On Tue, Jan 30, 2018 at 3:23 PM, Andre Goree <andre@xxxxxxxxxx> wrote: > On 2018/01/29 2:31 pm, Alfredo Deza wrote: > >>> So I'm wondering what my options are at this point. Perhaps rebuild this >>> OSD node, using ceph-volume and 'simple', but would not be able to use >>> encryption? >> >> >> Ungh, I forgot to mention that there is no encryption support. >> >> However, ceph-volume lvm gained encryption support last week >> (available in master), and we are working >> on encryption support for `simple` and we are almost there. >> >> These features will probably end up in Mimic, not in Luminous. If >> encryption is a must, I am not sure there is any other way than >> relying in ceph-disk. >> >> >>> >>> And I should probably be wary of any of the other current OSD nodes going >>> down bc they likely will experience the same issue? Given all this, >>> we'll >>> probably need to rebuild all the OSD nodes in the cluster to make sure >>> the >>> can be rebooted reliably? That's really unfortunate :( >> >> >> The process is convoluted at system startup mostly (I believe). The >> way I've seen that this might work is that users poke the activation >> manually >> until the OSD comes up. >> >> In short: there is no encryption support in Luminous for ceph-volume, >> encryption will be available in Mimic (for both `simple` and `lvm`). >> There is currently >> no other way to fully guarantee OSDs are up and running after a reboot. >> > > > I was going to ask about encryption support (again) for lvm, as I see it's > mentioned here in master/docs > (http://docs.ceph.com/ceph-ansible/master/osds/scenarios.html#lvm) and I > remembered you mentioned ceph-volume supported it...then I just re-read that > there is no encryption support in Luminous for ceph-volume and probably > won't make it into Luminous, but Mimic. > > Just again for my own clarity: the ONLY _currently_ supported/possible way > to use encryption with Ceph is via 'ceph-disk' -- with which one cannot > reboot an OSD host and have the OSDs come up reliably? > > I don't suppose you have a rough estimate on when Mimic might be around? A bit of a change of plans, which hopefully are good news for you: We are going to backport all the feature work for ceph-volume that was targeted for Mimic (in current master) back to Luminous. This means that 12.2.3 will have encryption support in LVM. We are currently trying to finish work for `simple` to have support for scanning non-lvm OSDs or devices with dmcrypt but unsure if that will make it in 12.2.3 > > I'm wondering how long it might be if I were to deploy a cluster with lvm > (so that in the meantime, if for whatever reason an OSD host must be > rebooted I can have confidence the OSDs will not be hopelessly unable to > start) and then simply rebuild each OSD node once Mimic is released so that > we can _reliably_ support encryption. Thanks for all your advice and > guidance. > > > > -- > Andre Goree > -=-=-=-=-=- > Email - andre at drenet.net > Website - http://blog.drenet.net > PGP key - http://www.drenet.net/pubkey.html > -=-=-=-=-=- _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |