What about creating snaps on a 'lower level' in the directory structure so you do not need to remove files from a snapshot as a work around? -----Original Message----- From: Lars Marowsky-Bree [mailto:lmb@xxxxxxxx] Sent: donderdag 11 juli 2019 10:21 To: ceph-users@xxxxxxxxxxxxxx Subject: Re: writable snapshots in cephfs? GDPR/DSGVO On 2019-07-10T09:59:08, Lars Täuber <taeuber@xxxxxxx> wrote: > Hi everbody! > > Is it possible to make snapshots in cephfs writable? > We need to remove files because of this General Data Protection Regulation also from snapshots. Removing data from existing WORM storage is tricky, snapshots being a specific form thereof. If you want to avoid copying and altering all existing records - which might clash with the requirement from other fields that data needs to be immutable, but I guess you could store checksums externally somewhere? -, this is difficult. I think what you'd need is an additional layer - say, one holding the decryption keys for the tenant/user (or whatever granularity you want to be able to remove data at) - that you can still modify. Once the keys have been successfully and permanently wiped, the old data is effectively permanently deleted (from all media; whether Ceph snaps or tape or other immutable storage). You may have a record that you *had* the data. Now, of course, you've got to manage keys, but that's significantly less data to massage. Not a lawyer, either. Good luck. Regards, Lars -- SUSE Linux GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg) "Architects should open possibilities and not determine everything." (Ueli Zbinden) _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |