Change ceph-disk default to use LUKS for encrypted partitions

LUKS allows for validation of the key at mount time (rather than
simply mounting a random partition), specification of the encryption
parameters in the header and key rollover of the slot key (the one
that needs to be stored).

The previous default, plain mode (rather than using LUKS) is available
by setting 'osd dmcrypt type = plain'

Existing encrypted OSDs are still recognised and used, only new
OSDs now use LUKS.

Signed-off-by: Andrew Bartlett <abartlet@catalyst.net.nz>

diff --git a/src/ceph-disk b/src/ceph-disk
index 6280856ab3358ed5bfe3707b65e7af37aeb52db2..c3c6951442093c0b530907c85ee7a1978bfd1d1c 100755 (executable)
--- a/src/ceph-disk
+++ b/src/ceph-disk
@@ -1582,7 +1582,7 @@ def main_prepare(args):
             )
 
         if dmcrypt_type is None:
-            dmcrypt_type = "plain"
+            dmcrypt_type = "luks"
 
         if dmcrypt_type == "plain":
             if dmcrypt_keysize_str is None: