+ceph-devel On Wed, 10 Dec 2014, Ken Dreyer wrote: > On 12/06/2014 01:54 PM, Sage Weil wrote: > > Hi Colin, Boris, Owen, > > > > We would like to choose a statically allocated uid and gid for use by Ceph > > storage servers. The basic goals are: > > > > - run daemons as non-root (right now everything is uid 0 (runtime and > > on-disk data) and this is clearly not ideal) > > - enable hot swap of disks between storage servers > > - standardize across distros so that we can build clusters with a mix > > > > To support the hot swap, we can't use the usual uids allocated dynamically > > during package installation. Disks will completely filled with Ceph data > > files with the uid from one machine and will not be usable on another > > machine. > > > > I'm hoping we can choose a static uid/gid pair that is unused for Debian > > (and Ubuntu), Fedora (and RHEL/CentOS), and OpenSUSE/SLES. This will let > > us maintain consistency across the entire ecosystem. > > How many system users should I request from the Fedora Packaging > Committee, and what should their names be? > > For example, are ceph-mon and ceph-osd going to run under the same > non-privileged system account? Hmm, my first impulse was to make a single user and group. But it might make sense that e.g. rgw should run in a different context than ceph-osd or ceph-mon. If we go down that road, then maybe ceph-osd ceph-mon ceph-mds ceph-rgw ceph-calamari and a 'ceph' group that we can use for /var/log/ceph etc for the qemu and other librados users? Alternatively, if we just do user+group ceph, then rgw can run as www-data or apache (as it does now). Not sure what makes the most sense for ceph-calamari. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
