1385094 – [Doc RFE] Document where the Linux Unified Key Setup (LUKS) keys are stored on the monitor node when implementing dm-crypt

Bug 1385094 - [Doc RFE] Document where the Linux Unified Key Setup (LUKS) keys are stored on the monitor node when implementing dm-crypt

Summary: [Doc RFE] Document where the Linux Unified Key Setup (LUKS) keys are stored o...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	2.1
Assignee:	Bara Ancincova
QA Contact:	Tejas
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-14 18:08 UTC by Anjana Suparna Sriram
Modified:	2016-11-28 09:37 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-28 09:37:36 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Anjana Suparna Sriram 2016-10-14 18:08:55 UTC

Additional info:

As an administrator, I need to know where the Linux Unified Key Setup (LUKS) keys are stored on the  monitor node when implementing dm-crypt.

Document that LUKS keys are stored in the ceph-mon k/v store and not as files on /etc/ceph/.

Content Plan: https://docs.google.com/document/d/1-ZHELw4UrH4D-d8vdz3J97nsFWiQx0a48s_QfZ1clhs/edit#

Comment 3 seb 2016-10-17 09:34:58 UTC

It's sufficient to say keys are stored in the mon k/v store.
Additionally you could say that keys can be accessed with the "client.admin" user by running the following commands:

* list the keys: "ceph config-key list"
* access a particular key: "ceph config-key get $KEY"

Comment 5 Tejas 2016-11-02 16:17:50 UTC

The commands mentioned in the doc are working fine:
sudo ceph config-key list
[
    "dm-crypt\/osd\/2e24cba4-9c86-4716-a80d-ba5ef7e40961\/luks",
    "dm-crypt\/osd\/328e9329-f0ae-49a3-b67c-155646aa34d9\/luks",
    "dm-crypt\/osd\/557007dd-a550-454a-9444-e868cbd1168c\/luks",
    "dm-crypt\/osd\/59f9c279-e300-408f-976f-6816c5f6b04f\/luks",
    "dm-crypt\/osd\/6f7a5daa-451f-4ea9-9fd2-4a1d56d8eb98\/luks",
    "dm-crypt\/osd\/7b557345-dd7a-4c46-8904-8e14bbbe3bd7\/luks",
    "dm-crypt\/osd\/cf57decb-e222-4fa7-8443-63b71b7fa202\/luks",
    "dm-crypt\/osd\/dcd0d312-3ca8-481b-8b5a-74d3c2ce16b0\/luks",
    "dm-crypt\/osd\/e758262b-74f8-4ed0-9097-20bee8e226fe\/luks"
]

Moving the bug to verified.

Thanks,
Tejas

Note You need to log in before you can comment on or make changes to this bug.