This procedure describes how to verify that the VM is ready for root and swap drive encryption. Because issues during root drive encryption can hang the VM, it is critical to make sure everything is properly configured before you start.
| Important: | We strongly recommend that you use static IP addresses (or DHCP with a static assignment for this VM) when using Linux root encryption. |
If the VM uses a dynamic IP address and you cannot change it to use a static IP address, make sure the Reauthentication on IP Change property is set to No. To do so:
Enter the command hcl status. For example:
# hcl status Summary --------------------------------------------------- KeyControl: 10.238.32.74:443 KeyControl list: 10.238.32.74:443 Status: Connected Registered Devices --------------------------------------------------- Disk Name Clear Cipher Status --------------------------------------------------- Available Devices --------------------------------------------------- Disk Name Device Node Size (in MB) --------------------------------------------------- Other Devices --------------------------------------------------- Disk Name Device Node Status --------------------------------------------------- sda3 /dev/sda3 Mounted (swap) sda2 /dev/sda2 Mounted (/boot) sda1 /dev/sda1 Mounted (/)
You can see that the VM is registered with the KeyControl server (the Status shows Connected), there are the root (/) and swap devices that we want to encrypt and you can see that there is a separate boot disk. The root and swap disks are listed under Other Devices since they are in use.
What to Do Next
Encrypt the boot disk as described in Encrypting Linux Root and Swap Drives.