Am 03.03.2015 um 19:31 schrieb Deepak Shetty: [...] >> For us security is very critical, as the performance is too. The >> first solution via ganesha is not what we prefer (to use CephFS >> via p9 and NFS would not perform that well I guess). The second >> solution, to use CephFS directly to the VM would be a bad >> solution from the security point of view since we can't expose >> the Ceph public network directly to the VMs to prevent all the >> security issues we discussed already. >> > > Is there any place the security issues are captured for the case > where VMs access CephFS directly ? No there isn't any place and this is the issue for us. > I was curious to understand. IIUC Neutron provides private and > public networks and for VMs to access external CephFS network, the > tenant private network needs to be bridged/routed to the external > provider network and there are ways neturon achives it. > > Are you saying that this approach of neutron is insecure ? I don't say neutron itself is insecure. The problem is: we don't want any VM to get access to the ceph public network at all since this would mean access to all MON, OSDs and MDS daemons. If a tenant VM has access to the ceph public net, which is needed to use/mount native cephfs in this VM, one critical issue would be: the client can attack any ceph component via this network. Maybe I misses something, but routing doesn't change this fact. Danny -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
