Hello Stefan,
On Fri, Jun 2, 2023 at 11:12 PM Stefan Kooman <stefan(a)bit.nl> wrote:
On 6/2/23 16:33, Anthony D'Atri wrote:
Stefan, how do you have this implemented? Earlier
this year I submitted
https://tracker.ceph.com/issues/58569
<https://tracker.ceph.com/issues/58569> asking to enable just this.
Lol, I have never seen that tracker otherwise I would have informed you
about it. I see the PR and tracker are updated by you / Joshua, thanks
for that..
So yes, we have this implemented and running in production (currently
re-provisioning all OSDs). It's a locally patched 16.2.11 ceph-volume
for that matter. The PR [1] needs some fixing (I need to sit down and
make it happen, just so many other things that take up my time). But
then this would be enabled by default for flash devices
(non-rotational). If used with cryptsetup 2.4.x also the appropriate
sector size is used (based on the physical sector size). We use 4K on NVMe.
Added benefit of using cryptsetup 2.4.x is that is uses Argon2id as
PBKDF for LUKS2.
We created a backport of cryptsetup 2.4.3 for use in Ubuntu Focal (based
on Jammy) [2].
We are converting our whole cluster using LUKS2 with the work queues
bypassed. For the nodes that have been converted already it works just
fine. So, as multiple users seem to be waiting for this to be available
in Ceph ... I should hurry up and make sure the PR gets in proper shape
and merged in main.
Thanks for the report.
However, I would like to take back a part of my previous response, where I
informed you about the "xtsproxy" kernel module. Please don't try to use
it. Reason: I recently filed a bug for its inclusion into the Zen kernel,
available for Arch Linux users, and the result is that the resulting system
stopped booting for some users. So a proper backport is required, even
though the Cloudflare patch applies as-is.
https://github.com/zen-kernel/zen-kernel/issues/306
https://github.com/zen-kernel/zen-kernel/issues/310
--
Alexander E. Patrakov