>> It's worth mentioning that the "new" way for new ceph-volume OSD >> deployments will also be using LVM, and (presumably?) allow layering >> dm-crypt on top of an LV--not just a PV or raw device. So this is more a >> question of what, clean slate, we want to do to deploy dm-crypt when the >> end result that we're after is an LV to feed to bluestore or filestore. >> I'm not sure how/where LUKS fits in in the LVM world... > > I think LUKS fits in LVM world quite well. > > Standard Fedora (and most other distors as well) install stacks LVM over LUKS > (so you activate only one encrypted device and then the partitioning is up to LVM. > Also LVM metadata are then encrypted.) > > You can of course stack LUKS over LV as well, but for example LV resize > will be two-step operation (well, fsadm can automate it but it is still two-steps). Would this be the only downside to LUKS on LVM? This approach is nice for ceph-volume because we need to be able to encrypt anything given to us, which is often times a LV. The LVM on LUKS approach also makes it more difficult to expand the underlying vgs and span lvs across many disks. If I'm understanding correctly. Thanks, Andrew -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
