search

canonical / microceph

Ceph for a one-rack cluster and appliances
https://snapcraft.io/microceph
GNU Affero General Public License v3.0
193 stars 27 forks source link

Unable to Determine Encryption Status of RBD Image in MicroCeph #324

Closed sujeet01 closed 2 months ago

sujeet01 commented 4 months ago

Issue report

What version of MicroCeph are you using ?

microceph.ceph --version
ceph version 17.2.6 (d7ff0d10654d2280e08f1ab989c7cdf3064446a5) quincy (stable)

What are the steps to reproduce this issue ?

  1. Execute below provided commands to encrypt an RBD image.
  2. Use the rbd info command to inspect the properties of the encrypted RBD image.
  3. Observe that there is no explicit indication of whether the image is encrypted or not.
sudo microceph disk add --wipe </dev/disk/by-id/usb>
openssl rand -base64 32 > /home/user/passphrase.bin
rbd create --size 1G devpool/test-img
rbd encryption format --cipher-alg aes-256 devpool/test-img luks2 /home/user/passphrase.bin

What happens (observed behaviour) ?

The output of the rbd info command does not provide a clear indication of whether the RBD image is encrypted or not. Below is the observed behavior:

rbd info devpool/test-img
rbd image 'test-img':
    size 1 GiB in 256 objects
    order 22 (4 MiB objects)
    snapshot_count: 0
    id: 381d88190c10
    block_name_prefix: rbd_data.381d88190c10
    format: 2
    features: layering, exclusive-lock, object-map, fast-diff, deep-flatten
    op_features: 
    flags: 
    create_timestamp: Mon Mar  4 15:02:12 2024
    access_timestamp: Mon Mar  4 15:02:12 2024
    modify_timestamp: Mon Mar  4 15:02:12 2024

What were you expecting to happen ?

I expected the output of the rbd info command to include a clear indication or flag confirming that the RBD image 'test-img' had been successfully encrypted using the AES-256 cipher algorithm. This indication would allow me to verify that the encryption process was completed as intended.

UtkarshBhatthere commented 2 months ago

Hello @sujeet01, thanks for reporting this issue. MicroCeph does not expose RBD management directly through it's CLI yet and hence users are limited to functionalities offered by the ceph commands (or in your case the rbd command). Since this is not exactly a MicroCeph behaviour (but an upstream Ceph one) I am leaning towards closing it. Please feel free to join our public matrix channel where expert ceph users discuss such user experiences cases and may help you out.