Hi Bart,
My another 2 cents:)
On Fri, Feb 2, 2018 at 6:05 PM, Bart Van Assche <Bart.VanAssche@xxxxxxx>
wrote:
On Fri, 2018-02-02 at 15:08 +0100, Roman Pen wrote:
o Simple configuration of IBNBD:
- Server side is completely passive: volumes do not need to be
explicitly exported.
That sounds like a security hole? I think the ability to configure
whether or
not an initiator is allowed to log in is essential and also which volumes
an
initiator has access to.
Our design target for well controlled production environment, so
security is handle in other layer.
What will happen to a new adopter of the code you are contributing?
Hi Sagi, Hi Bart,
thanks for your feedback.
We considered the "storage cluster" setup, where each ibnbd client has
access to each ibnbd server. Each ibnbd server manages devices under
his "dev_search_path" and can provide access to them to any ibnbd
client in the network.
I don't understand how that helps?
On top of that Ibnbd server has an additional
"artificial" restriction, that a device can be mapped in writable-mode
by only one client at once.
I think one would still need the option to disallow readable export as
well.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html