dont intialize cryptsetup if vault cannot be reached
Bug #1818165 reported by
Wouter van Bommel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceph OSD Charm |
Invalid
|
Undecided
|
Unassigned | ||
vaultlocker |
Fix Committed
|
Medium
|
Unassigned |
Bug Description
Currently ceph will start encrypting the disk, if a relation exists with a vault.
If we run into the situation that the vault cannot be reached, this means that there are encrypted disks of which the key is not saved. Recovery is hard, as this basically means that all the disks have to be 'unformatted' and re-added to the cluster.
tags: | added: canonical-bootstack |
Changed in vaultlocker: | |
assignee: | nobody → Marco Filipe Moutinho da Silva (mfmsilva) |
Changed in vaultlocker: | |
status: | In Progress → Fix Committed |
assignee: | Marco Filipe Moutinho da Silva (mfmsilva) → nobody |
To post a comment you must log in.
For reference I added the resulting lsblk of this host here: https:/ /pastebin. canonical. com/p/Mwfzw4tzX Y/
This host is suffering from a hook failed: "secrets- storage- relation- joined" status in juju, which was caused by network issues not detected before the ceph charm was added.