I would greatly like to know what the rationale is for avoiding containers. Especially in large shops. From what I can tell, you need to use the containerized Ceph if you want to run multiple Ceph filesystems on a single host. The legacy installations only support dumping everything directly under /var/lib/ceph, so you'd have to invest a lot of effort into installing, maintaining and operating a second fsid under the legacy architecture. Plus, IBM Red Hat is a big fan of containers, so if you're a large corporation that likes IBM hand-holding, they're throwing their support in a direction contrary to the old install-directly approach, And from an IBM viewpoint, supporting containers is generally going to be easier than supporting software that's directly splattered all over the OS. And much less overhead that spinning up an entire VM. The only definite argument I've ever heard in my insular world against containers was based on security. Yet the primary security issues seemed to be more because people were pulling insecure containers from Docker repositories. I'd expect Ceph to have safeguards. Plus Ceph under RHEL 9 (and 8?) will run entirely and preferably under Podman, which allegedly is more secure, and can in fact, run containers under user accounts to allow additional security. I do that myself, although I think the mechanisms could stand some extra polishing. Tim On Sat, 2024-08-31 at 09:49 +0200, Janne Johansson wrote: > Den fre 30 aug. 2024 kl 20:43 skrev Milan Kupcevic > <milan_kupcevic@xxxxxxxxxxx>: > > > > On 8/30/24 12:38, Tim Holloway wrote: > > > I believe that the original Ansible installation process is > > > deprecated. > > > > This would be a bad news as I repeatedly hear from admins running > > large > > storage deployments that they prefer to stay away from containers. > > You have other choices than Ansible or containers. It has always been > possible to install using rpm/deb's manually, using any kind of > scripts or frameworks. The point is that the ceph people no longer > tries to make pre-made ansible scripts that work "everywhere", > because > they didn't. > > This does not prevent you in any way from avoiding containers (if > that > is what you want) but it makes you responsible for figuring out the > automation part if you need one. > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |