Added Partial Disk (Transparent) Encryption Support via Software Encryption (LUKS) (r9, dsr8MR3)

Added rest file for partner only updates
Added abbrev for LUKS
Added Note in the backup chapter

Change-Id: I2324655947a03b8cbe93bb4bbd130b05e9dd40a6
Signed-off-by: Juanita Balaraj <juanita.balaraj@windriver.com>
(cherry picked from commit 42e5038b57)
This commit is contained in:
Juanita Balaraj 2024-04-15 19:46:23 +00:00 committed by Juanita-Balaraj
parent 74aef8d25b
commit 447c3c9cbd
5 changed files with 48 additions and 0 deletions

View File

@ -0,0 +1,6 @@
.. begin-partial-disk-encrypt
.. end-partial-disk-encrypt

View File

@ -18,6 +18,10 @@ using DCManager CLI
<backup-a-subcloud-group-of-subclouds-using-dcmanager-cli-f12020a8fc42>` for
how to remotely backup a subcloud from the System Controller.
.. note::
Backup archives should be stored in a secured (offsite) location.
.. contents:: |minitoc|
:local:
:depth: 1
@ -198,6 +202,16 @@ Recommended Backup and Retention Policies
backups can be performed locally or remotely, and the archive must be stored
off the system.
- Backups are not allowed till the system is healthy (this excludes non-management
affecting alarms). However, a new parameter ``-e ignore_health=true`` can be
added in the ansible playbook to ignore system health and force the backup
to proceed.
.. warning::
Using the ``-e ignore_health=true`` option should be avoided unless
it is required. Restoring an unhealthy backup will result in system issues.
- All backups are done during off-peak hours (i.e. maintenance window).
- Weekly backups should be performed under normal steady state conditions to

View File

@ -162,6 +162,15 @@ Encrypt Kubernetes Secret Data at Rest
encrypt-kubernetes-secret-data-at-rest
****************************************************************************
Partial Disk (Transparent) Encryption Support via Software Encryption (LUKS)
****************************************************************************
.. toctree::
:maxdepth: 1
partial-disk-transparent-encryption-support-via-software-enc-27a570f3142c
*********************
Linux Auditing System
*********************

View File

@ -0,0 +1,18 @@
.. _partial-disk-transparent-encryption-support-via-software-enc-27a570f3142c:
============================================================================
Partial Disk (Transparent) Encryption Support via Software Encryption (LUKS)
============================================================================
.. rubric:: |context|
A new encrypted filesystem using Linux Unified Key Setup (LUKS) is created
automatically on all hosts to store security-sensitive files. This is mounted
at '/var/luks/stx/luks_fs' and the files kept in '/var/luks/stx/luks_fs/controller'
directory are replicated between the controllers.
.. only:: partner
.. include:: /_includes/partial-disk-encryption-support-37cf9e2651db.rest
:start-after: begin-partial-disk-encrypt
:end-before: end-partial-disk-encrypt

View File

@ -89,6 +89,7 @@
.. |LDPC| replace:: :abbr:`LDPC (Low-Density Parity Check)`
.. |LLDP| replace:: :abbr:`LLDP (Link Layer Discovery Protocol)`
.. |LSM| replace:: :abbr:`LSM (Linux Security Modules)`
.. |LUKS| replace:: :abbr:`LUKS (Linux Unified Key Setup)`
.. |LVG| replace:: :abbr:`LVG (Local Volume Groups)`
.. |MAC| replace:: :abbr:`MAC (Media Access Control)`
.. |MEC| replace:: :abbr:`MEC (Multi-access Edge Computing)`