mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-22 14:20:19 +00:00
rbd: make sure csi rbd pv encryption defaulting to luks2 version
Fixes: #https://github.com/ceph/ceph-csi/issues/1564 As per release notes this new version is compatible with previous version of LUKS. https://www.saout.de/pipermail/dm-crypt/2017-December/005771.html Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
0b5da6a127
commit
36ee8b2240
@ -3,7 +3,7 @@
|
|||||||
## Proposal
|
## Proposal
|
||||||
|
|
||||||
Subject of this proposal is to add support for encryption of RBD volumes in
|
Subject of this proposal is to add support for encryption of RBD volumes in
|
||||||
Ceph-CSI.
|
Ceph-CSI with type LUKS version 2.
|
||||||
|
|
||||||
Some but not all the benefits of this approach:
|
Some but not all the benefits of this approach:
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ import (
|
|||||||
|
|
||||||
// LuksFormat sets up volume as an encrypted LUKS partition.
|
// LuksFormat sets up volume as an encrypted LUKS partition.
|
||||||
func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
|
func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
|
||||||
return execCryptsetupCommand(&passphrase, "-q", "luksFormat", "--hash", "sha256", devicePath, "-d", "/dev/stdin")
|
return execCryptsetupCommand(&passphrase, "-q", "luksFormat", "--type", "luks2", "--hash", "sha256", devicePath, "-d", "/dev/stdin")
|
||||||
}
|
}
|
||||||
|
|
||||||
// LuksOpen opens LUKS encrypted partition and sets up a mapping.
|
// LuksOpen opens LUKS encrypted partition and sets up a mapping.
|
||||||
|
Loading…
Reference in New Issue
Block a user