And many hypervisors will turn writing zeroes into an unmap/trim (qemu detect-zeroes=unmap), so running trim on the entire empty disk is often the same as writing zeroes. So +1 for encryption being the proper way here
Paul -- Paul Emmerich Looking for help with your Ceph cluster? Contact us at https://croit.io croit GmbH Freseniusstr. 31h 81247 München www.croit.io Tel: +49 89 1896585 90 On Tue, May 12, 2020 at 1:52 PM Jason Dillaman <[email protected]> wrote: > I would also like to add that the OSDs can (and will) use redirect on write > techniques (not to mention the physical device hardware as well). > Therefore, your zeroing of the device might just cause the OSDs to allocate > new extents of zeros while the old extents remain intact (albeit > unreferenced and available for future writes). The correct solution would > be to layer LUKS/dm-crypt on top of the RBD device if you need a strong > security guarantee about a specific image, or use encrypted OSDs if the > concern is about the loss of the OSD physical device. > > On Tue, May 12, 2020 at 6:58 AM Marc Roos <[email protected]> > wrote: > > > > > dd if=/dev/zero of=rbd ???? :) but if you have encrypted osd's, what > > would be the use of this? > > > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: 12 May 2020 12:55 > > To: ceph-users > > Subject: [ceph-users] Zeroing out rbd image or volume > > > > Hi, Ceph folks, > > > > Is there a rbd command, or any other way, to zero out rbd images or > > volume? I would like to write all zero data to an rbd image/volume > > before remove it. > > > > Any comments would be appreciated. > > > > best regards, > > > > samuel > > Horebdata AG > > Switzerland > > > > > > > > > > [email protected] > > _______________________________________________ > > ceph-users mailing list -- [email protected] To unsubscribe send an > > email to [email protected] > > > > _______________________________________________ > > ceph-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > > -- > Jason > _______________________________________________ > ceph-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
