Re: How to verify the use of wire encryption?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 19, 2022 at 1:21 PM Martin Traxl <martin.traxl@xxxxxxxx> wrote:
>
> Hi Ilya,
>
> On Thu, 2022-08-18 at 13:27 +0200, Ilya Dryomov wrote:
> > On Tue, Aug 16, 2022 at 12:44 PM Martin Traxl <martin.traxl@xxxxxxxx>
> > wrote:
>
> [...]
>
> > >
> > >
> >
> > Hi Martin,
> >
> > For obscure backwards compatibility reasons, the kernel client
> > defaults
> > to messenger v1.  You would need to specify "ms_mode=secure" option
> > when
> > mapping your block devices to enable messenger v2 secure mode [1].
>
> This helped, setting the "ms_mode=secure" option on the client side did
> the trick.
>
> Out of curiosity, do you know if I disable messenger v1 on the ceph
> cluster, would the kernel client without setting "ms_mode=secure" use
> messenger v2 or would I still have to set this option?

Hi Martin,

Yes, you would still need to set this option.

> Until now I was not able to disable msgr1 on my monitor nodes.
> Although in my ceph.conf I configured this
> -----
>   mon host = [v2:10.88.32.11],[v2:10.88.32.12],[v2:10.88.32.20]
>   ms bind msgr1 = false
> -----
> the monitor node still binds to the msgr1 default port 6789.

I don't think monitors respect "ms bind msgr1" or "ms bind msgr2".
By default their addresses come from the monmap, so as long as "ceph
mon dump" shows both v1 and v2 addresses, it would bind to both.

Thanks,

                Ilya
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux