1OCF_HEARTBEAT_CRYPT(7)        OCF resource agents       OCF_HEARTBEAT_CRYPT(7)
2
3
4

NAME

6       ocf_heartbeat_crypt - LUKS/crypt resource agent
7

SYNOPSIS

9       crypt [start | stop | monitor | meta-data | validate-all]
10

DESCRIPTION

12       This is a LUKS/crypt Resource Agent managing encrypted devices via
13       cryptsetup(8). The agent imposes limitations on device types supported:
14       luks, luks[1..N].
15

SUPPORTED PARAMETERS

17       encrypted_dev
18           Encrypted backing device, which should be defined by UUID, 36
19           characters including '-'s as reported by blkid(8).
20
21           Although it can be defined as a block device path (e.g. /dev/sdh),
22           the UUID should be preferred over the block device path to allow
23           for the unique discovery of the crypt backing device given the
24           volatile nature of /dev entries (e.g. /dev/sdh on one node may be
25           /dev/sdg on another).
26
27           Only define as block device path if you know what you are doing.
28
29           (unique, required, string, no default)
30
31       crypt_dev
32           Encrypted device name, no path. I.e. the one given in "cryptsetup
33           open name ...". The resulting block device path is
34           /dev/mapper/name.
35
36           (unique, required, string, no default)
37
38       key_file
39           Key file path containing the encryption passphrase (aka key; see
40           cryptsetup(8)). For LUKS, the passphrase as of the key_file
41           parameter is used to decrypt a randomly selected key when the
42           device was created.
43
44           (required, string, no default)
45
46       crypt_type
47           Encryption (device) type (e.g. "luks" or "luks2").
48
49           This parameter affirms the encryption format as of the crypt
50           metadata thus allowing for safety measures when starting the
51           encrypted resource.
52
53           (required, string, no default)
54
55       force_stop
56           If processes or kernel threads are using the crypt device, it
57           cannot be stopped. We will try to stop processes, first by sending
58           TERM and then, if that doesn't help in seconds, using KILL. The
59           lsof(8) program is required to get the list of array users. Of
60           course, the kernel threads cannot be stopped this way. If the
61           processes are critical for data integrity, then set this parameter
62           to false. Note that in that case the stop operation will fail and
63           the node will be fenced.
64
65           (optional, boolean, default false)
66

SUPPORTED ACTIONS

68       This resource agent supports the following actions (operations):
69
70       start
71           Starts the resource. Suggested minimum timeout: 20s.
72
73       stop
74           Stops the resource. Suggested minimum timeout: 20s.
75
76       monitor
77           Performs a detailed status check. Suggested minimum timeout: 20s.
78           Suggested interval: 10s.
79
80       meta-data
81           Retrieves resource agent metadata (internal use only). Suggested
82           minimum timeout: 5s.
83
84       validate-all
85           Performs a validation of the resource configuration. Suggested
86           minimum timeout: 10s.
87

EXAMPLE CRM SHELL

89       The following is an example configuration for a crypt resource using
90       the crm(8) shell:
91
92           primitive p_crypt ocf:heartbeat:crypt \
93             params \
94               encrypted_dev=string \
95               crypt_dev=string \
96               key_file=string \
97               crypt_type=string \
98             op monitor timeout="20s" interval="10s" depth="0"
99

EXAMPLE PCS

101       The following is an example configuration for a crypt resource using
102       pcs(8)
103
104           pcs resource create p_crypt ocf:heartbeat:crypt \
105             encrypted_dev=string \
106             crypt_dev=string \
107             key_file=string \
108             crypt_type=string \
109             op monitor timeout="20s" interval="10s" OCF_CHECK_LEVEL="0"
110

SEE ALSO

112       http://clusterlabs.org/
113

AUTHOR

115       ClusterLabs contributors (see the resource agent source for information
116       about individual authors)
117
118
119
120resource-agents UNKNOWN           04/06/2022            OCF_HEARTBEAT_CRYPT(7)
Impressum