]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f83ac43) | patch
ceph-volume: add TPM2 token enrollment support for encrypted OSDs
authorGuillaume Abrioux <gabrioux@ibm.com>
Thu, 16 May 2024 15:47:19 +0000 (11:47 -0400)
committerGuillaume Abrioux <gabrioux@ibm.com>
Tue, 13 Aug 2024 13:12:42 +0000 (15:12 +0200)
commit73e9c6ce45be1b1d990b530e5639e0aa2c003e01
treea077dbb52f6816afc69f2a5aff097618b20e60fdtree | snapshot
parentf83ac43ac4c9f2d41e2a3b24d681ec0dd08b3597commit | diff
ceph-volume: add TPM2 token enrollment support for encrypted OSDs

This adds the required changes to ceph-volume and cephadm in order to support
deploying tpm2 token enrolled encrypted OSDs.

Adding `--with-tpm` when deploying with `--dmcrypt` will enroll a tpm2
token to the corresponding LUKS2 devices.

Example of a osd service spec:

```
service_type: osd
service_id: tpm2_osds
placement:
  host_pattern: '*'
spec:
  data_devices:
    paths:
      - /dev/sdb
  encrypted: true
  tpm2: true
```

Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>
(cherry picked from commit 88836135fd03d28131c58a7440f51de244076166)
28 files changed:
doc/ceph-volume/lvm/prepare.rst diff | blob | history
doc/cephadm/services/osd.rst diff | blob | history
src/ceph-volume/ceph_volume/__init__.py diff | blob | history
src/ceph-volume/ceph_volume/devices/lvm/batch.py diff | blob | history
src/ceph-volume/ceph_volume/devices/lvm/common.py diff | blob | history
src/ceph-volume/ceph_volume/devices/raw/activate.py diff | blob | history
src/ceph-volume/ceph_volume/devices/raw/common.py diff | blob | history
src/ceph-volume/ceph_volume/devices/raw/list.py diff | blob | history
src/ceph-volume/ceph_volume/devices/raw/prepare.py diff | blob | history
src/ceph-volume/ceph_volume/objectstore/__init__.py diff | blob | history
src/ceph-volume/ceph_volume/objectstore/baseobjectstore.py diff | blob | history
src/ceph-volume/ceph_volume/objectstore/bluestore.py diff | blob | history
src/ceph-volume/ceph_volume/objectstore/lvmbluestore.py diff | blob | history
src/ceph-volume/ceph_volume/objectstore/rawbluestore.py diff | blob | history
src/ceph-volume/ceph_volume/tests/conftest.py diff | blob | history
src/ceph-volume/ceph_volume/tests/devices/lvm/test_prepare.py diff | blob | history
src/ceph-volume/ceph_volume/tests/devices/raw/test_prepare.py diff | blob | history
src/ceph-volume/ceph_volume/tests/objectstore/test_lvmbluestore.py diff | blob | history
src/ceph-volume/ceph_volume/tests/objectstore/test_rawbluestore.py diff | blob | history
src/ceph-volume/ceph_volume/tests/test_ceph_volume.py [new file with mode: 0644] blob
src/ceph-volume/ceph_volume/tests/util/test_disk.py diff | blob | history
src/ceph-volume/ceph_volume/tests/util/test_encryption.py diff | blob | history
src/ceph-volume/ceph_volume/tests/util/test_prepare.py diff | blob | history
src/ceph-volume/ceph_volume/util/device.py diff | blob | history
src/ceph-volume/ceph_volume/util/disk.py diff | blob | history
src/ceph-volume/ceph_volume/util/encryption.py diff | blob | history
src/python-common/ceph/deployment/drive_group.py diff | blob | history
src/python-common/ceph/deployment/translate.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.