AFAIK, the only AAA available with librados works on a pool granularity So, if you create a ceph user with access to your pool, he will get access to all the content stored in this pool If you want to use librados for your use case, you will need to implement, on your code, the application logic required for your security needs So, to answer precisely: "How can I identify a backup created by client A that I want to restore on another client Z?" You cannot, a client will get access to all the content of the pool, including others' backup (which are keys, at the rados level) "Would it be possible on client Z to identify this backup file by filename? If yes, how?" On the rados level, AFAIK, there is no metadata associated with key So you have to includes those informations on the key name (the key are what you are calling "backup", "file" etc) Regards, On 01/22/2019 10:09 PM, cmonty14 wrote: > My backup client is using librados. > I understand that defining a pool for the same application is recommended. > > However this would not answer my other questions: > How can I identify a backup created by client A that I want to restore > on another client Z? > I mean typically client A would write a backup file identified by the > filename. > Would it be possible on client Z to identify this backup file by > filename? If yes, how? > > Am Di., 22. Jan. 2019 um 15:07 Uhr schrieb <ceph@xxxxxxxxxxxxxx>: >> >> Hi, >> >> Ceph's pool are meant to let you define specific engineering rules >> and/or application (rbd, cephfs, rgw) >> They are not designed to be created in a massive fashion (see pgs etc) >> So, create a pool for each engineering ruleset, and store your data in them >> For what is left of your project, I believe you have to implement that >> on top of Ceph >> >> For instance, let say you simply create a pool, with a rbd volume in it >> You then create a filesystem on that, and map it on some server >> Finally, you can push your files on that mountpoint, using various >> Linux's user, acl or whatever : beyond that point, there is nothing more >> specific to Ceph, it is "just" a mounted filesystem >> >> Regards, >> >> On 01/22/2019 02:16 PM, cmonty14 wrote: >>> Hi, >>> >>> my use case for Ceph is providing a central backup storage. >>> This means I will backup multiple databases in Ceph storage cluster. >>> >>> This is my question: >>> What is the best practice for creating pools & images? >>> Should I create multiple pools, means one pool per database? >>> Or should I create a single pool "backup" and use namespace when writing >>> data in the pool? >>> >>> This is the security demand that should be considered: >>> DB-owner A can only modify the files that belong to A; other files >>> (owned by B, C or D) are accessible for A. >>> >>> And there's another issue: >>> How can I identify a backup created by client A that I want to restore >>> on another client Z? >>> I mean typically client A would write a backup file identified by the >>> filename. >>> Would it be possible on client Z to identify this backup file by >>> filename? If yes, how? >>> >>> >>> THX >>> _______________________________________________ >>> ceph-users mailing list >>> ceph-users@xxxxxxxxxxxxxx >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |