rbd: make sure csi rbd pv encryption defaulting to luks2 version

Fixes: #https://github.com/ceph/ceph-csi/issues/1564

As per release notes this new version is compatible with previous
version of LUKS.
https://www.saout.de/pipermail/dm-crypt/2017-December/005771.html

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2020-10-09 11:14:09 +05:30 committed by mergify[bot]
parent 0b5da6a127
commit 36ee8b2240
2 changed files with 2 additions and 2 deletions

View File

@ -3,7 +3,7 @@
## Proposal
Subject of this proposal is to add support for encryption of RBD volumes in
Ceph-CSI.
Ceph-CSI with type LUKS version 2.
Some but not all the benefits of this approach:

View File

@ -25,7 +25,7 @@ import (
// LuksFormat sets up volume as an encrypted LUKS partition.
func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
return execCryptsetupCommand(&passphrase, "-q", "luksFormat", "--hash", "sha256", devicePath, "-d", "/dev/stdin")
return execCryptsetupCommand(&passphrase, "-q", "luksFormat", "--type", "luks2", "--hash", "sha256", devicePath, "-d", "/dev/stdin")
}
// LuksOpen opens LUKS encrypted partition and sets up a mapping.