Hi everyone, I am doing a test lab in order to understand how Ceph (version 10.2.1) works with LUKS. Specifically, how the OSD dm-crypt key management is done. I have read [1] and I've found the same scheme so far. However, I have problem to Open the LUKS partition manually. Of course, before to test it, I have taken the OSD out of the cluster.
This is what I've done so far: (1) Get the key for the OSD from one of the monitors: $ root@osd2:~# ceph config-key get dm-crypt/osd/UUID/luks This is the exact output: $ root@osd2:~# ceph config-key get dm-crypt/osd/UUID/luks obtained 'dm-crypt/osd/69bb64b9-2724-455b-a665-16d23db7ac2e/luks' v5D5nh5yHbiwFZY2+Q7A/j8HNs0CpRGfqQxzfkNl5wbfBBKEp96RVpTFGV9HxRx9xSUlH0ZdccBD5ZRX61xb8dDRyao6mrV/AT1ySoCbOcorDZHwFGlzPsoSldP+YuWiw8dbAFCNKYJTw4OJ3Ez1IiKFZy8mPFa0u2EsIf0ZkSU= I can understand that the actual key is: v5D5nh5yHbiwFZY2+Q7A/j8HNs0CpRGfqQxzfkNl5wbfBBKEp96RVpTFGV9HxRx9xSUlH0ZdccBD5ZRX61xb8dDRyao6mrV/AT1ySoCbOcorDZHwFGlzPsoSldP+YuWiw8dbAFCNKYJTw4OJ3Ez1IiKFZy8mPFa0u2EsIf0ZkSU= (2) Try to open the LUKS device. root@osd2:~# cryptsetup luksOpen /dev/sdc1 UUID --key-file=keyfile where *keyfile* contains the previous listed key (or passphrase). When I execute the previous command, I get the following error: "No key available with this passphrase". However, if I execute the following command I can get the partition open and mounted: $ root@osd2:~# ceph-disk trigger /dev/sdc1 Just for curiosity, I've debugged ceph-disk with pdb and I've found that this execute the following on Upstart (I'm using Ubuntu 14.04). initctl emit ceph-disk dev=/dev/sdc1 pid=$$ I don't understand what the previous command does. What am I doing wrong? Best regards, Samuel Cantero. [1] http://pad.ceph.com/p/osd-key-management
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
