From: Andrew Bartlett <abartlet@catalyst.net.nz>
Date: Tue, 4 Nov 2014 22:38:41 +0000 (+1300)
Subject: Change ceph-disk default to use LUKS for encrypted partitions
X-Git-Tag: v0.93~62^2^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=998b461536d340a0d3b41bd038e7b8c3aab20a50;p=ceph.git

Change ceph-disk default to use LUKS for encrypted partitions

LUKS allows for validation of the key at mount time (rather than
simply mounting a random partition), specification of the encryption
parameters in the header and key rollover of the slot key (the one
that needs to be stored).

The previous default, plain mode (rather than using LUKS) is available
by setting 'osd dmcrypt type = plain'

Existing encrypted OSDs are still recognised and used, only new
OSDs now use LUKS.

Signed-off-by: Andrew Bartlett <abartlet@catalyst.net.nz>
---

diff --git a/src/ceph-disk b/src/ceph-disk
index 6280856ab335..c3c695144209 100755
--- a/src/ceph-disk
+++ b/src/ceph-disk
@@ -1582,7 +1582,7 @@ def main_prepare(args):
             )
 
         if dmcrypt_type is None:
-            dmcrypt_type = "plain"
+            dmcrypt_type = "luks"
 
         if dmcrypt_type == "plain":
             if dmcrypt_keysize_str is None: