Hi everyone,
I am doing a test lab in order to understand how Ceph (version 10.2.1) works with LUKS. Specifically, how the OSD dm-crypt key management is done. I have read [1] and I've found the same scheme so far. However, I have problem to Open the LUKS partition manually. Of course, before to test it, I have taken the OSD out of the cluster.
This is what I've done so far:
(1) Get the key for the OSD from one of the monitors:
$ root@osd2:~# ceph config-key get dm-crypt/osd/UUID/luks
This is the exact output:
$ root@osd2:~# ceph config-key get dm-crypt/osd/UUID/luks
obtained 'dm-crypt/osd/69bb64b9-2724-455b-a665-16d23db7ac2e/luks'
v5D5nh5yHbiwFZY2+Q7A/j8HNs0CpRGfqQxzfkNl5wbfBBKEp96RVpTFGV9HxRx9xSUlH0ZdccBD5ZRX61xb8dDRyao6mrV/AT1ySoCbOcorDZHwFGlzPsoSldP+YuWiw8dbAFCNKYJTw4OJ3Ez1IiKFZy8mPFa0u2EsIf0ZkSU=
I can understand that the actual key is:
v5D5nh5yHbiwFZY2+Q7A/j8HNs0CpRGfqQxzfkNl5wbfBBKEp96RVpTFGV9HxRx9xSUlH0ZdccBD5ZRX61xb8dDRyao6mrV/AT1ySoCbOcorDZHwFGlzPsoSldP+YuWiw8dbAFCNKYJTw4OJ3Ez1IiKFZy8mPFa0u2EsIf0ZkSU=
(2) Try to open the LUKS device.
root@osd2:~# cryptsetup luksOpen /dev/sdc1 UUID --key-file=keyfile
where keyfile contains the previous listed key (or passphrase).
When I execute the previous command, I get the following error: "No key available with this passphrase".
However, if I execute the following command I can get the partition open and mounted:
$ root@osd2:~# ceph-disk trigger /dev/sdc1
Just for curiosity, I've debugged ceph-disk with pdb and I've found that this execute the following on Upstart (I'm using Ubuntu 14.04).
initctl emit ceph-disk dev=/dev/sdc1 pid=$$
I don't understand what the previous command does.
What am I doing wrong?
Best regards,
Samuel Cantero.
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
