Hi,
I am running a Ceph 16.2.9 cluster with wire encryption. From my ceph.conf:
_____
ms client mode = secure
ms cluster mode = secure
ms mon client mode = secure
ms mon cluster mode = secure
ms mon service mode = secure
ms service mode = secure
_____
My cluster is running both messenger v1 and messenger v2 listening on the
default ports 6789 and 3300. Now I have Nautilus clients (krbd) mounting rados
block devices from this cluster.
When looking at the current sessions (ceph daemon <monitor> sessions) for my
rbd clients I see something like this:
_____
{
"name": "client.*****",
"entity_name": "client.fe-*****",
"addrs": {
"addrvec": [
{
"type": "v1",
"addr": "10.238.194.4:0",
"nonce": 2819469832
}
]
},
"socket_addr": {
"type": "v1",
"addr": "10.238.194.4:0",
"nonce": 2819469832
},
"con_type": "client",
"con_features": 3387146417253690110,
"con_features_hex": "2f018fb87aa4aafe",
"con_features_release": "luminous",
"open": true,
"caps": {
"text": "profile rbd"
},
"authenticated": true,
"global_id": 256359885,
"global_id_status": "reclaim_ok",
"osd_epoch": 13120,
"remote_host": ""
},
_____
As I understand, "type": "v1" means messenger v1 is used and therefore no
secure wire encryption, which comes with messenger v2. Is this understanding
correct? How can I enable wire encrytion here? Nautilus should be able to use
msgr2. In general, how can I verify a client is using wire encryption or not?
Thank you,
Martin
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
