mirror of https://github.com/ceph/ceph
1ec58fcfc8
Instead of storing the dmcrypt keys in the /etc/ceph/dmcrypt-keys
directory, they are stored in the monitor. If a machine with
OSDs created with ceph-disk prepare --dmcrypt is lost, it does
not contain the key that would allow to decrypt their content.
The dmcrypt key is retrieved from the monitor using a different keyring
for each OSD. It is stored in a small partition called the lockbox. At
boot time the lockbox is mounted
/var/lib/ceph/osd-lockbox/$uuid
and used when the $uuid partition is detected by udev to map it with
cryptsetup.
The OSDs that were prepared prior to the lockbox implementation are
supported by looking up the key found in /etc/ceph/dmcrypt-keys before
looking in /var/lib/ceph/osd-lockbox/$uuid.
http://tracker.ceph.com/issues/14669 Fixes: #14669
Signed-off-by: Loic Dachary <loic@dachary.org>
|
||
|---|---|---|
| .. | ||
| 50-rbd.rules | ||
| 60-ceph-partuuid-workaround.rules | ||
| 95-ceph-osd-alt.rules | ||
| 95-ceph-osd.rules | ||