On 2019-07-10T09:59:08, Lars Täuber <taeuber@xxxxxxx> wrote:
> Hi everbody!
>
> Is it possible to make snapshots in cephfs writable?
> We need to remove files because of this General Data Protection Regulation also from snapshots.
Removing data from existing WORM storage is tricky, snapshots being a
specific form thereof. If you want to avoid copying and altering all
existing records - which might clash with the requirement from other
fields that data needs to be immutable, but I guess you could store
checksums externally somewhere? -, this is difficult.
I think what you'd need is an additional layer - say, one holding the
decryption keys for the tenant/user (or whatever granularity you want to
be able to remove data at) - that you can still modify.
Once the keys have been successfully and permanently wiped, the old data
is effectively permanently deleted (from all media; whether Ceph snaps
or tape or other immutable storage).
You may have a record that you *had* the data.
Now, of course, you've got to manage keys, but that's significantly less
data to massage.
Not a lawyer, either.
Good luck.
Regards,
Lars
--
SUSE Linux GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg)
"Architects should open possibilities and not determine everything." (Ueli Zbinden)
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
