On 6/2/23 16:33, Anthony D'Atri wrote:
Stefan, how do you have this implemented? Earlier this year I submitted https://tracker.ceph.com/issues/58569 <https://tracker.ceph.com/issues/58569> asking to enable just this.
Lol, I have never seen that tracker otherwise I would have informed you about it. I see the PR and tracker are updated by you / Joshua, thanks for that..
So yes, we have this implemented and running in production (currently re-provisioning all OSDs). It's a locally patched 16.2.11 ceph-volume for that matter. The PR [1] needs some fixing (I need to sit down and make it happen, just so many other things that take up my time). But then this would be enabled by default for flash devices (non-rotational). If used with cryptsetup 2.4.x also the appropriate sector size is used (based on the physical sector size). We use 4K on NVMe.
Added benefit of using cryptsetup 2.4.x is that is uses Argon2id as PBKDF for LUKS2.
We created a backport of cryptsetup 2.4.3 for use in Ubuntu Focal (based on Jammy) [2].
We are converting our whole cluster using LUKS2 with the work queues bypassed. For the nodes that have been converted already it works just fine. So, as multiple users seem to be waiting for this to be available in Ceph ... I should hurry up and make sure the PR gets in proper shape and merged in main.
Gr. Stefan [1]: https://github.com/ceph/ceph/pull/49554 [2]: https://obit.bit.nl/ubuntu/focal/cryptsetup/ _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
