I had some issues with the iscsi software starting to early, maybe this can give you some ideas. systemctl show target.service -p After mkdir /etc/systemd/system/target.service.d cat << 'EOF' > /etc/systemd/system/target.service.d/10-waitforrbd.conf [Unit] After=systemd-journald.socket sys-kernel-config.mount system.slice basic.target network.target local-fs.target rbdmap.service EOF -----Original Message----- From: Daniel K [mailto:sathackr@xxxxxxxxx] Sent: dinsdag 22 augustus 2017 3:03 To: ceph-users@xxxxxxxxxxxxxx Subject: RBD encryption options? Are there any client-side options to encrypt an RBD device? Using latest luminous RC, on Ubuntu 16.04 and a 4.10 kernel I assumed adding client site encryption would be as simple as using luks/dm-crypt/cryptsetup after adding the RBD device to /etc/ceph/rbdmap and enabling the rbdmap service -- but I failed to consider the order of things loading and it appears that the RBD gets mapped too late for dm-crypt to recognize it as valid.It just keeps telling me it's not a valid LUKS device. I know you can run the OSDs on an encrypted drive, but I was hoping for something client side since it's not exactly simple(as far as I can tell) to restrict client access to a single(or group) of RBDs within a shared pool. Any suggestions? _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |