Re: [ceph-users] How to hide internal ip on ceph mount
On Thu, Mar 2, 2017 at 5:01 PM, Xiaoxi Chenwrote: > 2017-03-02 23:25 GMT+08:00 Ilya Dryomov : >> On Thu, Mar 2, 2017 at 1:06 AM, Sage Weil wrote: >>> On Thu, 2 Mar 2017, Xiaoxi Chen wrote: >Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster. It works to some extent, but causing issue for "mount -a". We have such deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and it works fine in terms of failover/ mount. But, user usually automation such mount by fstab and even, "mount -a " are periodically called. With such DNS approach above, they will get mount point busy message every time. Just due to mount.ceph resolve the DNS name to another IP, and kernel client was feeling like you are trying to attach another fs... >>> >>> The kernel client is (should be!) smart enough to tell that it is the same >>> mount point and will share the superblock. If you see a problem here it's >>> a bug. >> >> I think -EBUSY actually points out that the sharing code is working. >> >> The DNS name in fstab doesn't match the IPs it resolves to, so "mount >> -a" attempts to mount. The kernel client tells that it's the same fs >> and returns the existing super to the VFS. The VFS refuses the same >> super on the same mount point... > > True, > root@lvspuppetmaster-ng2-1209253:/mnt# mount -a > mount error 16 = Device or resource busy > > Do we have any chane to make dynamic works(i.e suppress the -EBUSY > for this case) for old kernel? No, probably not. mount.ceph resolves DNS names, so you end up with IPs in /proc/mounts which trick "mount -a" into attempting the mount. Currently there is no way to tell mount.ceph to not resolve, and even if there was, the in-kernel DNS resolver is disabled -- you'd need to rebuild libceph and ceph kernel modules to enable it. In your case -EBUSY most likely means that the filesystem is already mounted, so it should be safe to ignore. Thanks, Ilya ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
2017-03-02 23:25 GMT+08:00 Ilya Dryomov: > On Thu, Mar 2, 2017 at 1:06 AM, Sage Weil wrote: >> On Thu, 2 Mar 2017, Xiaoxi Chen wrote: >>> >Still applies. Just create a Round Robin DNS record. The clients will >>> obtain a new monmap while they are connected to the cluster. >>> It works to some extent, but causing issue for "mount -a". We have such >>> deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and >>> it works fine in terms of failover/ mount. >>> >>> But, user usually automation such mount by fstab and even, "mount -a " are >>> periodically called. With such DNS approach above, they will get mount point >>> busy message every time. Just due to mount.ceph resolve the DNS name to >>> another IP, and kernel client was feeling like you are trying to attach >>> another fs... >> >> The kernel client is (should be!) smart enough to tell that it is the same >> mount point and will share the superblock. If you see a problem here it's >> a bug. > > I think -EBUSY actually points out that the sharing code is working. > > The DNS name in fstab doesn't match the IPs it resolves to, so "mount > -a" attempts to mount. The kernel client tells that it's the same fs > and returns the existing super to the VFS. The VFS refuses the same > super on the same mount point... True, root@lvspuppetmaster-ng2-1209253:/mnt# mount -a mount error 16 = Device or resource busy Do we have any chane to make dynamic works(i.e suppress the -EBUSY for this case) for old kernel? > > We should look into enabling the in-kernel DNS resolver. Thanks for explaination, looking forward :) > > Thanks, > > Ilya ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
On Thu, Mar 2, 2017 at 1:06 AM, Sage Weilwrote: > On Thu, 2 Mar 2017, Xiaoxi Chen wrote: >> >Still applies. Just create a Round Robin DNS record. The clients will >> obtain a new monmap while they are connected to the cluster. >> It works to some extent, but causing issue for "mount -a". We have such >> deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and >> it works fine in terms of failover/ mount. >> >> But, user usually automation such mount by fstab and even, "mount -a " are >> periodically called. With such DNS approach above, they will get mount point >> busy message every time. Just due to mount.ceph resolve the DNS name to >> another IP, and kernel client was feeling like you are trying to attach >> another fs... > > The kernel client is (should be!) smart enough to tell that it is the same > mount point and will share the superblock. If you see a problem here it's > a bug. I think -EBUSY actually points out that the sharing code is working. The DNS name in fstab doesn't match the IPs it resolves to, so "mount -a" attempts to mount. The kernel client tells that it's the same fs and returns the existing super to the VFS. The VFS refuses the same super on the same mount point... We should look into enabling the in-kernel DNS resolver. Thanks, Ilya ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
