Hi All
I am trying to improve my home LAB and move from local LVM to NFS/ISCSI or one of distributed file system. I have compared GlusterFS, CEPH and other object storage solutions like minio/seaweedfs with NFS/iSCSI and the most appropriate for me seems to be CEPH due to compatibility with Proxmox VE, continuous development and the most future expansion with more disks/nodes (scalability) and distributed nature, which eliminate performance issue.
Now I am in the process of developing an architecture for the future CEPH cluster and I am not sure if my idea will be a good one. My idea is to completely virtualize the CEPH cluster (each virtual machine will have different CEPH role: OSD, Manager, Metadata server etc) instead install it to physical Proxmox node. The below I introduce what it looks now and what is will look like.
Now:
What is reasons of above:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
My second consideration is related with CEPH and encryption. I would like to achieve full encryption similar to previously used with local LVM storage + LUKS2 (it allows me to implement encrypted and unencrypted volumes as well), which prevents from read data after a potential theft devices. I have tried to read and understand CEPH documentation, but I am not sure. What I was able to read from the documentation:
Thank you in advance for any help and advices.
I am trying to improve my home LAB and move from local LVM to NFS/ISCSI or one of distributed file system. I have compared GlusterFS, CEPH and other object storage solutions like minio/seaweedfs with NFS/iSCSI and the most appropriate for me seems to be CEPH due to compatibility with Proxmox VE, continuous development and the most future expansion with more disks/nodes (scalability) and distributed nature, which eliminate performance issue.
Now I am in the process of developing an architecture for the future CEPH cluster and I am not sure if my idea will be a good one. My idea is to completely virtualize the CEPH cluster (each virtual machine will have different CEPH role: OSD, Manager, Metadata server etc) instead install it to physical Proxmox node. The below I introduce what it looks now and what is will look like.
Now:
- Proxmox node 1 (PC, role: NAS)
- Architecture:
- unencrypted storage: physical disks -> RAID 0 or 6 -> LVM group -> LVM volume -> [ any VM -> virtual disk -> filesystem (EXT4) ]
- encrypted storage: physical disks -> RAID 0 or 6 -> LVM group -> LVM volume -> [ any VM -> virtual disk -> LUKS2 -> filesystem (EXT4) ]
- Architecture:
- Proxmox node 2 (Laptop, role: compute only)
- Proxmox node 3 (PC, role: NAS, now it is dead and will be replaced in near future)
- the same architecture like Proxmox node 1
- Proxmox node 1 (PC, role: NAS)
- Architecture:
- unencrypted storage: physical disks -> RAID 0 or 6 -> LVM group -> LVM volume -> [ specific CEPH's role VM -> virtual disk -> LVM group (forced by CEPH) -> LVM volume (forced by CEPH) -> filesystem (EXT4) ]
- encrypted storage: physical disks -> RAID 0 or 6 -> LVM group -> LVM volume -> [ specific CEPH's role VM -> virtual disk -> LVM group (forced by CEPH) -> LVM volume (forced by CEPH) -> LUKS2 / built-in dmcrypt -> filesystem (EXT4) ]
- Architecture:
- Proxmox node 2 (Laptop, role: compute only)
- Proxmox node 3 (PC, role: NAS, now it is dead and will be replaced in near future)
- the same architecture like Proxmox node 1
What is reasons of above:
- Flexibility:
- I would like to change storage solution in future (if it will be needed) to other solution by create new VMs and migrate data
- I would like to test other solutions and compare them with CEPH
- Isolation:
- It should improve security
- Additional resource control for each VM
- Performance:
- When I will add additional layer consisting of another LVM on the virtual machine it might reduce performance
- Does my idea worth implementing? Will this have a significant impact on performance or causes additional problems (about which I don't know yet
)? - Can my idea use in production? (of course, taking into account that individual nodes will be dedicated for CEPH)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
My second consideration is related with CEPH and encryption. I would like to achieve full encryption similar to previously used with local LVM storage + LUKS2 (it allows me to implement encrypted and unencrypted volumes as well), which prevents from read data after a potential theft devices. I have tried to read and understand CEPH documentation, but I am not sure. What I was able to read from the documentation:
- encryption can be set on volume level
- encryption can be set on RBD image level
- encryption can be set on LVM side (dmcrypt, only LUKSv1 supported)
- What are the best practices of CEPH encryption?
- Is there any possibility to use LUKSv2 instead LUKSv1?
- Does it possible to use LUKSv2 on VM side level, which act as client for CEPH storage volume?
Thank you in advance for any help and advices.