Re: How to hide internal ip on ceph mount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> mount / df simply prints the monmap. It doesn't print what you added when you mounted the filesystem.
>
> Totally normal behavior.


Not true again,

df only show what IP or IPs you added when mounting, also mount

10.189.11.138:6789:/sharefs_prod/8c285b3b59a843b6aab623314288ee36  2.8P  108T  2.7P   4% /mnt/slc_cephFS_8c285b3b59a843b6aab623314288ee36
10.135.3.136:6789:/sharefs_prod/8c285b3b59a843b6aab623314288ee36   2.7P   91T  2.6P   4% /mnt/lvs_cephFS_8c285b3b59a843b6aab623314288ee36

But we do have 5/7 mons for each cluster.








2017-03-02 7:42 GMT+08:00 Xiaoxi Chen <superdebuger@xxxxxxxxx>:
>Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster.

It works to some extent, but causing issue for "mount -a". We have such deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and it works fine in terms of failover/ mount.

But, user usually automation such mount by fstab and even, "mount -a " are periodically called. With such DNS approach above, they will get mount point busy message every time. Just due to mount.ceph resolve the DNS name to another IP, and kernel client was feeling like you are trying to attach another fs...



2017-03-02 0:29 GMT+08:00 Wido den Hollander <wido@xxxxxxxx>:

> Op 1 maart 2017 om 16:57 schreef Sage Weil <sage@xxxxxxxxxxxx>:
>
>
> On Wed, 1 Mar 2017, Wido den Hollander wrote:
> > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen <superdebuger@xxxxxxxxx>:
> > >
> > >
> > > Well , I think the argument here is not all about security gain, it just
> > > NOT a user friendly way to let "df" show out 7 IPs of monitors....Much
> > > better if they seeing something like "mycephfs.mydomain.com".
> > >
> >
> > mount / df simply prints the monmap. It doesn't print what you added when you mounted the filesystem.
> >
> > Totally normal behavior.
>
> Yep.  This *could* be changed, though: modern kernels have DNS resolution
> capability.  Not sure if all distros compile it in, but if so, mount.ceph
> could first try to pass in the DNS name and only do the DNS resolution if
> the kernel can't.  And the kernel client could be updated to remember the
> DNS name and use that.  It's a bit friendlier, but imprecise, since DNS
> might change.  What does NFS do in this case? (Show an IP or a name?)
>

A "df" will show the entry as it's in the fstab file, but mount will show the IPs as well.

But Ceph is a different story here due to the monmap.

Wido

> sage
>
>
> > > And using DNS give you the flexibility of changing your monitor quorum
> > > members , without notifying end user to change their fstab entry , or
> > > whatever mount point record.
> > >
> >
> > Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster.
> >
> > Wido
> >
> > > 2017-03-01 18:46 GMT+08:00 gjprabu <gjprabu@xxxxxxxxxxxx>:
> > >
> > > > Hi Robert,
> > > >
> > > >   This container host will be provided to end user and we don't want to
> > > > expose this ip to end users.
> > > >
> > > > Regards
> > > > Prabu GJ
> > > >
> > > >
> > > > ---- On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > > > <r.sander@xxxxxxxxxxxxxxxxxxx <r.sander@xxxxxxxxxxxxxxxxxxx>>* wrote ----
> > > >
> > > > On 01.03.2017 10:54, gjprabu wrote:
> > > > > Hi,
> > > > >
> > > > > We try to use host name instead of ip address but mounted partion
> > > > > showing up address only . How show the host name instead of ip address.
> > > >
> > > > What is the security gain you try to achieve by hiding the IPs?
> > > >
> > > > Regards
> > > > --
> > > > Robert Sander
> > > > Heinlein Support GmbH
> > > > Schwedter Str. 8/9b, 10119 Berlin
> > > >
> > > > http://www.heinlein-support.de
> > > >
> > > > Tel: 030 / 405051-43
> > > > Fax: 030 / 405051-19
> > > >
> > > > Zwangsangaben lt. §35a GmbHG:
> > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > > >
> > > > _______________________________________________
> > > > ceph-users mailing list
> > > > ceph-users@xxxxxxxxxxxxxx
> > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > ceph-users mailing list
> > > > ceph-users@xxxxxxxxxxxxxx
> > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > >
> > > >
> > > _______________________________________________
> > > ceph-users mailing list
> > > ceph-users@xxxxxxxxxxxxxx
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users@xxxxxxxxxxxxxx
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> >


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux