On Thu, Jan 15, 2015 at 7:07 PM, Sage Weil <sweil@xxxxxxxxxx> wrote: >> The trouble with this is admin socket part is that any tool that >> manages Ceph must use the admin socket interface as well as the normal >> over-the-network command interface, and by extension must be able to >> execute locally on a mon. We would no longer have a comprehensive >> remote management interface for the mon: management tools would have >> to run some code locally too. > > True.. if we make that option enabled by default. If we it's off by > default them it's an opt-in layer of protection. Most clusters don't have > ephemeral pools so I think lots of people would want this. +1, the problem goes away if it's opt-in, should be easy enough for API consumers to inspect the conf setting and give a nice informative error if the safety catch is engaged. I can imagine wanting to engage this ahead of plugging in a GUI or some config management recipes that you didn't quite trust yet. John -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
