 2024
Differences in DRBD resources LINSTOR drbd , linstor	6	211	February 16, 2025
Linstor Generated Files LINSTOR drbd , linstor	0	44	February 4, 2025
Working linstor/drbd proxmox cluster fails to create new volumes LINSTOR drbd	1	171	November 29, 2024
Trying to secure the drbd-network of proxmox cluster Proxmox VE drbd , linstor , proxmox	0	33	March 21, 2025

How to Create Encrypted Resources? (User Guide Incomplete)

Related topics