Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
Thu, 11 Jul 2019 10:24:16 +0200 "Marc Roos" ==> ceph-users , lmb : > What about creating snaps on a 'lower level' in the directory structure > so you do not need to remove files from a snapshot as a work around? Thanks for the idea. This might be a solution for our use case. Regards, Lars ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
Thu, 11 Jul 2019 10:21:16 +0200 Lars Marowsky-Bree ==> ceph-users@lists.ceph.com : > On 2019-07-10T09:59:08, Lars Täuber wrote: > > > Hi everbody! > > > > Is it possible to make snapshots in cephfs writable? > > We need to remove files because of this General Data Protection Regulation > > also from snapshots. > > Removing data from existing WORM storage is tricky, snapshots being a > specific form thereof. We liked it to be a non-WORM storage. It is not meant to be used as an archive. Thanks, Lars ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
What about creating snaps on a 'lower level' in the directory structure so you do not need to remove files from a snapshot as a work around? -Original Message- From: Lars Marowsky-Bree [mailto:l...@suse.com] Sent: donderdag 11 juli 2019 10:21 To: ceph-users@lists.ceph.com Subject: Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO On 2019-07-10T09:59:08, Lars Täuber wrote: > Hi everbody! > > Is it possible to make snapshots in cephfs writable? > We need to remove files because of this General Data Protection Regulation also from snapshots. Removing data from existing WORM storage is tricky, snapshots being a specific form thereof. If you want to avoid copying and altering all existing records - which might clash with the requirement from other fields that data needs to be immutable, but I guess you could store checksums externally somewhere? -, this is difficult. I think what you'd need is an additional layer - say, one holding the decryption keys for the tenant/user (or whatever granularity you want to be able to remove data at) - that you can still modify. Once the keys have been successfully and permanently wiped, the old data is effectively permanently deleted (from all media; whether Ceph snaps or tape or other immutable storage). You may have a record that you *had* the data. Now, of course, you've got to manage keys, but that's significantly less data to massage. Not a lawyer, either. Good luck. Regards, Lars -- SUSE Linux GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg) "Architects should open possibilities and not determine everything." (Ueli Zbinden) ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
On 2019-07-10T09:59:08, Lars Täuber wrote: > Hi everbody! > > Is it possible to make snapshots in cephfs writable? > We need to remove files because of this General Data Protection Regulation > also from snapshots. Removing data from existing WORM storage is tricky, snapshots being a specific form thereof. If you want to avoid copying and altering all existing records - which might clash with the requirement from other fields that data needs to be immutable, but I guess you could store checksums externally somewhere? -, this is difficult. I think what you'd need is an additional layer - say, one holding the decryption keys for the tenant/user (or whatever granularity you want to be able to remove data at) - that you can still modify. Once the keys have been successfully and permanently wiped, the old data is effectively permanently deleted (from all media; whether Ceph snaps or tape or other immutable storage). You may have a record that you *had* the data. Now, of course, you've got to manage keys, but that's significantly less data to massage. Not a lawyer, either. Good luck. Regards, Lars -- SUSE Linux GmbH, GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg) "Architects should open possibilities and not determine everything." (Ueli Zbinden) ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
On Wed, Jul 10, 2019 at 4:16 PM Lars Täuber wrote: > > Hi everbody! > > Is it possible to make snapshots in cephfs writable? > We need to remove files because of this General Data Protection Regulation > also from snapshots. > It's possible (only delete data), but need to modify both mds and osd. It's a big project. > Thanks and best regards, > Lars > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] writable snapshots in cephfs? GDPR/DSGVO
On 7/10/19 9:59 AM, Lars Täuber wrote: > Hi everbody! > > Is it possible to make snapshots in cephfs writable? As far as I'm aware: No You would need to remove the complete snapshot and create a new one. > We need to remove files because of this General Data Protection Regulation > also from snapshots. > This goes outside the scope of Ceph, but GDPR doesn't require you to remove the data instantly. Otherwise you also need to burn your tape drives (should you have those) as long as you state how long you will retain data for backup purposes. Your use-case might be different though :-) Oh, I'm not a lawyer either. Wido > Thanks and best regards, > Lars > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[ceph-users] writable snapshots in cephfs? GDPR/DSGVO
Hi everbody! Is it possible to make snapshots in cephfs writable? We need to remove files because of this General Data Protection Regulation also from snapshots. Thanks and best regards, Lars ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com