Am 24.01.19 um 22:34 schrieb Alfredo Deza:
I have both, plain and luks.
At the moment I played around with the plain dmcrypt OSDs and run into
this problem. I didn't test the luks crypted OSDs.
There is support in the JSON file to define the type of encryption with the key:
encryption_type
If this is undefined it will default to 'plain'. So that tells me that
we may indeed have a problem here.
Ah yes. I set in my json this:
"encryption_type": "plain"
But as far as I see if this Key is missing plain is default. So this
should be OK.
I'm not sure
what might be needed here, but I do recall having some trouble trying
to understand what ceph-disk was doing. That is
capture in this comment
https://github.com/ceph/ceph/blob/v12.2.10/src/ceph-volume/ceph_volume/devices/simple/activate.py#L150-L155
> Do you think that might be related?
The comment confusing me a bit.
As far as I read the code. The base64 encoded key is retrieved from the
monitor decoded and then passed via stdin to the cryptsetup command. At
first I thought this was all OK. But after some investigation what
cryptsetup is doing I think there should be a passed the following
option as well to cryptsetup.
--hash Plain
ceph-disk uses the local keyfile which is *not* base64 encoded.
The way ceph-disk passes the keyfile to cryptsetup, cryptsetup will not
hash the key with some default algorithm.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com