So you will have all of your cluster servers in the same location, but then use ceph-fuse to the cluster from clients across the Internet that are mounting a CephFS volume?
That will not work. All ceph clients need to be able to communicate with the Ceph cluster on the public_network specified in your ceph.conf file. That is because the clients will use the OSD map to know where all of the data is and get it directly from the server with the OSD that has the data. Ceph clients would include anything mapping or accessing an RBD, Anything mounting CephFS, RadosGW daemons, and anything else running Ceph commands. Any server performing any of these operations needs to be able to communicate with Ceph's public_network.
Your limitation here isn't going to be how secure the packets are, it's going to be if your client can communicate with the public_network. If you are accessing the information through a RadosGW server, then the clients can be anywhere and you access the data through the S3-like gateway and your packet security is using HTTPS for the connection. For everything else, using a VPN that properly routes access to the public_network subnet is what you will need to do for off-site client access to Ceph.
On Fri, Jun 30, 2017 at 2:57 PM Daniel Carrasco <d.carrasco@xxxxxxxxx> wrote:
Mainly fuse clients with the other (MDS, ODS and MON will be on a private network), and maybe one day I'll try to create a multi-site cluster.Greetings!!_______________________________________________El 30 jun. 2017 8:33 p. m., "David Turner" <drakonstein@xxxxxxxxx> escribió:Which part of ceph are you looking at using through the Internet? RGW, multi-site, multi-datacenter crush maps, etc?On Fri, Jun 30, 2017 at 2:28 PM Daniel Carrasco <d.carrasco@xxxxxxxxx> wrote:_______________________________________________Hello,My question is about steam security of connections between ceph services. I've read that connection is verified by private keys and signed packets, but my question is if that packets are ciphered in any way to avoid packets sniffers, because I want to know if can be used through internet without problem or I need an VPN.Thanks!!
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
