Fixes #36885 - Add Clevis/Tang disk encryption template
For disk encryption Clevis/Tang is often used. This commit introduces partition templates for Kickstart and Autoinstall taking care of disk encryption and a snippet responsible for binding the LUKS device via Clevis to a given Tang server.
The default partition template encrypts the disk with a passphrase which can be provided via `disk_enc_passphrase` host parameter. If no host parameter is provided, the default passphrase is 'linux'.
If, in addition, `disk_enc_tang_servers` host parameter is provided (can be one address as string or multiple addresses as array), the LUKS device will be bind to these Tang servers using Clevis. In this case, the passphrase will be removed.
This commit targets the Red Hat family and Ubuntu operating system.
Related issues
Feature #36885: Add Clevis/Tang disk encryption template
Added by Jan Loeser about 1 month ago
Fixes #36885 - Add Clevis/Tang disk encryption template
For disk encryption Clevis/Tang is often used. This commit introduces
partition templates for Kickstart and Autoinstall taking care of disk
encryption and a snippet responsible for binding the LUKS device via
Clevis to a given Tang server.
The default partition template encrypts the disk with a passphrase which
can be provided via `disk_enc_passphrase` host parameter. If no host
parameter is provided, the default passphrase is 'linux'.
If, in addition, `disk_enc_tang_servers` host parameter is provided
(can be one address as string or multiple addresses as array), the LUKS
device will be bind to these Tang servers using Clevis. In this case,
the passphrase will be removed.
This commit targets the Red Hat family and Ubuntu operating system.