From: Alfredo Deza Date: Fri, 2 Feb 2018 13:36:02 +0000 (-0500) Subject: doc/ceph-volume scan update for encryption support X-Git-Tag: v12.2.3~19^2~13 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=476eac136a7aee3485b91b81108bc1d05d0d6698;p=ceph.git doc/ceph-volume scan update for encryption support Signed-off-by: Alfredo Deza (cherry picked from commit e0d3bb82255a937cd937d33f966979fb541d1443) --- diff --git a/doc/ceph-volume/simple/scan.rst b/doc/ceph-volume/simple/scan.rst index afeddabb86f0..320fee8fb453 100644 --- a/doc/ceph-volume/simple/scan.rst +++ b/doc/ceph-volume/simple/scan.rst @@ -4,7 +4,8 @@ ======== Scanning allows to capture any important details from an already-deployed OSD so that ``ceph-volume`` can manage it without the need of any other startup -workflows or tools (like ``udev`` or ``ceph-disk``). +workflows or tools (like ``udev`` or ``ceph-disk``). Encryption with LUKS or +PLAIN formats is fully supported. The command has the ability to inspect a running OSD, by inspecting the directory where the OSD data is stored, or by consuming the data partition. @@ -42,6 +43,12 @@ are a few files that must exist in order to have a successful scan: * ``type`` * ``whoami`` +If the OSD is encrypted, it will additionally add the following keys: + +* ``encrypted`` +* ``encryption_type`` +* ``lockbox_keyring`` + In the case of any other file, as long as it is not a binary or a directory, it will also get captured and persisted as part of the JSON object. @@ -53,10 +60,16 @@ would look like:: "whoami": "1", -For files that may have more than one line, the contents are left as-is, for -example, a ``keyring`` could look like this:: +For files that may have more than one line, the contents are left as-is, except +for keyrings which are treated specially and parsed to extract the keyring. For +example, a ``keyring`` that gets read as:: + + [osd.1]\n\tkey = AQBBJ/dZp57NIBAAtnuQS9WOS0hnLVe0rZnE6Q==\n + +Would get stored as:: + + "keyring": "AQBBJ/dZp57NIBAAtnuQS9WOS0hnLVe0rZnE6Q==", - "keyring": "[osd.1]\n\tkey = AQBBJ/dZp57NIBAAtnuQS9WOS0hnLVe0rZnE6Q==\n", For a directory like ``/var/lib/ceph/osd/ceph-1``, the command could look like:: @@ -64,9 +77,6 @@ like:: ceph-volume simple scan /var/lib/ceph/osd/ceph1 -.. note:: There is no support for encrypted OSDs - - .. _ceph-volume-simple-scan-device: Device scan @@ -93,9 +103,6 @@ could look like:: ceph-volume simple scan /dev/sda1 -.. note:: There is no support for encrypted OSDs - - .. _ceph-volume-simple-scan-json: ``JSON`` contents @@ -147,7 +154,7 @@ This is a sample ``JSON`` metadata, from an OSD that is using ``bluestore``:: "uuid": "86ebd829-1405-43d3-8fd6-4cbc9b6ecf96" }, "fsid": "86ebd829-1405-43d3-8fd6-4cbc9b6ecf96", - "keyring": "[osd.3]\n\tkey = AQBBJ/dZp57NIBAAtnuQS9WOS0hnLVe0rZnE6Q==\n", + "keyring": "AQBBJ/dZp57NIBAAtnuQS9WOS0hnLVe0rZnE6Q==", "kv_backend": "rocksdb", "magic": "ceph osd volume v026", "mkfs_done": "yes",