Re: migrate ceph-disk to ceph-volume fails with dmcrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 24.01.19 um 22:34 schrieb Alfredo Deza:

I have both, plain and luks.
At the moment I played around with the plain dmcrypt OSDs and run into
this problem. I didn't test the luks crypted OSDs.

There is support in the JSON file to define the type of encryption with the key:

     encryption_type

If this is undefined it will default to 'plain'. So that tells me that
we may indeed have a problem here.

Ah yes. I set in my json this:
"encryption_type": "plain"

But as far as I see if this Key is missing plain is default. So this should be OK.


I'm not sure
what might be needed here, but I do recall having some trouble trying
to understand what ceph-disk was doing. That is
capture in this comment
https://github.com/ceph/ceph/blob/v12.2.10/src/ceph-volume/ceph_volume/devices/simple/activate.py#L150-L155
> Do you think that might be related?

The comment confusing me a bit.
As far as I read the code. The base64 encoded key is retrieved from the monitor decoded and then passed via stdin to the cryptsetup command. At first I thought this was all OK. But after some investigation what cryptsetup is doing I think there should be a passed the following option as well to cryptsetup.
--hash Plain

ceph-disk uses the local keyfile which is *not* base64 encoded.
The way ceph-disk passes the keyfile to cryptsetup, cryptsetup will not hash the key with some default algorithm.

		


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux