On 6/2/23 16:33, Anthony D'Atri wrote:
Stefan, how do you have this implemented? Earlier this
year I submitted
https://tracker.ceph.com/issues/58569
<https://tracker.ceph.com/issues/58569> asking to enable just this.
Lol, I have never seen that tracker otherwise I would have informed you
about it. I see the PR and tracker are updated by you / Joshua, thanks
for that..
So yes, we have this implemented and running in production (currently
re-provisioning all OSDs). It's a locally patched 16.2.11 ceph-volume
for that matter. The PR [1] needs some fixing (I need to sit down and
make it happen, just so many other things that take up my time). But
then this would be enabled by default for flash devices
(non-rotational). If used with cryptsetup 2.4.x also the appropriate
sector size is used (based on the physical sector size). We use 4K on NVMe.
Added benefit of using cryptsetup 2.4.x is that is uses Argon2id as
PBKDF for LUKS2.
We created a backport of cryptsetup 2.4.3 for use in Ubuntu Focal (based
on Jammy) [2].
We are converting our whole cluster using LUKS2 with the work queues
bypassed. For the nodes that have been converted already it works just
fine. So, as multiple users seem to be waiting for this to be available
in Ceph ... I should hurry up and make sure the PR gets in proper shape
and merged in main.
Gr. Stefan
[1]:
https://github.com/ceph/ceph/pull/49554
[2]:
https://obit.bit.nl/ubuntu/focal/cryptsetup/