From: Sage Weil <sage@inktank.com>
To: Marcus Sorensen <shadowsor@gmail.com>
Cc: James Page <james.page@ubuntu.com>,
Gregory Farnum <greg@inktank.com>,
Peter Reiher <reiher@inktank.com>,
Dustin Kirkland <dustin.kirkland@gazzang.com>,
ceph-devel@vger.kernel.org
Subject: Re: on disk encryption
Date: Thu, 31 Jan 2013 16:44:04 -0800 (PST) [thread overview]
Message-ID: <alpine.DEB.2.00.1301311643530.15832@cobra.newdream.net> (raw)
In-Reply-To: <CALFpzo5WBnRa=LTVqnqo+iG4FziyCxJxjYVp=tvE=aYJEBw4zw@mail.gmail.com>
On Thu, 31 Jan 2013, Marcus Sorensen wrote:
> Yes, anyone could do this now by setting up the OSDs on top of
> dm-crypted disks, correct? This would just automate the process, and
> manage keys for us?
That is the idea.
sage
>
> On Tue, Jan 22, 2013 at 5:04 PM, Sage Weil <sage@inktank.com> wrote:
> > On Tue, 22 Jan 2013, James Page wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA256
> >>
> >> On 10/12/12 09:53, Gregory Farnum wrote:
> >> [...]
> >> >>>>> I love the idea of btrfs supporting encryption natively
> >> >>>>> much like it does compression. It may be some time before
> >> >>>>> that happens, so in the meantime, I'd love to see Ceph
> >> >>>>> support dm-crypt and/or eCryptfs beneath.
> >> >>>
> >> >>>
> >> >>>
> >> >>> Has this discussion progressed into any sort of implementation
> >> >>> yet? It sounds like this is going to be a key feature for users
> >> >>> who want top-to-bottom encryption of data right down to the
> >> >>> block level.
> >> >
> >> > Peter is working on this now ? I'll let him discuss the details.
> >> > :)
> >>
> >> Hey Peter - any update on the on-disk encryption work for Ceph?
> >
> > This was put on hold for now.
> >
> > At this point we're mostly just envisioning a very simple key storage
> > service via the ceph montiors (e.g., ceph key get <name>, ceph key put
> > <name>), and hooks in the startup scripts (sysvinit and/or upstart) to
> > configure dm-crypt.
> >
> > sage
> >
> >
> >>
> >> Cheers
> >>
> >> James
> >>
> >> - --
> >> James Page
> >> Ubuntu Core Developer
> >> Debian Maintainer
> >> james.page@ubuntu.com
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.12 (GNU/Linux)
> >> Comment: Using GnuPG with undefined - http://www.enigmail.net/
> >>
> >> iQIcBAEBCAAGBQJQ/wR4AAoJEL/srsug59jD4jAQAIByoFQ3rrbon/BsxqD+KUMZ
> >> xlGbviVxGIiHtLyUIwaXPerrEqnpuQCKbg/ZBXH0F9NUCRw3SZN74YuOjNz8c0Tr
> >> aAy1Wkx+lFCwt2FtiwC3pXx5++GO2qTbK7jsOeqJazxUN1J8EmoUv73jq3u+MmMo
> >> NV5k4e04g7leap3o5f13ONyJmTZC48XDZWdpa2HoYO7h1Er04y2tqOVTHwAd4PS5
> >> 26NaT2Cz4c+GMnDoTu608WrUJPv+pbi/WWf3RotRqXC3YX9VIDu6UxEc/tZHA+VP
> >> PcbfgtKGhzj7ooxdHsanhPtUtHv9o9Q2DZFbzvATDC0s3K5Rpav8C1vnC2ODq6fr
> >> LXCiRmVcjXz8e9TIQvSeQZLpK7Sy+WN4PTFdGsQqiVtw+iakw9qSn3EermAsCNIj
> >> EEeHlt6GcWgFF4oVxeZ5EDJHUobz/vyl+R0ZjJgNK3aYv0zDw4w249ARpvjmoIPS
> >> FHYrukgSIHxv1CFSh4AxA4mgRseGM4B7H69+jdzp+3LNaCnHQBnT5cfsVrpoqCam
> >> te5tytclC4gQ3xJh5L2lMH8D/ikSSZZjO+7cJ4ZEW5ebu7ChuonWMj0TQc2gPpUG
> >> qqI0aV4QxRYaE5oRJlxoSlylKd6tWvHc/44TDqUPFWVnqLB1c8WEEZnDviTz5BCC
> >> NYqJJb+2p+pzt2bK0p4r
> >> =+Uvt
> >> -----END PGP SIGNATURE-----
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> >> the body of a message to majordomo@vger.kernel.org
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >>
> >>
> > --
> > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
next prev parent reply other threads:[~2013-02-01 0:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-15 11:54 on disk encryption Sage Weil
2012-09-15 12:22 ` Mark Nelson
2012-09-19 1:53 ` Dustin Kirkland
2012-12-10 9:17 ` James Page
2012-12-10 15:53 ` Gregory Farnum
2013-01-22 21:28 ` James Page
[not found] ` <CAEgPQZDqUK+MJTX3Kbpdv3ai4=5rNCrGkxi=ioLt5OzC+zi4+Q@mail.gmail.com>
2013-01-23 0:02 ` Sage Weil
2013-01-23 0:04 ` Sage Weil
2013-01-31 23:42 ` Marcus Sorensen
2013-02-01 0:04 ` Mark Kampe
2013-02-01 0:16 ` Marcus Sorensen
2013-02-01 0:44 ` Sage Weil [this message]
2013-02-01 0:57 ` Neil Levine
2013-02-01 15:37 ` Christian Brunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.00.1301311643530.15832@cobra.newdream.net \
--to=sage@inktank.com \
--cc=ceph-devel@vger.kernel.org \
--cc=dustin.kirkland@gazzang.com \
--cc=greg@inktank.com \
--cc=james.page@ubuntu.com \
--cc=reiher@inktank.com \
--cc=shadowsor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.