thanks a lot for all. Looks like dd zero does not help much about improving security, but OSD encryption would be sufficent.
best regards, Samuel [email protected] From: Wido den Hollander Date: 2020-05-12 14:03 To: Paul Emmerich; Dillaman, Jason CC: Marc Roos; ceph-users Subject: [ceph-users] Re: Zeroing out rbd image or volume On 5/12/20 1:54 PM, Paul Emmerich wrote: > And many hypervisors will turn writing zeroes into an unmap/trim (qemu > detect-zeroes=unmap), so running trim on the entire empty disk is often the > same as writing zeroes. > So +1 for encryption being the proper way here > +1 And to add to this: No, a newly created RBD image will never have 'left over' bits and bytes from a previous RBD image. I had to explain this multiple times to people which were used to old (i)SCSI setups where partitions could have leftover data from a previously created LUN. With RBD this won't happen. Wido > > Paul > _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
