Hi all,
Due to so many reasons (political, heating problems, lack of space
aso.) we have to
plan for our ceph cluster to be hosted externaly.
The planned version to setup is reef.
Reading up on documentation we found that it was possible to run in
secure mode.
Our ceph.conf file will state both v1 and v2 addresses for mons:
mon host = [v2:4.3.2.1:3300/0,v1:4.3.2.1:6789/0]
[v2:4.3.2.2:3300/0,v1:4.3.2.2:6789/0]
[v2:4.3.2.3:3300/0,v1:4.3.2.3:6789/0]
Then changing the following configuration options to only secure:
ms_cluster_mode = secure
ms_service_mode = secure
ms_client_mode = secure
ms_mon_cluster_mode = secure
ms_mon_service_mode = secure
ms_mon_client_mode = secure
Then I remounted cephfs on the clients on our test cluster,
but still the fs would mount on ports 6789.
I thought that the above secure config change would "force"
the mount on port 3300 and v2.
Mounting with option ms_mode=secure, did the trick.
Is that the way cephfs is working that you explicit have to
specify secure mode? I thought that cephfs clients would
use the secure mode with these settings, but maybe I am wrong?
Of cause we also plan to limit the firewalls on servers so only
the specific subnet will be able to connect and mount cephfs.
From my understanding from the documenation this would be the
way to set this up with ceph exposed to internet.
Is there something that we are missing or something that would
make the setup more secure?
Many thanks in advance
Marcus
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
