|
Hi, I have to "open" our CEPH cluster for some clients, that only support kernel rbd. In general that's no problem and works just fine (verified in our test-cluster ;-) ). I then tried to map images from our production cluster and failed: rbd: add failed: (95) Operation not supported After some testing and comparing test and production cluster, it turned out that the config option, that hinders the kernel to map the image is cephx require signatures = true If I read the documentation (http://ceph.com/docs/master/rados/operations/authentication/#backward-compatibility) correctly that flag is recommended, which leads to two questions: 1. When will cephx signatures make it to kernel rbd (it's not there till at least 3.12.0 and I've found no reference in the changelogs of subsequent versions) ? 2. As I have to assess the risk when disabling cephx signatures, do you have some estimations how probable a "real life" attack is, ie. are there real threats for the whole infrastructure or is it "just" possible to disturb the communication of exactly that client in whose communication malicious messages are forced ? Thanks a lot for your help, best regards, Kurt PS.: If my conclusion is correct, maybe that should be mentioned somewhere at http://ceph.com/docs/master/rbd/rbd-ko/ --
Kurt Bauer <kurt.bauer@xxxxxxxxxxxx> Vienna University Computer Center - ACOnet - VIX Universitaetsstrasse 7, A-1010 Vienna, Austria, Europe Tel: ++43 1 4277 - 14070 (Fax: - 814070) KB1970-RIPE |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
