Awesome -- I searched and all I could find was restricting access at the pool level
I will investigate the dm-crypt/RBD path also. Thanks again! On Thu, Aug 24, 2017 at 7:40 PM, Alex Gorbachev <a...@iss-integration.com> wrote: > > On Mon, Aug 21, 2017 at 9:03 PM Daniel K <satha...@gmail.com> wrote: > >> Are there any client-side options to encrypt an RBD device? >> >> Using latest luminous RC, on Ubuntu 16.04 and a 4.10 kernel >> >> I assumed adding client site encryption would be as simple as using >> luks/dm-crypt/cryptsetup after adding the RBD device to /etc/ceph/rbdmap >> and enabling the rbdmap service -- but I failed to consider the order of >> things loading and it appears that the RBD gets mapped too late for >> dm-crypt to recognize it as valid.It just keeps telling me it's not a valid >> LUKS device. >> >> I know you can run the OSDs on an encrypted drive, but I was hoping for >> something client side since it's not exactly simple(as far as I can tell) >> to restrict client access to a single(or group) of RBDs within a shared >> pool. >> > > Daniel, we used info from here for single or multiple RBD mappings to > client > > https://blog-fromsomedude.rhcloud.com/2016/04/26/ > Allowing-a-RBD-client-to-map-only-one-RBD > > Also, I ran into the race condition with zfs, and would up putting zfs and > rbdmap into rc.local. It should work for dm-crypt as well. > > Regards, > Alex > > > >> Any suggestions? >> >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> > -- > -- > Alex Gorbachev > Storcium >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com