How to verify the use of wire encryption?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am running a Ceph 16.2.9 cluster with wire encryption. From my ceph.conf:
_____
  ms client mode = secure
  ms cluster mode = secure
  ms mon client mode = secure
  ms mon cluster mode = secure
  ms mon service mode = secure
  ms service mode = secure
_____

My cluster is running both messenger v1 and messenger v2 listening on the default ports 6789 and 3300. Now I have Nautilus clients (krbd) mounting rados block devices from this cluster.
When looking at the current sessions (ceph daemon <monitor> sessions) for my rbd clients I see something like this:
_____
    {
        "name": "client.*****",
        "entity_name": "client.fe-*****",
        "addrs": {
            "addrvec": [
                {
                    "type": "v1",
                    "addr": "10.238.194.4:0",
                    "nonce": 2819469832
                }
            ]
        },
        "socket_addr": {
            "type": "v1",
            "addr": "10.238.194.4:0",
            "nonce": 2819469832
        },
        "con_type": "client",
        "con_features": 3387146417253690110,
        "con_features_hex": "2f018fb87aa4aafe",
        "con_features_release": "luminous",
        "open": true,
        "caps": {
            "text": "profile rbd"
        },
        "authenticated": true,
        "global_id": 256359885,
        "global_id_status": "reclaim_ok",
        "osd_epoch": 13120,
        "remote_host": ""
    },
_____

As I understand, "type": "v1" means messenger v1 is used and therefore no secure wire encryption, which comes with messenger v2. Is this understanding correct? How can I enable wire encrytion here? Nautilus should be able to use msgr2. In general, how can I verify a client is using wire encryption or not?

Thank you,
Martin

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux