On Tue, Sep 26, 2017 at 9:36 AM, Yoann Moulin <yoann.moulin@xxxxxxx> wrote: > >>> ok, I don't know where I read the -o option to write the key but the file was empty I do a ">" and seems to work to list or create rbd now. >>> >>> and for what I have tested then, the good syntax is « mon 'profile rbd' osd 'profile rbd pool=rbd' » >>> >>>> In the case we give access to those rbd inside the container, how I can be sure users in each container do not have access to others rbd ? Is >>>> the namespace good to isolate each user ? >>> >>> The question about namespace is still open, if I have a namespace in the osd caps, I can't create rbd volume. How I can isolate each client to >>> only his own volumes ? >> >> Unfortunately, RBD doesn't currently support namespaces, but it's on >> our backlog. > > So if I want to separate data between each container, I need to create a pool per user (one user can have multiple containers). Definitely don't want to create a pool per user assuming you have more than a handful of users. Usually the higher level container management system handles the user separation since the end-user cannot directly access the Ceph storage system and instead the RBD image is mapped into the container. That's why RBD support for namespaces has been low-priority since there hasn't been a lot of end-user demand. > I'm gonna give a look to cephfs, it seems possible to allow access only to a subdirectory per user, could you confirm it ? Yes, I believe that is correct. > Thanks, > > Best regards, > > -- > Yoann Moulin > EPFL IC-IT > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Jason _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |