Project

General

Profile

Bug #58569

Updated by Anthony D'Atri over 1 year ago

In https://github.com/ceph/ceph/blob/main/src/ceph-volume/ceph_volume/util/encryption.py  

 cryptsetup is invoked with hardcoded options: 

 <pre> 
 def >def luks_format(key, device): 
     
 >      """ 
     
 >      Decrypt (open) an encrypted device, previously prepared with cryptsetup 

     
 > 
 >      :param key: dmcrypt secret key, will be used for decrypting 
     
 >      :param device: Absolute path to device 
     
 >      """ 
     
 >      command = [ 
         
 >          'cryptsetup', 
         
 >          '--batch-mode', # do not prompt 
         
 >          '--key-size', 
         
 >          get_key_size_from_conf(), 
         
 >          '--key-file', # misnomer, should be key 
         
 >          '-',            # because we indicate stdin for the key here 
         
 >          'luksFormat', 
         
 >          device, 
     
 >      ] 
     
 >      process.call(command, stdin=key, terminal_verbose=True, show_command=True) 
 </pre> 

 This RFE asks for one or more new config options to permit passing additional arguments to `cryptsetup`. 

 To wit:    this article https://blog.cloudflare.com/speeding-up-linux-disk-encryption/ describes modernization that 
 significantly improves the performance of `dmcrypt` volumes.    The code was merged into the kernel 2.5 years ago: 
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/dm-crypt.c?id=39d42fa96ba1b7d2544db3f8ed5da8fb0d5cb877 

 It would seem that all one needs to do to realize this benefit is to invoke `cryptsetup` with `--perf-no_read_workqueue` and/or `--perf-no_write_workqueue`. 
 Today's ceph-volume code does not appear to offer a way to do this. 

 I can envision two ways that this might be done: 

 1) Specific options, eg. 

 ``` 
 <pre> 

 - name: ceph_volume_luks_perf-no_read_workqueue 
   type: bool 
   level: advanced 
   default: false 
   desc: Disable LUKS read_workqueue 
   fmt_desc: Improve performance by passing cryptsetup 
    the -perf-no_read_workqueue flag via ceph-volume 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 

 - name: ceph_volume_luks_perf-no_write_workqueue 
   type: bool 
   level: advanced 
   default: false 
   desc: Disable LUKS write_workqueue 
   fmt_desc: Improve performance by passing cryptsetup 
    the -perf-no_write_workqueue flag via ceph-volume 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 
 ``` 

 </pre> 
 or 

 2) Free-form args like the former osd_mkfs_options_xfs, something like 

 <pre> ``` 
 - name: ceph_volume_cryptsetup_args 
   type: str 
   level: advanced 
   desc: Optional args for ceph-volume to pass to cryptsetup 
   fmt_desc: Optional args for ceph-volume to pass to cryptsetup, e.g. 
    "-perf-no_write_workqueue,-perf-no_read_workqueue" 
   tags: 
   - config 
   services: 
   - osd 
   flags: 
   - startup 
 </pre> 


 ``` 

 #1 has the advantage of specifically calling one's attention to this performance gain ; #2 has the advantage of being more general and thus accommodating other potential non-default args to cryptsetup as well.

Back