-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[sled-agent] Encrypt a specific set of U.2 datasets (#4853)
This PR does the following: - As a part of processing U.2s during initialization, `ensure_zpool_datasets_are_encrypted` is invoked. This identifies all datasets which should be encrypted (`cockroachdb`, `clickhouse`, `internal_dns`, `external_dns`, `clickhouse_keeper`) and performs a one-way migration from unencrypted to encrypted dataset. - Additionally, during zone launching, the sled agent verifies properties about datasets that it expects should be encrypted. This helps prevent these encrypted dataset from being used before their transfer has finished, and also prevents these zones from ever using unencrypted datasets in the future. - Furthermore, for all new deployments, this PR uses encryption on these datasets by default.
- Loading branch information
Showing
6 changed files
with
532 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.