Awesome -- I searched and all I could find was restricting access at the pool level
I will investigate the dm-crypt/RBD path also.
Thanks again!
On Thu, Aug 24, 2017 at 7:40 PM, Alex Gorbachev <ag@xxxxxxxxxxxxxxxxxxx> wrote:
On Mon, Aug 21, 2017 at 9:03 PM Daniel K <sathackr@xxxxxxxxx> wrote:Are there any client-side options to encrypt an RBD device?Using latest luminous RC, on Ubuntu 16.04 and a 4.10 kernelI assumed adding client site encryption would be as simple as using luks/dm-crypt/cryptsetup after adding the RBD device to /etc/ceph/rbdmap and enabling the rbdmap service -- but I failed to consider the order of things loading and it appears that the RBD gets mapped too late for dm-crypt to recognize it as valid.It just keeps telling me it's not a valid LUKS device.I know you can run the OSDs on an encrypted drive, but I was hoping for something client side since it's not exactly simple(as far as I can tell) to restrict client access to a single(or group) of RBDs within a shared pool.Daniel, we used info from here for single or multiple RBD mappings to clientAlso, I ran into the race condition with zfs, and would up putting zfs and rbdmap into rc.local. It should work for dm-crypt as well.Regards,Alex______________________________Any suggestions?_________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
----Alex GorbachevStorcium
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
