-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I think if there is a way to store the tenant ID with the UID/GID, then a lot of the challenges could be resolved. On Thu, May 28, 2015 at 10:42 AM, Gregory Farnum wrote: > Right, this is basically what we're planning. The sticky bits are about > 1) dealing with clients that have access to multiple UIDs/GIDs > (because different end users are on the same host, for instance). :) I'm having trouble visualizing this. This seems to be the best option because there is no collision of UID/GIDs. If the problem is that a user on multiple boxes don't have the ability to set their UID/GID to the same thing, then that is where the client can specify which UID/GID to use. But by doing so, they can't access anything from other tenants because the tenant ID won't match on the MDS. > 2) dealing with "public cloud"-like scenarios, where you have a bunch > of tenants who are all root on their own machines and thus control > their UID space. (Right now we can't put multiple CephFS instances in > a single RADOS cluster, so the only obvious way to support this is by > giving each client their own subspace within the unified hierarchy.) Yes, the tenant ID would give each tenant to do their own thing regardless of root access to their local boxes. It creates a separate space that the MDS can enforce. >> Some tenants may want just local UID/GID >> management, others may want LDAP, Kerberos, etc. I believe Ceph should >> only be worried about "share" permissions and leave "file" permissions >> to the tenant. Ceph just needs the ability to store UID/GID and POSIX >> ACLs. > > Well that doesn't quite work — it's entirely possible you want to > share read-only files with a bunch of people that shouldn't be allowed > to write them; that lack of write ability needs to be enforced by Ceph > at the server layer! The MDS would add the tenant ID to the perms, if it doesn't match, then they can't write, only read because that is what is specified in the User caps, only the "owner" of the directory would have write access. >> The MDS could combine a tenant ID and a UID/GID to store unique >> UID/GIDs on the back end and just strip off the tenant ID when >> presented to the client so there are no collisions of UID/GIDs between >> tenants in the MDS. > > Hmm, that is another thought... > -Greg - ---------------- Robert LeBlanc GPG Fingerprint 79A2 9CA4 6CC4 45DD A904 C70E E654 3BB2 FA62 B9F1 -----BEGIN PGP SIGNATURE----- Version: Mailvelope v0.13.1 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJVZ0sFCRDmVDuy+mK58QAAOqAQAJYvWDoCK6bv6YN49ccx Ifu9P+1utGAOa9P+pE+BOGqdGWuMo++W371Iy5MkjsYU9Rli4LMwGxLjL8cs s1wNyZ0KZej8q4ibkz1wH0btdv+vcIB79NICZE1CzKCIsMX5tWb6U2T0RG0g KHhPQXFtYteRHimIUskG7VVvXyti8N0ysOUoSWDz/CXcFZEw2en9+M4jyMlr 9wqbzJzftfBpGq7FMXUaQC5t4tRTTg3mN8UPK2/SSINawwyM4QeCLHD+1+5b 1ksTAkD/weOX+IBnvRlaA9s+GsMHxi5pl7Ns2Oxb+TV3Kyx8mTI9ly28Euy+ JwKD3IyVS3ByIOfuzlaSsRwKnisaq3w1oaVeN9rAmDBK6N/CGsnGQ7ZdhcaO wlFJcW9k1RMYGA4/dc08MIDs0k2Xo3qjuJNvtIT0et97l7qtylRYno7D1Uh4 cd4v5kzH7FgmuUIFn8x5GOhnHeDR9essL7PbidqyBYh6KEgoAQPzw99OyHje rP3dlO4CmQDmB5lNj45CNFRe65kyMCbP5kMlHNWMu8NUiZo65yeXp2MX3+oB 9Vkq51Nznb3KTYqIcDTk3SCK5hKFcv55zAFvlnPLoapUeya3tsUmZn5Ui4U7 JZtzMebvtcHaITf9gZjmrST34B6D4Eqw5fydN0qsVXlVBmbbU86CkOPWVLS+ Fwa+ =AZFj -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
