On 18-06-27 02:28 PM, Sage Weil wrote:
The idea is to lock an authentication key (e.g., client.foo) so that it is only usable from a specific host or network. At a minimum, it would mean modifying the MonCap to include a host field with a CIDR network/mask. For example, [client.foo] key = ... caps mon = allow profile rbd host 1.2.3.4/32 caps osd = allow profile rbd https://pad.ceph.com/p/pin_caps_to_network I see two options, one easy and one slightly harder. The first is we only add the host restriction to the mon cap, under the reasoning that if you can't get tickets from the mon then you can't talk to everyone else anyway, and if you do and then tunnel your OSD session (or whatever) through a different network who really cares. The second is that we add the host clause to OSDCap and MDSCap too, just because. Does this seems like a reasonable approach?
Usually cluster hosts have firewalls in place to prevent connections from outside of trusted networks. This also prevents - among other things - exhausting/locking out mon servers with Slowloris attacks (AFAIK there's no timeout on banner exchange/initial handshake in Ceph protocol) comming from unauthorized hosts. Knowing that, what's the value in having similar restrictions on Ceph side?
-- Piotr Dałek piotr.dalek@xxxxxxxxxxxx https://www.ovhcloud.com -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
