Am 16.12.2016 um 15:28 schrieb Sage Weil: > On Fri, 16 Dec 2016, Amon Ott wrote: >> How far away is TLS support or something similar for the Ceph >> connections? AFAIK, TLS support should not be hard to implement, but I >> am not too familiar with Ceph internals. > > I hope to work on the msgr2 protocol change (which will enable encryption > on the wire) during the next cycle, but I definitely can't promise it'll > happen by luminous. In the meantime, you'll need to this in the network > layer. Ok, looking forward to those changes. And we will setup a VPN infrastructure for now. > Also, note that a stretch cluster will (1) increase latency and that (2) > two is a bad number of datacenters because you won't be able to establish > a quorum if the one with the majority of mons goes down. You'll probably > want to put one or more mons in a third data center to act as an arbiter. > But in general these stretch clusters are tricky get set up in a way that > doesn't break in a failure situation so proceed with extreme caution! For the quorum we plan to have an extra mon node in a separate building containing the switches that connect everything. There is just enough space for this extra node. Thanks! Amon. -- Dr. Amon Ott m-privacy GmbH Tel: +49 30 24342334 Werner-Voß-Damm 62 Fax: +49 30 99296856 12101 Berlin http://www.m-privacy.de Amtsgericht Charlottenburg, HRB 84946 Geschäftsführer: Dipl.-Kfm. Holger Maczkowsky, Roman Maczkowsky GnuPG-Key-ID: 0x2DD3A649 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
