Project

General

Profile

Bug #58569

Updated by Anthony D'Atri over 1 year ago

In https://github.com/ceph/ceph/blob/main/src/ceph-volume/ceph_volume/util/encryption.py  

 cryptsetup is invoked with hardcoded options: 

 ``` 
 def ```def luks_format(key, device): 
     """ 
     Decrypt (open) an encrypted device, previously prepared with cryptsetup 

     :param key: dmcrypt secret key, will be used for decrypting 
     :param device: Absolute path to device 
     """ 
     command = [ 
         'cryptsetup', 
         '--batch-mode', # do not prompt 
         '--key-size', 
         get_key_size_from_conf(), 
         '--key-file', # misnomer, should be key 
         '-',            # because we indicate stdin for the key here 
         'luksFormat', 
         device, 
     ] 
     process.call(command, stdin=key, terminal_verbose=True, show_command=True) 
 ``` show_command=True)``` 

 This RFE asks for one or more new config options to permit passing additional arguments to `cryptsetup`. 

 To wit:    this article https://blog.cloudflare.com/speeding-up-linux-disk-encryption/ describes modernization that 
 significantly improves the performance of `dmcrypt` volumes.    The code was merged into the kernel 2.5 years ago: 
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/dm-crypt.c?id=39d42fa96ba1b7d2544db3f8ed5da8fb0d5cb877 

 It would seem that all one needs to do to realize this benefit is to invoke `cryptsetup` with `--perf-no_read_workqueue` and/or `--perf-no_write_workqueue`. 
 Today's ceph-volume code does not appear to offer a way to do this. 

 I can envision two ways that this might be done: 

 1) Specific options, eg. 

 ``` 
 - name: ceph_volume_luks_perf-no_read_workqueue 
   type: bool 
   level: advanced 
   default: false 
   desc: Disable LUKS read_workqueue 
   fmt_desc: Improve performance by passing cryptsetup 
    the -perf-no_read_workqueue flag via ceph-volume 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 

 - name: ceph_volume_luks_perf-no_write_workqueue 
   type: bool 
   level: advanced 
   default: false 
   desc: Disable LUKS write_workqueue 
   fmt_desc: Improve performance by passing cryptsetup 
    the -perf-no_write_workqueue flag via ceph-volume 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 
 ``` 

 or 

 2) Free-form args like the former osd_mkfs_options_xfs, something like 

 ``` 
 - name: ceph_volume_cryptsetup_args 
   type: str 
   level: advanced 
   desc: Optional args for ceph-volume to pass to cryptsetup 
   fmt_desc: Optional args for ceph-volume to pass to cryptsetup, e.g. 
    "-perf-no_write_workqueue,-perf-no_read_workqueue" 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 
 ``` 

 #1 has the advantage of specifically calling one's attention to this performance gain ; #2 has the advantage of being more general and thus accommodating other potential non-default args to cryptsetup as well.

Back