On Tue, Dec 12, 2017 at 2:38 PM, Wyllys Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> wrote: > Its useful for legacy systems that installed with "plain" back when > that was the only option. Since there is no easy migration path for > re-keying an encrypted OSD to use a new encryption scheme, keeping > support for legacy "plain" is still very useful and desirable. Yes, for sure we are going to support that legacy option. But for *newly* created OSDs, I was looking forward to follow the preferred way with LUKS only. > > On Tue, Dec 12, 2017 at 2:27 PM, Alfredo Deza <adeza@xxxxxxxxxx> wrote: >> We have started looking into encryption support in ceph-volume, and >> one of the unclear paths is if we really want to support both "plain" >> and "LUKS". >> >> According to the cryptsetup docs [0] : >> >> (LUKS) is now the preferred way to set up disk encryption with >> dm-crypt using the cryptsetup utility >> >> >> ceph-disk supports both plain and LUKS, but moving forward, I was >> interested in understanding if anyone is really expecting the "plain" >> type to be a choice? >> >> The legacy support will mean that ceph-volume will have to deal with >> "plain", but moving forward it might be easier if we are supporting a >> single type of encryption with LUKS. >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
