mirror of
https://github.com/ceph/ceph
synced 2024-12-23 20:03:56 +00:00
c83a288ab8
LUKS allows for validation of the key at mount time (rather than simply mounting a random partition), specification of the encryption parameters in the header and key rollover of the slot key (the one that needs to be stored). New parameters 'osd cryptsetup parameters' and 'osd dmcrypt key size' are added. These allow these important policy choices to be overridden or kept consistent per-site. The previous default plain mode (rather than using LUKS) remains, select LUKS by setting 'osd dmcrypt type = luks' Signed-off-by: Andrew Bartlett <abartlet@catalyst.net.nz>
44 lines
2.1 KiB
Plaintext
44 lines
2.1 KiB
Plaintext
# activate ceph-tagged partitions
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-062c0ceff05d", \
|
|
RUN+="/usr/sbin/ceph-disk-activate /dev/$name"
|
|
|
|
# activate ceph-tagged partitions
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-b4b80ceff106", \
|
|
RUN+="/usr/sbin/ceph-disk activate-journal /dev/$name"
|
|
|
|
# Map journal if using dm-crypt and plain
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-5ec00ceff106", \
|
|
RUN+="/sbin/cryptsetup --key-file /etc/ceph/dmcrypt-keys/$env{ID_PART_ENTRY_UUID} --key-size 256 create $env{ID_PART_ENTRY_UUID} /dev/$name"
|
|
|
|
# Map journal if using dm-crypt and luks
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-35865ceff106", \
|
|
RUN+="/sbin/cryptsetup --key-file /etc/ceph/dmcrypt-keys/$env{ID_PART_ENTRY_UUID}.luks.key luksOpen /dev/$name $env{ID_PART_ENTRY_UUID}"
|
|
|
|
# Map data device and
|
|
# activate ceph-tagged partitions
|
|
# for dm-crypted data devices and plain
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-5ec00ceff05d", \
|
|
RUN+="/sbin/cryptsetup --key-file /etc/ceph/dmcrypt-keys/$env{ID_PART_ENTRY_UUID} --key-size 256 create $env{ID_PART_ENTRY_UUID} /dev/$name", \
|
|
RUN+="/bin/bash -c 'while [ ! -e /dev/mapper/$env{ID_PART_ENTRY_UUID} ];do sleep 1; done'", \
|
|
RUN+="/usr/sbin/ceph-disk-activate /dev/mapper/$env{ID_PART_ENTRY_UUID}"
|
|
|
|
# Map data device and
|
|
# activate ceph-tagged partitions
|
|
# for dm-crypted data devices and luks
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-35865ceff05d", \
|
|
RUN+="/sbin/cryptsetup --key-file /etc/ceph/dmcrypt-keys/$env{ID_PART_ENTRY_UUID}.luks.key luksOpen /dev/$name $env{ID_PART_ENTRY_UUID}", \
|
|
RUN+="/bin/bash -c 'while [ ! -e /dev/mapper/$env{ID_PART_ENTRY_UUID} ];do sleep 1; done'", \
|
|
RUN+="/usr/sbin/ceph-disk-activate /dev/mapper/$env{ID_PART_ENTRY_UUID}"
|