On Tue, Jun 12, 2018 at 4:53 AM, Wladimir Mutel <mwg@xxxxxxxxx> wrote: > Jason Dillaman wrote: > >>> One more question, how should I set profile 'rbd-read-only' >>> properly >>> ? I tried to set is for 'client.iso' on both 'iso' and 'jerasure21' >>> pools, >>> and this did not work. Set profile on both pools to 'rbd', it worked. But >>> I >>> don't want my iso imaged to be accidentally modified by virtual guests. >>> Can >>> this be solved with Ceph auth, or in some other way ? (in fact, I look >>> for >>> Ceph equivalent of 'chattr +i') > > >> QEMU doesn't currently handle the case for opening RBD images in >> read-only mode, so if you attempt to use 'profile rbd-read-only', I >> suspect attempting to open the image will fail. You could perhaps take >> a middle ground and just apply 'profile rbd-read-only pool=jerasure21' >> to protect the contents of the image. > > > For QEMU I found that profile 'rbd-read-only' currently does not > work. So, I use 'profile rbd' for both replicated and erasure pools, and > hope that 'readonly' configuration in QEMU disk would help. > In my past experience I found that running 'kvm ... -cdrom > something.iso' sometimes would modify that .iso-file, so I had to set > immutable attribute on the FS level. I opened a tracker ticket [1] to submit a patch to QEMU to support read-only images in the RBD block driver. > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com [1] http://tracker.ceph.com/issues/24506 -- Jason _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com