On Mon, Aug 21, 2017 at 9:03 PM Daniel K <[email protected]> wrote: > Are there any client-side options to encrypt an RBD device? > > Using latest luminous RC, on Ubuntu 16.04 and a 4.10 kernel > > I assumed adding client site encryption would be as simple as using > luks/dm-crypt/cryptsetup after adding the RBD device to /etc/ceph/rbdmap > and enabling the rbdmap service -- but I failed to consider the order of > things loading and it appears that the RBD gets mapped too late for > dm-crypt to recognize it as valid.It just keeps telling me it's not a valid > LUKS device. > > I know you can run the OSDs on an encrypted drive, but I was hoping for > something client side since it's not exactly simple(as far as I can tell) > to restrict client access to a single(or group) of RBDs within a shared > pool. >
Daniel, we used info from here for single or multiple RBD mappings to client https://blog-fromsomedude.rhcloud.com/2016/04/26/Allowing-a-RBD-client-to-map-only-one-RBD Also, I ran into the race condition with zfs, and would up putting zfs and rbdmap into rc.local. It should work for dm-crypt as well. Regards, Alex > Any suggestions? > > > _______________________________________________ > ceph-users mailing list > [email protected] > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > -- -- Alex Gorbachev Storcium
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
