Den mån 7 nov. 2022 kl 13:04 skrev Sagittarius-A Black Hole <nigratruo@xxxxxxxxx>: > I'm using the Tailscale VPN, which is based on wireguard and want to > make the Ceph cluster available offsite. > Now I have seen that ceph does not bind the mon to the tailscale > interface, so it is not available over it. Nmap shows the ceph port > 6789 not present via Tailscale. But if you set up your tunnels correctly, it should still be reachable via its interface that is on what your ceph.confs have for "public network". Since this network is needed to do any ceph client actions at all, it would presumably be routed over the tunnel and hence the offsite client should talk to the same ip/port as any local ceph clients would. > I have two separate networks on the cluster: the cluster internal > network just for the Ceph nodes and the public / client network, which > is physically separate. > How can I add the VPN interface to Ceph to bind to for client mount requests? While I don't think this is necessary (nor a good idea), the ceph mons will bind to an interface whose IP is inside the network range of the public network in the ceph.conf, so that would be the first step. Also, I would guess it doesn't bind to interfaces who do not exist or at least is not up when ceph-mon starts, so that is a second part. But do mind that ceph only needs basic ip connectivity which can be over zero, one or many router hops or tunnels, so it is not important for the ceph mon to listen to the inner wg interface, if you have configured your tunnel correctly. -- May the most significant bit of your life be positive. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx