Doc update: state that Vault is preferred to keys over ceph-mon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceph OSD Charm |
New
|
Undecided
|
Unassigned |
Bug Description
In recent discussions, it's been recommended that Vault should be used instead of ceph-mon for storing the keys.
However, the documentation [0] suggests either could be used:
```
The ceph-osd charm supports encryption for OSD volumes that are backed by block devices. To use Ceph's native key management framework, available since Ceph Jewel, set option osd-encrypt for the ceph-osd charm:
ceph-osd:
options:
Here, dm-crypt keys are stored in the MON sub-cluster.
Alternatively, since Ceph Luminous, encryption keys can be stored in Vault, which is deployed and initialised via the vault charm. Set options osd-encrypt and osd-encrypt-
ceph-osd:
options:
```
So this needs to properly documented with relevant caveats: what's preferred, what should be done for existing/old deployments that use ceph-mon, how to handle upgrades, etc.
tags: | added: documentation |