Re: CephFS: Future Internetworking File System?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 12, 2016 at 9:35 PM, Matthew Walster <matthew@xxxxxxxxxxx> wrote:
> I've been following Ceph (and in particular CephFS) for some time now, and
> glad to see it coming on in leaps and bounds!
>
> I've been running a small OpenAFS Cell for a while now, and it's really
> starting to show its age. I thought I'd ask whether anyone's considered
> CephFS for a similar role?
>
> As I understand it, Ceph authentication/authorization is very coarse (i.e.
> granularity down to the mount point level only) and doesn't operate any form
> of encryption between client and server, so I was wondering whether anyone
> was using a form of intermediary proxy to provide these semantics to the end
> user?

I haven't heard of anybody doing much with this *yet*. Do note that
you can do a little better than mount point; we provide server-side
checking of UIDs and GIDs now — although I suddenly see it doesn't
seem to be documented at
http://docs.ceph.com/docs/master/cephfs/client-auth/#path-restriction.
Just use an "allow uid <number>, allow gids <a> <b> <c>" bit like it
shows with paths.

We're doing sporadic spurts on enabling CephFS to work nicely through
an NFS Ganesha export as well, since that's our long-term model for
supporting OpenStack Manila. We've found a few problems around
anonymous users and things that are being worked on as well.
-Greg

>
> I was thinking perhaps of a WebDAV gateway (via radosgw or cephfs, and https
> via davfs2 for the client side) or NFSv4 (via cephfs... but obviously then
> you have to generate keytabs for the client machines, which I don't have to
> do for AFS at present) or whether this is just something that isn't anywhere
> near the front of mind for developers/users yet?
>
> I realise this is not the current intended use cases, but I'm interested in
> people's opinions, and whether anyone implements such a scheme today.
>
> Many thanks in advance,
>
> Matthew Walster
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux