On Thu, 31 Jan 2013, Marcus Sorensen wrote: > Yes, anyone could do this now by setting up the OSDs on top of > dm-crypted disks, correct? This would just automate the process, and > manage keys for us? That is the idea. sage > > On Tue, Jan 22, 2013 at 5:04 PM, Sage Weil <sage@xxxxxxxxxxx> wrote: > > On Tue, 22 Jan 2013, James Page wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA256 > >> > >> On 10/12/12 09:53, Gregory Farnum wrote: > >> [...] > >> >>>>> I love the idea of btrfs supporting encryption natively > >> >>>>> much like it does compression. It may be some time before > >> >>>>> that happens, so in the meantime, I'd love to see Ceph > >> >>>>> support dm-crypt and/or eCryptfs beneath. > >> >>> > >> >>> > >> >>> > >> >>> Has this discussion progressed into any sort of implementation > >> >>> yet? It sounds like this is going to be a key feature for users > >> >>> who want top-to-bottom encryption of data right down to the > >> >>> block level. > >> > > >> > Peter is working on this now ? I'll let him discuss the details. > >> > :) > >> > >> Hey Peter - any update on the on-disk encryption work for Ceph? > > > > This was put on hold for now. > > > > At this point we're mostly just envisioning a very simple key storage > > service via the ceph montiors (e.g., ceph key get <name>, ceph key put > > <name>), and hooks in the startup scripts (sysvinit and/or upstart) to > > configure dm-crypt. > > > > sage > > > > > >> > >> Cheers > >> > >> James > >> > >> - -- > >> James Page > >> Ubuntu Core Developer > >> Debian Maintainer > >> james.page@xxxxxxxxxx > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.12 (GNU/Linux) > >> Comment: Using GnuPG with undefined - http://www.enigmail.net/ > >> > >> iQIcBAEBCAAGBQJQ/wR4AAoJEL/srsug59jD4jAQAIByoFQ3rrbon/BsxqD+KUMZ > >> xlGbviVxGIiHtLyUIwaXPerrEqnpuQCKbg/ZBXH0F9NUCRw3SZN74YuOjNz8c0Tr > >> aAy1Wkx+lFCwt2FtiwC3pXx5++GO2qTbK7jsOeqJazxUN1J8EmoUv73jq3u+MmMo > >> NV5k4e04g7leap3o5f13ONyJmTZC48XDZWdpa2HoYO7h1Er04y2tqOVTHwAd4PS5 > >> 26NaT2Cz4c+GMnDoTu608WrUJPv+pbi/WWf3RotRqXC3YX9VIDu6UxEc/tZHA+VP > >> PcbfgtKGhzj7ooxdHsanhPtUtHv9o9Q2DZFbzvATDC0s3K5Rpav8C1vnC2ODq6fr > >> LXCiRmVcjXz8e9TIQvSeQZLpK7Sy+WN4PTFdGsQqiVtw+iakw9qSn3EermAsCNIj > >> EEeHlt6GcWgFF4oVxeZ5EDJHUobz/vyl+R0ZjJgNK3aYv0zDw4w249ARpvjmoIPS > >> FHYrukgSIHxv1CFSh4AxA4mgRseGM4B7H69+jdzp+3LNaCnHQBnT5cfsVrpoqCam > >> te5tytclC4gQ3xJh5L2lMH8D/ikSSZZjO+7cJ4ZEW5ebu7ChuonWMj0TQc2gPpUG > >> qqI0aV4QxRYaE5oRJlxoSlylKd6tWvHc/44TDqUPFWVnqLB1c8WEEZnDviTz5BCC > >> NYqJJb+2p+pzt2bK0p4r > >> =+Uvt > >> -----END PGP SIGNATURE----- > >> -- > >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > >> the body of a message to majordomo@xxxxxxxxxxxxxxx > >> More majordomo info at http://vger.kernel.org/majordomo-info.html > >> > >> > > -- > > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
