Hi, Quoting Paul Browne (pfb29@xxxxxxxxx): > On Wed, 29 Jan 2020 at 16:52, Matthew Vernon <mv3@xxxxxxxxxxxx> wrote: > > > Hi, > > > > On 29/01/2020 16:40, Paul Browne wrote: > > > > > Recently we deployed a brand new Stein cluster however, and I'm curious > > > whether the idea of pointing the new OpenStack cluster at the same RBD > > > pools for Cinder/Glance/Nova as the Luminous cluster would be considered > > > bad practice, or even potentially dangerous. > > > > I think that would be pretty risky - here we have a Ceph cluster that > > provides backing for our OpenStacks, and each OpenStack has its own set > > of pools -metrics,-images,-volumes,-vms (and its own credential). > > > > Hi Matthew, > > I think I've come around to that thinking now too. > > Despite using different keys, the 2 sets of clients in different OpenStack > clusters would require the same capabilities on the shared pools, which > widens the blast radius a bit too far for me, I think (unless there were > also a capability to restrict the sets of clients' keys to specific > namespaces within the shared pools similar to the caps given out to CephFS > clients) This is supported since Nautilus: namespace support for librbd. I do not now however if there is already support for this in qemu/libvirt/openstack. OpenNebula support is pending [1]. Gr. Stefan [1]: https://github.com/OpenNebula/one/issues/3141 -- | BIT BV https://www.bit.nl/ Kamer van Koophandel 09090351 | GPG: 0xD14839C6 +31 318 648 688 / info@xxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |