Deploying node with full disk encryption (MAAS/Curtin)


#1

After reading Curtin docs it seemed possible to roll out system with full disk encryption via MAAS. Curtin supports that through dm-crypt.
I have been trying to achieve that in past few days, but all in vain ;-(. Any help, nudge to right direction would be appreciated.

PS running MAAS version: 2.4.2 (7034-g2f5deb8b8-0ubuntu1) and Curtin version: 18.1-17-gae48e86f-0ubuntu1~18.04.1. Deploy node is Ubuntu 18.04.


#2

MAAS doesn’t natively support disk encryption, but since curtin does, you would have to replace the storage stanza MAAS sends to curtin and provide your own that includes disk encryption.

That said, this will obviously cause that:

  • whatever storage layout in MAAS, wont be the actual on the machine
  • the deployment may still fail.

Preseeds are in /etc/maas/preseeds/.

Hope this helps.


#3

thank you for you reply. could you please also direct me to the part of the documentation where it described what all the curtin hooks are that can be used and what they do.
On the main docs page story is very summarized : https://curtin.readthedocs.io/en/stable/topics/curthooks.html
And i would really love to learn more about Command Environment (https://curtin.readthedocs.io/en/stable/topics/overview.html#command-environment). Unfortunately on the docs page there are only few examples but not how full list of commands that can be used.