Bug 1766195

Summary: [Docs] Document how to implement on-wire encryption (msgr2 protocol)
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: khartsoe <khartsoe>
Component: DocumentationAssignee: Aron Gunn <agunn>
Status: CLOSED CURRENTRELEASE QA Contact: Manohar Murthy <mmurthy>
Severity: high Docs Contact:
Priority: high    
Version: 4.0CC: agunn, asriram, fherrman, jdillama, johfulto, kdreyer
Target Milestone: rc   
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-09 15:24:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1708370, 1810315    

Description khartsoe@redhat.com 2019-10-28 14:47:25 UTC 
Description of problem:

Objective is to document overview/configuration/implementation of Messenger protocol on-wire encryption. RHCS 4.0 will implement fast mode (integrity {default mode}) and second mode (secure).

Doc effort includes following scenarios:
-on-wire encryption of communication between the cluster and LibRBD in the hypervisor
-on-wire encryption from client to OSDs (i.e. full end-to-end in-transit encryption)

Content location:
(1) Update "3.3. Encryption in Transit" (Security and Hardening Guide) with overview/description information.
(2) Update "4. Encryption" (Architecture Guide) with description information.
(3) Task instructions TBD pending engineering input.

Pending:
-PM/engineering recommendations for customers as to guidance when to implement (due to negative performance impact).

**On-wire encryption to be identified as a Headliner in RHCS 4.0 documentation/release notes.**

https://docs.ceph.com/docs/master/dev/msgr2/