Re: OSD with dm-crypt?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 27-02-2024 05:45, Michael Worsham wrote:
I was setting up the Ceph cluster via this URL ( and didn't know if there was a way to do it via the "ceph orch daemon add osd ceph-osd-01:/dev/sdb" command or not?

Is it possible to set the OSD to encryption after the fact or does that involve some other process?

You can't enable encryption after the OSDs have been created. So you would need to reprovision each OSD. I think Using a spec file with the option "encrypted: true" in there is the easiest way of doing this [1].

So the procedure would be:
- destroy all of your OSDs if you do not have stored any data in it. Otherwise do this one OSD (or failure domain) at a time. - use ceph-volume zap command to clean the OSDs, i.e.: cephadm shell -- ceph-volume lvm zap /path/to/device --destroy - check with cephadm shell -- ceph orch device ls --wide --refresh if all the drives you want to use are available - Test your spec file in a dry-run to see if cephadm would do what you expect: cephadm shell --mount /path/to/your/specfile/directory -- ceph orch apply osd -i /mnt/specfile-directory/example.spec --dry-run

If this gives the outcome you want, you can omit the --dry-run part and let cephadm provision the OSDs for you.

Note that to prevent cephadm by redeploying the "newly" discovered available drives you best make sure (and remove) the current OSD specfiles if present. And or pause cephadm.

Gr. Stefan

ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux