On Wed, Jun 13, 2012 at 10:40 AM, Gregory Farnum <[email protected]> wrote: > 2) Client fencing. See http://tracker.newdream.net/issues/2531. There > is an existing "blacklist" functionality in the OSDs/OSDMap, where you
So I just managed to put into words another reason I like the key rotation more than blacklisting: blacklisting fails open, key rotation fails closed. That is, say something restart the client process, and it gets a new pid: now it has a new unique id, and the old blacklist entry no longer applies! Where as with key rotation, if you don't get a new secret, you have snowballs chance in hell of getting it going again. The other reason that came up is, blacklisting is time-expiring (I hear 24 hours currently), and I have absolutely no faith that malfunctioning clients will actually always get manual intervention by an admin within that time interval (or any other reasonable time interval, either). -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
