Re: How to hide internal ip on ceph mount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 1 Mar 2017, Wido den Hollander wrote:
> > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen <superdebuger@xxxxxxxxx>:
> > 
> > 
> > Well , I think the argument here is not all about security gain, it just
> > NOT a user friendly way to let "df" show out 7 IPs of monitors....Much
> > better if they seeing something like "mycephfs.mydomain.com".
> > 
> 
> mount / df simply prints the monmap. It doesn't print what you added when you mounted the filesystem.
> 
> Totally normal behavior.

Yep.  This *could* be changed, though: modern kernels have DNS resolution 
capability.  Not sure if all distros compile it in, but if so, mount.ceph 
could first try to pass in the DNS name and only do the DNS resolution if 
the kernel can't.  And the kernel client could be updated to remember the 
DNS name and use that.  It's a bit friendlier, but imprecise, since DNS 
might change.  What does NFS do in this case? (Show an IP or a name?)

sage


> > And using DNS give you the flexibility of changing your monitor quorum
> > members , without notifying end user to change their fstab entry , or
> > whatever mount point record.
> > 
> 
> Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster.
> 
> Wido
> 
> > 2017-03-01 18:46 GMT+08:00 gjprabu <gjprabu@xxxxxxxxxxxx>:
> > 
> > > Hi Robert,
> > >
> > >   This container host will be provided to end user and we don't want to
> > > expose this ip to end users.
> > >
> > > Regards
> > > Prabu GJ
> > >
> > >
> > > ---- On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > > <r.sander@xxxxxxxxxxxxxxxxxxx <r.sander@xxxxxxxxxxxxxxxxxxx>>* wrote ----
> > >
> > > On 01.03.2017 10:54, gjprabu wrote:
> > > > Hi,
> > > >
> > > > We try to use host name instead of ip address but mounted partion
> > > > showing up address only . How show the host name instead of ip address.
> > >
> > > What is the security gain you try to achieve by hiding the IPs?
> > >
> > > Regards
> > > --
> > > Robert Sander
> > > Heinlein Support GmbH
> > > Schwedter Str. 8/9b, 10119 Berlin
> > >
> > > http://www.heinlein-support.de
> > >
> > > Tel: 030 / 405051-43
> > > Fax: 030 / 405051-19
> > >
> > > Zwangsangaben lt. §35a GmbHG:
> > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > >
> > > _______________________________________________
> > > ceph-users mailing list
> > > ceph-users@xxxxxxxxxxxxxx
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > >
> > >
> > >
> > > _______________________________________________
> > > ceph-users mailing list
> > > ceph-users@xxxxxxxxxxxxxx
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > >
> > >
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users@xxxxxxxxxxxxxx
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> 
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux