Encrypted SIMP clients

[Samuel Vange]

Platform: SIMP 5.2.0-0 on RedHat

When I built my SIMP master, I was able to build it with encryption. I'd like my clients encrypted too. How can I spin up encrypted clients?

[Samuel Vange]

I see, it's also in the diskdetect script!

[Nick Markowski]

Hey again,

I'll be the first to admit I could be off-base here, but I'll take a stab at this.

Diskdetect greps /proc/cmdline for simp_disk_crypt or simp_crypt_disk.  During kickstart, the only way to pass kernel parameters (which are subsequently passed into /proc/cmdline) that I know of, is to modify the PXE options in tftpboot.

Could you try this:

  tftpboot::linux_model { 'some_profile':

    kernel => 'centos-7-x86_64/vmlinuz',

    initrd => 'centos-7-x86_64/initrd.img',

    ks     => "https://999.999.999.999/ks/pupclient_x86_64.cfg",

    extra  => "inst.noverifyssl ksdevice=bootif\nipappend 2 simp_disk_crypt",

  }

[Nick Markowski]

NOTE: You can try my other advice, or you can just force 'encrypt' in the diskdetect file if you're feeling extra-hacky after your other modifications ;)

[Samuel Vange]

Nick, 

Thanks for the reply, your advice pointed me in the right direction. I was indeed feeling extra hackey and modified things to work better in our environment (and forced encryption, at least for now).