Hello Stefan, On Fri, Jun 2, 2023 at 11:12 PM Stefan Kooman <stefan@xxxxxx> wrote: > On 6/2/23 16:33, Anthony D'Atri wrote: > > Stefan, how do you have this implemented? Earlier this year I submitted > > https://tracker.ceph.com/issues/58569 > > <https://tracker.ceph.com/issues/58569> asking to enable just this. > > Lol, I have never seen that tracker otherwise I would have informed you > about it. I see the PR and tracker are updated by you / Joshua, thanks > for that.. > > So yes, we have this implemented and running in production (currently > re-provisioning all OSDs). It's a locally patched 16.2.11 ceph-volume > for that matter. The PR [1] needs some fixing (I need to sit down and > make it happen, just so many other things that take up my time). But > then this would be enabled by default for flash devices > (non-rotational). If used with cryptsetup 2.4.x also the appropriate > sector size is used (based on the physical sector size). We use 4K on NVMe. > > Added benefit of using cryptsetup 2.4.x is that is uses Argon2id as > PBKDF for LUKS2. > > We created a backport of cryptsetup 2.4.3 for use in Ubuntu Focal (based > on Jammy) [2]. > > We are converting our whole cluster using LUKS2 with the work queues > bypassed. For the nodes that have been converted already it works just > fine. So, as multiple users seem to be waiting for this to be available > in Ceph ... I should hurry up and make sure the PR gets in proper shape > and merged in main. > Thanks for the report. However, I would like to take back a part of my previous response, where I informed you about the "xtsproxy" kernel module. Please don't try to use it. Reason: I recently filed a bug for its inclusion into the Zen kernel, available for Arch Linux users, and the result is that the resulting system stopped booting for some users. So a proper backport is required, even though the Cloudflare patch applies as-is. https://github.com/zen-kernel/zen-kernel/issues/306 https://github.com/zen-kernel/zen-kernel/issues/310 -- Alexander E. Patrakov _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |