On 12/12/2017 09:47 PM, Sage Weil wrote: > On Tue, 12 Dec 2017, Alfredo Deza wrote: >> On Tue, Dec 12, 2017 at 2:38 PM, Wyllys Ingersoll >> <wyllys.ingersoll@xxxxxxxxxxxxxx> wrote: >>> Its useful for legacy systems that installed with "plain" back when >>> that was the only option. Since there is no easy migration path for >>> re-keying an encrypted OSD to use a new encryption scheme, keeping >>> support for legacy "plain" is still very useful and desirable. >> >> Yes, for sure we are going to support that legacy option. But for >> *newly* created OSDs, I was looking forward to follow >> the preferred way with LUKS only. > > It's worth mentioning that the "new" way for new ceph-volume OSD > deployments will also be using LVM, and (presumably?) allow layering > dm-crypt on top of an LV--not just a PV or raw device. So this is more a > question of what, clean slate, we want to do to deploy dm-crypt when the > end result that we're after is an LV to feed to bluestore or filestore. > I'm not sure how/where LUKS fits in in the LVM world... I think LUKS fits in LVM world quite well. Standard Fedora (and most other distors as well) install stacks LVM over LUKS (so you activate only one encrypted device and then the partitioning is up to LVM. Also LVM metadata are then encrypted.) You can of course stack LUKS over LV as well, but for example LV resize will be two-step operation (well, fsadm can automate it but it is still two-steps). Milan -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
