mirror of
https://github.com/ceph/ceph
synced 2024-12-16 08:26:25 +00:00
1ec58fcfc8
Instead of storing the dmcrypt keys in the /etc/ceph/dmcrypt-keys directory, they are stored in the monitor. If a machine with OSDs created with ceph-disk prepare --dmcrypt is lost, it does not contain the key that would allow to decrypt their content. The dmcrypt key is retrieved from the monitor using a different keyring for each OSD. It is stored in a small partition called the lockbox. At boot time the lockbox is mounted /var/lib/ceph/osd-lockbox/$uuid and used when the $uuid partition is detected by udev to map it with cryptsetup. The OSDs that were prepared prior to the lockbox implementation are supported by looking up the key found in /etc/ceph/dmcrypt-keys before looking in /var/lib/ceph/osd-lockbox/$uuid. http://tracker.ceph.com/issues/14669 Fixes: #14669 Signed-off-by: Loic Dachary <loic@dachary.org>
136 lines
5.6 KiB
Plaintext
136 lines
5.6 KiB
Plaintext
# OSD_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-062c0ceff05d", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-062c0ceff05d", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# JOURNAL_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-b4b80ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-b4b80ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# BLOCK_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-b4b80ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-b4b80ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# LOCKBOX_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="fb3aabf9-d25f-47cc-bf5e-721d1816496b", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="fb3aabf9-d25f-47cc-bf5e-721d1816496", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# MPATH_OSD_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# MPATH_JOURNAL_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# MPATH_BLOCK_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-8ae0-4982-bf9d-5a8d867af560", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# MPATH_BLOCK_UUID
|
|
ACTION=="add", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="7f4a666a-16f3-47a2-8445-152ef4d03f6c", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="7f4a666a-16f3-47a2-8445-152ef4d03f6c", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_JOURNAL_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-5ec00ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-5ec00ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_BLOCK_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-5ec00ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-5ec00ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_LUKS_JOURNAL_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-35865ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="45b0969e-9b03-4f30-b4c6-35865ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_LUKS_BLOCK_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-35865ceff106", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="cafecafe-9b03-4f30-b4c6-35865ceff106", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_OID_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-5ec00ceff05d", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-5ec00ceff05d", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|
|
|
|
# DMCRYPT_LUKS_OSD_UUID
|
|
ACTION=="add" SUBSYSTEM=="block", \
|
|
ENV{DEVTYPE}=="partition", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-35865ceff05d", \
|
|
OWNER:="ceph", GROUP:="ceph", MODE:="660", \
|
|
RUN+="/usr/sbin/ceph-disk --log-stdout -v trigger /dev/$name"
|
|
ACTION=="change", SUBSYSTEM=="block", \
|
|
ENV{ID_PART_ENTRY_TYPE}=="4fbd7e29-9d25-41b8-afd0-35865ceff05d", \
|
|
OWNER="ceph", GROUP="ceph", MODE="660"
|