Bug #58569
openAdd the ability to configure options for ceph-volume to pass to cryptsetup
0%
Description
In https://github.com/ceph/ceph/blob/main/src/ceph-volume/ceph_volume/util/encryption.py
cryptsetup is invoked with hardcoded options:
def luks_format(key, device): """ Decrypt (open) an encrypted device, previously prepared with cryptsetup :param key: dmcrypt secret key, will be used for decrypting :param device: Absolute path to device """ command = [ 'cryptsetup', '--batch-mode', # do not prompt '--key-size', get_key_size_from_conf(), '--key-file', # misnomer, should be key '-', # because we indicate stdin for the key here 'luksFormat', device, ] process.call(command, stdin=key, terminal_verbose=True, show_command=True)
This RFE asks for one or more new config options to permit passing additional arguments to `cryptsetup`.
To wit: this article https://blog.cloudflare.com/speeding-up-linux-disk-encryption/ describes modernization that
significantly improves the performance of `dmcrypt` volumes. The code was merged into the kernel 2.5 years ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/dm-crypt.c?id=39d42fa96ba1b7d2544db3f8ed5da8fb0d5cb877
It would seem that all one needs to do to realize this benefit is to invoke `cryptsetup` with `--perf-no_read_workqueue` and/or `--perf-no_write_workqueue`.
Today's ceph-volume code does not appear to offer a way to do this.
I can envision two ways that this might be done:
1) Specific options, eg.
- name: ceph_volume_luks_perf-no_read_workqueue type: bool level: advanced default: false desc: Disable LUKS read_workqueue fmt_desc: Improve performance by passing cryptsetup the -perf-no_read_workqueue flag via ceph-volume tags: - config services: - osd flags: - startup - name: ceph_volume_luks_perf-no_write_workqueue type: bool level: advanced default: false desc: Disable LUKS write_workqueue fmt_desc: Improve performance by passing cryptsetup the -perf-no_write_workqueue flag via ceph-volume tags: - config services: - osd flags: - startup
or
2) Free-form args like the former osd_mkfs_options_xfs, something like
- name: ceph_volume_cryptsetup_args type: str level: advanced desc: Optional args for ceph-volume to pass to cryptsetup fmt_desc: Optional args for ceph-volume to pass to cryptsetup, e.g. "-perf-no_write_workqueue,-perf-no_read_workqueue" tags: - config services: - osd flags: - startup
#1 has the advantage of specifically calling one's attention to this performance gain ; #2 has the advantage of being more general and thus accommodating other potential non-default args to cryptsetup as well.