Project

General

Profile

Bug #58569

Add the ability to configure options for ceph-volume to pass to cryptsetup

Added by Anthony D'Atri about 1 year ago. Updated about 1 month ago.

Status:
Fix Under Review
Priority:
Normal
Target version:
% Done:

0%

Source:
Tags:
low-hanging-fruit
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

In https://github.com/ceph/ceph/blob/main/src/ceph-volume/ceph_volume/util/encryption.py

cryptsetup is invoked with hardcoded options:

def luks_format(key, device):
    """ 
    Decrypt (open) an encrypted device, previously prepared with cryptsetup

    :param key: dmcrypt secret key, will be used for decrypting
    :param device: Absolute path to device
    """ 
    command = [
        'cryptsetup',
        '--batch-mode', # do not prompt
        '--key-size',
        get_key_size_from_conf(),
        '--key-file', # misnomer, should be key
        '-',          # because we indicate stdin for the key here
        'luksFormat',
        device,
    ]
    process.call(command, stdin=key, terminal_verbose=True, show_command=True)

This RFE asks for one or more new config options to permit passing additional arguments to `cryptsetup`.

To wit: this article https://blog.cloudflare.com/speeding-up-linux-disk-encryption/ describes modernization that
significantly improves the performance of `dmcrypt` volumes. The code was merged into the kernel 2.5 years ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/dm-crypt.c?id=39d42fa96ba1b7d2544db3f8ed5da8fb0d5cb877

It would seem that all one needs to do to realize this benefit is to invoke `cryptsetup` with `--perf-no_read_workqueue` and/or `--perf-no_write_workqueue`.
Today's ceph-volume code does not appear to offer a way to do this.

I can envision two ways that this might be done:

1) Specific options, eg.


- name: ceph_volume_luks_perf-no_read_workqueue
  type: bool
  level: advanced
  default: false
  desc: Disable LUKS read_workqueue
  fmt_desc: Improve performance by passing cryptsetup
   the -perf-no_read_workqueue flag via ceph-volume
  tags:
  - config
  services:
  - osd
  flags:
  - startup

- name: ceph_volume_luks_perf-no_write_workqueue
  type: bool
  level: advanced
  default: false
  desc: Disable LUKS write_workqueue
  fmt_desc: Improve performance by passing cryptsetup
   the -perf-no_write_workqueue flag via ceph-volume
  tags:
  - config
  services:
  - osd
  flags:
  - startup


or

2) Free-form args like the former osd_mkfs_options_xfs, something like

- name: ceph_volume_cryptsetup_args
  type: str
  level: advanced
  desc: Optional args for ceph-volume to pass to cryptsetup
  fmt_desc: Optional args for ceph-volume to pass to cryptsetup, e.g.
   "-perf-no_write_workqueue,-perf-no_read_workqueue" 
  tags:
  - config
  services:
  - osd
  flags:
  - startup

#1 has the advantage of specifically calling one's attention to this performance gain ; #2 has the advantage of being more general and thus accommodating other potential non-default args to cryptsetup as well.

History

#1 Updated by Guillaume Abrioux about 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Guillaume Abrioux

#2 Updated by Anthony D'Atri about 1 year ago

  • Description updated (diff)

#3 Updated by Anthony D'Atri about 1 year ago

  • Description updated (diff)

#4 Updated by Anthony D'Atri about 1 year ago

  • Description updated (diff)

#5 Updated by Anthony D'Atri about 1 year ago

  • Description updated (diff)

#6 Updated by Joshua Baergen 9 months ago

https://github.com/ceph/ceph/pull/49554 is a possible implementation of what is being asked here

#7 Updated by Anthony D'Atri 9 months ago

Nice. Thanks.

#8 Updated by Konstantin Shalygin 3 months ago

  • Tracker changed from Feature to Bug
  • Status changed from In Progress to Fix Under Review
  • Target version set to v19.0.0
  • Regression set to No
  • Severity set to 3 - minor
  • Pull request ID set to 49554

#9 Updated by Stefan Kooman about 1 month ago

The Pull Request has been changed to: https://github.com/ceph/ceph/pull/54423
Backport tracker is here: https://tracker.ceph.com/issues/64197

Also available in: Atom PDF