Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Appendix A. Understanding the luks_tang_inventory.yml file
A.1. Configuration parameters for disk encryption
- hc_nodes (required)
A list of hyperconverged hosts that uses the back-end FQDN of the host, and the configuration details of those hosts. Configuration that is specific to a host is defined under that host’s back-end FQDN. Configuration that is common to all hosts is defined in the vars: section.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - blacklist_mpath_devices (optional)
By default, Red Hat Virtualization Host enables multipath configuration, which provides unique multipath names and worldwide identifiers for all disks, even when disks do not have underlying multipath configuration. Include this section if you do not have multipath configuration so that the multipath device names are not used for listed devices. Disks that are not listed here are assumed to have multipath configuration available, and require the path format
/dev/mapper/<WWID>instead of/dev/sdxwhen defined in subsequent sections of the inventory file.On a server with four devices (sda, sdb, sdc and sdd), the following configuration blacklists only two devices. The path format /dev/mapper/<WWID> is expected for devices not in this list.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - gluster_infra_luks_devices (required)
A list of devices to encrypt and the encryption passphrase to use for each device.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - devicename
-
The name of the device in the format
/dev/sdx. - passphrase
- The password to use for this device when configuring encryption. After disk encryption with Network-Bound Disk Encryption (NBDE) is configured, a new random key is generated, providing greater security.
- rootpassphrase (required)
The password that you used when you selected Encrypt my data during operating system installation on this host.
hc_nodes: hosts: host1backend.example.com: rootpassphrase: h1-Str0ngPa55#hc_nodes: hosts: host1backend.example.com: rootpassphrase: h1-Str0ngPa55#Copy to Clipboard Copied! Toggle word wrap Toggle overflow - rootdevice (required)
The root device that was encrypted when you selected Encrypt my data during operating system installation on this host.
hc_nodes: hosts: host1backend.example.com: rootdevice: /dev/sda2hc_nodes: hosts: host1backend.example.com: rootdevice: /dev/sda2Copy to Clipboard Copied! Toggle word wrap Toggle overflow - networkinterface (required)
The network interface this host uses to reach the NBDE key server.
hc_nodes: hosts: host1backend.example.com: networkinterface: ens3s0f0hc_nodes: hosts: host1backend.example.com: networkinterface: ens3s0f0Copy to Clipboard Copied! Toggle word wrap Toggle overflow - ip_version (required)
Whether to use IPv4 or IPv6 networking. Valid values are
IPv4andIPv6. There is no default value. Mixed networks are not supported.hc_nodes: vars: ip_version: IPv4hc_nodes: vars: ip_version: IPv4Copy to Clipboard Copied! Toggle word wrap Toggle overflow - ip_config_method (required)
Whether to use DHCP or static networking. Valid values are
dhcpandstatic. There is no default value.hc_nodes: vars: ip_config_method: dhcphc_nodes: vars: ip_config_method: dhcpCopy to Clipboard Copied! Toggle word wrap Toggle overflow The other valid value for this option is
static, which requires the following additional parameters and is defined individually for each host:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - gluster_infra_tangservers
The address of your NBDE key server or servers, including
http://. If your servers use a port other than the default (80), specify a port by appending:_port_to the end of the URL.hc_nodes: vars: gluster_infra_tangservers: - url: http://key-server1.example.com - url: http://key-server2.example.com:80hc_nodes: vars: gluster_infra_tangservers: - url: http://key-server1.example.com - url: http://key-server2.example.com:80Copy to Clipboard Copied! Toggle word wrap Toggle overflow
A.2. Example luks_tang_inventory.yml
Dynamically allocated IP addresses
Static IP addresses
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}