Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
OCF_HEARTBEAT_CRYPT(7)	      OCF resource agents	OCF_HEARTBEAT_CRYPT(7)

NAME
       ocf_heartbeat_crypt - LUKS/crypt	resource agent

SYNOPSIS

       crypt [start | stop | monitor | meta-data | validate-all]

DESCRIPTION
       This is a LUKS/crypt Resource Agent managing encrypted devices via
       cryptsetup(8). The agent	imposes	limitations on device types supported:
       luks, luks[1..N].

SUPPORTED PARAMETERS
       encrypted_dev
	   Encrypted backing device, which should be defined by	UUID, 36
	   characters including	'-'s as	reported by blkid(8).

	   Although it can be defined as a block device	path (e.g. /dev/sdh),
	   the UUID should be preferred	over the block device path to allow
	   for the unique discovery of the crypt backing device	given the
	   volatile nature of /dev entries (e.g. /dev/sdh on one node may be
	   /dev/sdg on another).

	   Only	define as block	device path if you know	what you are doing.

	   (unique, required, string, no default)

       crypt_dev
	   Encrypted device name, no path. I.e.	the one	given in "cryptsetup
	   open	name ...". The resulting block device path is
	   /dev/mapper/name.

	   (unique, required, string, no default)

       key_file
	   Key file path containing the	encryption passphrase (aka key;	see
	   cryptsetup(8)). For LUKS, the passphrase as of the key_file
	   parameter is	used to	decrypt	a randomly selected key	when the
	   device was created.

	   (required, string, no default)

       crypt_type
	   Encryption (device) type (e.g. "luks" or "luks2").

	   This	parameter affirms the encryption format	as of the crypt
	   metadata thus allowing for safety measures when starting the
	   encrypted resource.

	   (required, string, no default)

       force_stop
	   If processes	or kernel threads are using the	crypt device, it
	   cannot be stopped. We will try to stop processes, first by sending
	   TERM	and then, if that doesn't help in seconds, using KILL. The
	   lsof(8) program is required to get the list of array	users. Of
	   course, the kernel threads cannot be	stopped	this way. If the
	   processes are critical for data integrity, then set this parameter
	   to false. Note that in that case the	stop operation will fail and
	   the node will be fenced.

	   (optional, boolean, default false)

SUPPORTED ACTIONS
       This resource agent supports the	following actions (operations):

       start
	   Starts the resource.	Suggested minimum timeout: 20s.

       stop
	   Stops the resource. Suggested minimum timeout: 20s.

       monitor
	   Performs a detailed status check. Suggested minimum timeout:	20s.
	   Suggested interval: 10s.

       meta-data
	   Retrieves resource agent metadata (internal use only). Suggested
	   minimum timeout: 5s.

       validate-all
	   Performs a validation of the	resource configuration.	Suggested
	   minimum timeout: 10s.

EXAMPLE	CRM SHELL
       The following is	an example configuration for a crypt resource using
       the crm(8) shell:

	   primitive p_crypt ocf:heartbeat:crypt \
	     params \
	       encrypted_dev=string \
	       crypt_dev=string	\
	       key_file=string \
	       crypt_type=string \
	     op	monitor	timeout="20s" interval="10s" depth="0"

EXAMPLE	PCS
       The following is	an example configuration for a crypt resource using
       pcs(8)

	   pcs resource	create p_crypt ocf:heartbeat:crypt \
	     encrypted_dev=string \
	     crypt_dev=string \
	     key_file=string \
	     crypt_type=string \
	     op	monitor	timeout="20s" interval="10s" OCF_CHECK_LEVEL="0"

SEE ALSO
       http://clusterlabs.org/

AUTHOR
       ClusterLabs contributors	(see the resource agent	source for information
       about individual	authors)

resource-agents	4.13.0		  04/12/2025		OCF_HEARTBEAT_CRYPT(7)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ocf_heartbeat_crypt&sektion=7&manpath=FreeBSD+Ports+14.3.quarterly>

home | help