Description of problem: please get the admin guide fixed now that we support object granular encryotion in RHCS 3.0. I looked at the pdf and page 44 states this : " Further, Ceph does not include options to encrypt user data in the object store. Users can hand-encrypt and store their own data in the Ceph object store, of course, but Ceph provides no features to perform object encryption itself. Those storing sensitive data in Ceph should consider encrypting their data before providing it to the Ceph system." This section can now be removed and a pointer created to the object encryption capability in ceph that we now support in 3.0. Version-Release number of selected component (if applicable): https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/administration_guide/#limitations How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: I've seen differing info about object encryption in several official documentation like e.g. - RHCS 3.0 Release Notes, RHCS 3.0 Developer Guide which state the we support server side object encryption - RHCS 3.0 Admin Guide (page 47) which states the opposite - Roadmap which mentions user encryption Can you please have a look at various official docs, clarify what is actually supported and have somebody fix the information in all the docs. thanks & regards Gerald Gerald Sternagl
I removed misleading language and provided a concrete example with the S3 server side encryption feature. I was not able to find any general purpose encryption with librados. If that is available, I require additional information. https://gitlab.cee.redhat.com/red-hat-ceph-storage-documentation/doc-Red_Hat_Ceph_Storage_3-Administration_Guide/commit/4e14a68ffca4897a8457b1380a10c01ab922da78
Hi John, The general-purpose encryption is by setup of dmcrypt underneath the OSD. The Annsible tooling and ceph-volume should cover this neatly. Thanks!
Federico, We already have info in the Architecture Guide on how encryption in Ceph works, but it references ceph-disk instead of ceph-volume: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/architecture_guide/index#concept-arch-encryption-arch I assume we need to update that to reference ceph-volume since I believe that is used now [1]. Do other changes need to be made there? The architecture guide says to go to the following URL for instructions to set up encryption: I note the dmcrypt osd.yml setting is in Table 3.2: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/installation_guide_for_red_hat_enterprise_linux/#installing-a-red-hat-ceph-storage-cluster Is that enough information in our docs to cover setting up encryption via Ansible? 1) http://docs.ceph.com/docs/luminous/ceph-volume/lvm/encryption/
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. Regards, Giri
Level setting the severity of this defect to "High" with a bulk update. Pls refine it to a more closure value, as defined by the severity definition in https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity