And many hypervisors will turn writing zeroes into an unmap/trim (qemu detect-zeroes=unmap), so running trim on the entire empty disk is often the same as writing zeroes. So +1 for encryption being the proper way here Paul -- Paul Emmerich Looking for help with your Ceph cluster? Contact us at https://croit.io croit GmbH Freseniusstr. 31h 81247 München www.croit.io Tel: +49 89 1896585 90 On Tue, May 12, 2020 at 1:52 PM Jason Dillaman <jdillama@xxxxxxxxxx> wrote: > I would also like to add that the OSDs can (and will) use redirect on write > techniques (not to mention the physical device hardware as well). > Therefore, your zeroing of the device might just cause the OSDs to allocate > new extents of zeros while the old extents remain intact (albeit > unreferenced and available for future writes). The correct solution would > be to layer LUKS/dm-crypt on top of the RBD device if you need a strong > security guarantee about a specific image, or use encrypted OSDs if the > concern is about the loss of the OSD physical device. > > On Tue, May 12, 2020 at 6:58 AM Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> > wrote: > > > > > dd if=/dev/zero of=rbd ???? :) but if you have encrypted osd's, what > > would be the use of this? > > > > > > > > -----Original Message----- > > From: huxiaoyu@xxxxxxxxxxxx [mailto:huxiaoyu@xxxxxxxxxxxx] > > Sent: 12 May 2020 12:55 > > To: ceph-users > > Subject: Zeroing out rbd image or volume > > > > Hi, Ceph folks, > > > > Is there a rbd command, or any other way, to zero out rbd images or > > volume? I would like to write all zero data to an rbd image/volume > > before remove it. > > > > Any comments would be appreciated. > > > > best regards, > > > > samuel > > Horebdata AG > > Switzerland > > > > > > > > > > huxiaoyu@xxxxxxxxxxxx > > _______________________________________________ > > ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an > > email to ceph-users-leave@xxxxxxx > > > > _______________________________________________ > > ceph-users mailing list -- ceph-users@xxxxxxx > > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > > > > -- > Jason > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |