Bug 1379015

Summary: [RFE] Support for Clevis
Product: Red Hat Ceph Storage Reporter: Neil Levine <nlevine>
Component: RADOSAssignee: Josh Durgin <jdurgin>
Status: CLOSED DEFERRED QA Contact: ceph-qe-bugs <ceph-qe-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.0CC: ceph-eng-bugs, dzafman, gmeno, jdurgin, kchai, kdreyer, npmccallum, sweil
Target Milestone: rcKeywords: FutureFeature
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-11 16:09:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1300697    
Bug Blocks:    

Description Neil Levine 2016-09-23 23:47:51 UTC 
Clevis is a client-side, pluggable key management tool that has been developed as part of the Tang project. 

https://github.com/latchset/clevis
https://github.com/latchset/tang

It can interact with any arbitrary key escrow system as well as the Tang server. We should insert it into our ceph-disk and MON keystore workflow so we can later extend it to Tang or allow customers to insert plugins to interact with their own key management systems.

My understanding is Clevis is less mature than Tang but once packages are made available we should look to start the integration so we can help with the development of the project. 

Further details at: https://www.youtube.com/watch?v=p_M0YEE-esA
Comment 4 Loic Dachary 2016-12-08 06:51:59 UTC 
Tests added upstream and scheduled for backport to jewel.
Comment 5 Loic Dachary 2016-12-08 06:52:35 UTC 
Ooops, wrong bz, sorry about that.
Comment 7 Neil Levine 2017-07-18 20:56:56 UTC 
Gregory, has any analysis of what is needed to implement the integration been done? This is a heavily requested feature so would like to know if it can be a candidate for a minor release on v3.
Comment 8 Nathaniel McCallum 2017-07-18 21:01:40 UTC 
Please include me in any planning sessions. Thanks!
Comment 9 Christina Meno 2017-07-31 16:44:09 UTC 
Neil,

I know nothing of what'd take to implement this, first I've heard of it is when I proposed it for 4.0 during scrub. 

I will review the included links to see if we could get it in 3.X
cheers
Comment 10 Josh Durgin 2019-02-11 16:09:32 UTC 
Not relevant in the near term.