Thank you Abhishek, I will take a look at Realm soon. BTW, what's your point on the multi-tenancy combined nginx rules solution?
AFAIK, Ceph's multi-tenancy feature seems like a replacement of adding prefix for user/bucket name manually. It only avoids name conflict across different tenants, but lacks the ability of real isolation of user data. What do you think?
On Fri, Dec 2, 2016 at 10:07 PM, Abhishek L <abhishek@xxxxxxxx> wrote:
piglei writes:
> Hi, I am a ceph newbie. I want to create two isolated rgw services in a single ceph cluster, the requirements:
>
> * Two radosgw will have different hosts, such as radosgw-x.site.com and radosgw-y.site.com. File uploaded to rgw-xcannot be accessed via rgw-y.
> * Isolated bucket and user namespaces is not necessary, because I could prepend term to bucket name and user name, like "x-bucket" or "y-bucket"
>
> At first I thought region and zone may be the solution, but after a little more researchs, I found that region and zone are for different geo locations, they share the same metadata (buckets and users) and objects instead of isolated copies.
>
> After that I noticed ceph's multi-tenancy feature since jewel release, which is probably what I'm looking for, here is my solution using multi-tenancy:
>
> * using two tenant called x and y, each rgw service matches one tenant.
> * Limit incoming requests to rgw in it's own tenant, which means you can only retrieve resources belongs to buckets "x:bucket" when callingradosgw-x.site.com. This can be archived by some custom nginx rules.
>
> Is this the right approach or Should I just use two different clusters instead? Looking forward to your awesome advises.
>
Since jewel, you can also consider looking into realms which sort of
provide for isolated namespaces within a zone or zonegroup.
--
Abhishek
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
