Hi,
I'm just wondering if with proxmox, running ceph monitors in a different subnet is a supported configuration? The official guide that walks you through configuring monitors only gives the option to create OSDs running on the nodes themselves, i..e on the one subnet (as defined by the "pveceph init --network" command)
The reason I want to run the monitors in a different subnet is I want them at a different site due to encryption. I have read in the ceph documentation that you can encrypt each ceph OSD however the key management is provided by the monitor (i.e. the keys are stored on the monitor itself).
This seems kind of unsafe to me - what good is storing the key right there on the server that has the disk you want to secure in it?
So in a nutshell, is it a supported config to run the monitors in a different subnet from a different site with slightly higher than LAN latency (between 1-5ms).
If not, what is the best way to accomplish secure encryption?
I'm just wondering if with proxmox, running ceph monitors in a different subnet is a supported configuration? The official guide that walks you through configuring monitors only gives the option to create OSDs running on the nodes themselves, i..e on the one subnet (as defined by the "pveceph init --network" command)
The reason I want to run the monitors in a different subnet is I want them at a different site due to encryption. I have read in the ceph documentation that you can encrypt each ceph OSD however the key management is provided by the monitor (i.e. the keys are stored on the monitor itself).
This seems kind of unsafe to me - what good is storing the key right there on the server that has the disk you want to secure in it?
So in a nutshell, is it a supported config to run the monitors in a different subnet from a different site with slightly higher than LAN latency (between 1-5ms).
If not, what is the best way to accomplish secure encryption?