Ceph OSD Charm

dont intialize cryptsetup if vault cannot be reached

Bug #1818165 reported by Wouter van Bommel on 2019-03-01

10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ceph OSD Charm	Invalid	Undecided	Unassigned
	vaultlocker	Fix Committed	Medium	Unassigned

Bug Description

Currently ceph will start encrypting the disk, if a relation exists with a vault.

If we run into the situation that the vault cannot be reached, this means that there are encrypted disks of which the key is not saved. Recovery is hard, as this basically means that all the disks have to be 'unformatted' and re-added to the cluster.

Tags:

Wouter van Bommel (woutervb) on 2019-03-01

tags:

added: canonical-bootstack

Revision history for this message

Wouter van Bommel (woutervb) wrote on 2019-03-01:

#1

For reference I added the resulting lsblk of this host here: https://pastebin.canonical.com/p/Mwfzw4tzXY/

This host is suffering from a hook failed: "secrets-storage-relation-joined" status in juju, which was caused by network issues not detected before the ceph charm was added.

Revision history for this message

Paul Collins (pjdc) wrote on 2019-03-01:

#2

This isn't a total disaster; you can get the master key from dmsetup table --showkeys while the mapping still exists, and cryptsetup luksAddKey has a --master-key-file parameter you can use to add a known passphrase for adding to vault. (I
m not sure if --master-key-file wants hex-encoded data, as printed by dmsetup, or binary.)

Revision history for this message

Wouter van Bommel (woutervb) wrote on 2019-03-04:

#3

Great that does not mean data loss at this point in time. But having to manually doing the passphrase setup on 40 disks is not something I am looking forward to.
As there is no data written on them yet. It would be great if there would a command that we can use to get this revolved.

Revision history for this message

James Page (james-page) wrote on 2019-03-05:

#4

Does the zap-disk action not manage to purge any cryptsetup from the block devices?

If not we should probably fix that.

Also worth noting that the charm has already managed to contact Vault to retrieve the AppRole secret by the point in time that disk encryption started.

Revision history for this message

James Page (james-page) wrote on 2019-03-05:

#5

Looking at the vaultlocker code, we could attempt to store and validate the key prior to actually using it to format the disk - this would leave the disk pristine in the event of a vault related error.

Changed in charm-ceph-osd:
status:	New → Invalid
Changed in vaultlocker:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

James Page (james-page) wrote on 2019-12-11:

#6

The alternative is that vaultlocker could purge the block device if the storage of the key fails in vault for some reason - ensuring that the disk is left in a pristine state.

Marco Filipe Moutinho da Silva (mfmsilva) on 2020-05-06

Changed in vaultlocker:
assignee:	nobody → Marco Filipe Moutinho da Silva (mfmsilva)

Revision history for this message

Aurelien Lourot (aurelien-lourot) wrote on 2020-06-01:

#7

https://github.com/openstack-charmers/vaultlocker/pull/12

Changed in vaultlocker:
status:	Triaged → In Progress

Aurelien Lourot (aurelien-lourot) on 2022-01-03

Changed in vaultlocker:
status:	In Progress → Fix Committed
assignee:	Marco Filipe Moutinho da Silva (mfmsilva) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.