On Saturday, December 6, 2014, Sage Weil <sweil@xxxxxxxxxx> wrote:
While we are on the subject of init systems and packaging, I would *love*
to fix things up for hammer to
- create a ceph user and group
- add various users to ceph group (like qemu or kvm user and
apache/www-data?)
Maybe a calamari user too
- fix permissions on /var/log/ceph and /var/run/ceph (770?) so that qemu
and rgw can write logs and asok files there
Yes
- make daemons run as ceph user instead of root
I think this is the right approach
The main hangup is with that last one. As I understand it, when packages
create users, they get a semi-random UID assigned. That means that all
the data on a ceph-osd disk would have a semi-random UID. If it were
hot-swapped into another host, the uid would be wrong. Is there a way
use a fixed uid?
There's no guarantee that any given uid will be available across any two unix systems. You could pick 6789 or something uncommon, but I'm sure someone somewhere is using any given uid.
I would take the approach that the uid shouldn't matter. Add a standard tool to assist with osd hot swaps that would change the file permissions on the new osd disk. I think the osd hot swap process requires some manual intervention anyway. The only downside is the tool would need to be run with root permissions.
I haven't tried moving an osd disk from one node to another. Can someone describe the process?
Also on the roadmap is defining proper selinux policies so that these
dameons are confined into the appropriate directories etc., but I imagine
running as non-root is a big help (or even prerequisite?) to making that
happen?
Suggestions or comments? Or volunteers? We haven't had time to look at
this yet but I think it's important!
sage
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
