Project

General

Profile

Feature #44911

support dmcrypt device that is already encrypted by user

Added by Satoru Takeuchi 8 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

I need to create OSDs on top of dmcrypt HDDs. Although ceph-volume provides
a way to encrypt by itself, it does not match my use-case. It's because I make
use of TPM to encrypt HDDs1 and ceph-volume doesn't support any options
to tweak the encryption method.

I consider it's better to allow the dmcrypt disks, that are encrypted by users,
instead of complicating ceph-volume to support many encryption methods
one by one.

[1]: https://github.com/cybozu-go/sabakan/blob/9093551170dfcffe9be47e95af3748a21b479be0/docs/disk_encryption.md#disk-encryption


Related issues

Related to ceph-volume - Bug #45443: ceph-volume: support mode-specific availability fields in inventory subcommand Fix Under Review

History

#1 Updated by Banji Inoue 8 months ago

Hi, how is this issue going?
I am related to this issue and this PR(https://github.com/ceph/ceph/pull/34375).

I would be happy if I could know the situation of this issue.

Thanks,

#2 Updated by Satoru Takeuchi 7 months ago

As a result of the discussion in the following PR, I found this issue should be closed
since raw mode OSD can be created in crypt type device.

https://github.com/ceph/ceph/pull/34375

So, please close this ticket.

We should still fix `ceph-volume inventory` to judge crypt device is regarded
as available. This problem is tracked by the following another issue.

https://tracker.ceph.com/issues/45443

#3 Updated by Jan Fajerski 3 months ago

  • Related to Bug #45443: ceph-volume: support mode-specific availability fields in inventory subcommand added

#4 Updated by Jan Fajerski about 1 month ago

  • Status changed from New to Resolved

Also available in: Atom PDF