Applying in-transit encryption on IBM Storage Ceph cluster
Apply in-transit encryption to enhance data security in your IBM Storage Ceph cluster.
Procedure
- Apply in-transit encryption settings. Command example:
ceph config set global ms_client_mode secure ceph config set global ms_cluster_mode secure ceph config set global ms_service_mode secure ceph config set global rbd_default_map_options ms_mode=secure - Check the settings. Command example:
ceph config dump | grep ms_Example output:global basic ms_client_mode secure * global basic ms_cluster_mode secure * global basic ms_service_mode secure * global advanced rbd_default_map_options ms_mode=secure *
- Restart all Ceph daemons. Command example:
ceph orch psExample output:NAME HOST PORTS STATUS REFRESHED AGE MEM USE MEM LIM VERSION IMAGE ID CONTAINER ID alertmanager.osd-0 osd-0 *:9093,9094 running (7h) 5m ago 7h 24.6M - 0.24.0 3d2ad4f34549 6ef813aed5ef ceph-exporter.osd-0 osd-0 running (7h) 5m ago 7h 17.7M - 18.2.0-192.el9cp 6e4e34f038b9 179301cc7840 ceph-exporter.osd-1 osd-1 running (7h) 5m ago 7h 17.8M - 18.2.0-192.el9cp 6e4e34f038b9 1084517c5d27 ceph-exporter.osd-2 osd-2 running (7h) 5m ago 7h 17.9M - 18.2.0-192.el9cp 6e4e34f038b9 c933e31dc7b7 ceph-exporter.osd-3 osd-3 running (7h) 5m ago 7h 17.7M - 18.2.0-192.el9cp 6e4e34f038b9 9981004a7169 crash.osd-0 osd-0 running (7h) 5m ago 7h 6895k - 18.2.0-192.el9cp 6e4e34f038b9 9276199810a6 crash.osd-1 osd-1 running (7h) 5m ago 7h 6895k - 18.2.0-192.el9cp 6e4e34f038b9 43aee09f1f00 crash.osd-2 osd-2 running (7h) 5m ago 7h 6903k - 18.2.0-192.el9cp 6e4e34f038b9 adba2172546d crash.osd-3 osd-3 running (7h) 5m ago 7h 6899k - 18.2.0-192.el9cp 6e4e34f038b9 3a788ea496f3 grafana.osd-0 osd-0 *:3000 running (7h) 5m ago 7h 65.5M - <unknown> f142b583a1b1 c299328455cc mds.fsvol001.osd-0.lpciqk osd-0 running (7h) 5m ago 7h 24.8M - 18.2.0-192.el9cp 6e4e34f038b9 8790381f177c mds.fsvol001.osd-2.wocnxz osd-2 running (7h) 5m ago 7h 32.1M - 18.2.0-192.el9cp 6e4e34f038b9 2c66e36e19fc mgr.osd-0.dtkyni osd-0 *:9283,8765,8443 running (7h) 5m ago 7h 535M - 18.2.0-192.el9cp 6e4e34f038b9 41f5bed2d18a mgr.osd-2.kqcxwu osd-2 *:8443,9283,8765 running (7h) 5m ago 7h 440M - 18.2.0-192.el9cp 6e4e34f038b9 d8413a809b1f mon.osd-1 osd-1 running (7h) 5m ago 7h 350M 2048M 18.2.0-192.el9cp 6e4e34f038b9 fb3b5c186e38 mon.osd-2 osd-2 running (7h) 5m ago 7h 363M 2048M 18.2.0-192.el9cp 6e4e34f038b9 f5314c164e89 mon.osd-3 osd-3 running (7h) 5m ago 7h 361M 2048M 18.2.0-192.el9cp 6e4e34f038b9 3522f972ed7d node-exporter.osd-0 osd-0 *:9100 running (7h) 5m ago 7h 25.1M - 1.4.0 508050f8c316 43845647bc06 node-exporter.osd-1 osd-1 *:9100 running (7h) 5m ago 7h 21.4M - 1.4.0 508050f8c316 e84c3e2206c9 node-exporter.osd-2 osd-2 *:9100 running (7h) 5m ago 7h 25.4M - 1.4.0 508050f8c316 071580052c80 node-exporter.osd-3 osd-3 *:9100 running (7h) 5m ago 7h 21.8M - 1.4.0 508050f8c316 317205f34647 osd.0 osd-2 running (7h) 5m ago 7h 525M 4096M 18.2.0-192.el9cp 6e4e34f038b9 5247dd9d7ac3 osd.1 osd-0 running (7h) 5m ago 7h 652M 4096M 18.2.0-192.el9cp 6e4e34f038b9 17c66fee9f13 osd.2 osd-3 running (7h) 5m ago 7h 801M 1435M 18.2.0-192.el9cp 6e4e34f038b9 39b272b56fbe osd.3 osd-1 running (7h) 5m ago 7h 538M 923M 18.2.0-192.el9cp 6e4e34f038b9 f595858a1ca3 osd.4 osd-0 running (7h) 5m ago 7h 532M 4096M 18.2.0-192.el9cp 6e4e34f038b9 c4f57cc9eda6 osd.5 osd-2 running (7h) 5m ago 7h 761M 4096M 18.2.0-192.el9cp 6e4e34f038b9 d80ba180c940 osd.6 osd-3 running (7h) 5m ago 7h 415M 1435M 18.2.0-192.el9cp 6e4e34f038b9 9ec319187e25 osd.7 osd-1 running (7h) 5m ago 7h 427M 923M 18.2.0-192.el9cp 6e4e34f038b9 816731470d87 prometheus.osd-0 osd-0 *:9095 running (7h) 5m ago 7h 84.0M - 2.39.1 716dd9df3cf3 29db12cb1a5a rgw.rgw.ssl.osd-1.smzpfj osd-1 *:80 running (7h) 5m ago 7h 110M - 18.2.0-192.el9cp 6e4e34f038b9 57faaff4e425
Wait for all the daemons to restart.