Are there any client-side options to encrypt an RBD device?
Using latest luminous RC, on Ubuntu 16.04 and a 4.10 kernel
I assumed adding client site encryption would be as simple as using luks/dm-crypt/cryptsetup after adding the RBD device to /etc/ceph/rbdmap and enabling the rbdmap service -- but I failed to consider the order of things loading and it appears that the RBD gets mapped too late for dm-crypt to recognize it as valid.It just keeps telling me it's not a valid LUKS device.
I know you can run the OSDs on an encrypted drive, but I was hoping for something client side since it's not exactly simple(as far as I can tell) to restrict client access to a single(or group) of RBDs within a shared pool.
Any suggestions?
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