On Thu, 2 Mar 2017, Xiaoxi Chen wrote: > >Still applies. Just create a Round Robin DNS record. The clients will > obtain a new monmap while they are connected to the cluster. > It works to some extent, but causing issue for "mount -a". We have such > deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and > it works fine in terms of failover/ mount. > > But, user usually automation such mount by fstab and even, "mount -a " are > periodically called. With such DNS approach above, they will get mount point > busy message every time. Just due to mount.ceph resolve the DNS name to > another IP, and kernel client was feeling like you are trying to attach > another fs... The kernel client is (should be!) smart enough to tell that it is the same mount point and will share the superblock. If you see a problem here it's a bug. sage > > > 2017-03-02 0:29 GMT+08:00 Wido den Hollander: > > > Op 1 maart 2017 om 16:57 schreef Sage Weil > : > > > > > > On Wed, 1 Mar 2017, Wido den Hollander wrote: > > > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen > : > > > > > > > > > > > > Well , I think the argument here is not all about security > gain, it just > > > > NOT a user friendly way to let "df" show out 7 IPs of > monitorsMuch > > > > better if they seeing something like > "mycephfs.mydomain.com". > > > > > > > > > > mount / df simply prints the monmap. It doesn't print what > you added when you mounted the filesystem. > > > > > > Totally normal behavior. > > > > Yep. This *could* be changed, though: modern kernels have DNS > resolution > > capability. Not sure if all distros compile it in, but if so, > mount.ceph > > could first try to pass in the DNS name and only do the DNS > resolution if > > the kernel can't. And the kernel client could be updated to > remember the > > DNS name and use that. It's a bit friendlier, but imprecise, > since DNS > > might change. What does NFS do in this case? (Show an IP or a > name?) > > > > A "df" will show the entry as it's in the fstab file, but mount > will show the IPs as well. > > But Ceph is a different story here due to the monmap. > > Wido > > > sage > > > > > > > > And using DNS give you the flexibility of changing your > monitor quorum > > > > members , without notifying end user to change their fstab > entry , or > > > > whatever mount point record. > > > > > > > > > > Still applies. Just create a Round Robin DNS record. The > clients will obtain a new monmap while they are connected to the > cluster. > > > > > > Wido > > > > > > > 2017-03-01 18:46 GMT+08:00 gjprabu : > > > > > > > > > Hi Robert, > > > > > > > > > > This container host will be provided to end user and > we don't want to > > > > > expose this ip to end users. > > > > > > > > > > Regards > > > > > Prabu GJ > > > > > > > > > > > > > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > > > > > >* wrote > > > > > > > > > > On 01.03.2017 10:54, gjprabu wrote: > > > > > > Hi, > > > > > > > > > > > > We try to use host name instead of ip address but > mounted partion > > > > > > showing up address only . How show the host name > instead of ip address. > > > > > > > > > > What is the security gain you try to achieve by hiding > the IPs? > > > > > > > > > > Regards > > > > > -- > > > > > Robert Sander > > > > > Heinlein Support GmbH > > > > > Schwedter Str. 8/9b, 10119 Berlin > > > > > > > > > > http://www.heinlein-support.de > > > > > > > > > > Tel: 030 / 405051-43 > > > > > Fax: 030 / 405051-19 > > > > > > > > > > Zwangsangaben lt. §35a GmbHG: > > > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > > > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > > > > > > > > ___ > > > > > ceph-users mailing list > > > > > ceph-users@lists.ceph.com > > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > > > > > > > > > ___ > > > > > ceph-users mailing list > > > > > ceph-users@lists.ceph.com > > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > > > ___ > > > >
Re: [ceph-users] How to hide internal ip on ceph mount
>Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster. It works to some extent, but causing issue for "mount -a". We have such deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and it works fine in terms of failover/ mount. But, user usually automation such mount by fstab and even, "mount -a " are periodically called. With such DNS approach above, they will get mount point busy message every time. Just due to mount.ceph resolve the DNS name to another IP, and kernel client was feeling like you are trying to attach another fs... 2017-03-02 0:29 GMT+08:00 Wido den Hollander: > > > Op 1 maart 2017 om 16:57 schreef Sage Weil : > > > > > > On Wed, 1 Mar 2017, Wido den Hollander wrote: > > > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen >: > > > > > > > > > > > > Well , I think the argument here is not all about security gain, it > just > > > > NOT a user friendly way to let "df" show out 7 IPs of > monitorsMuch > > > > better if they seeing something like "mycephfs.mydomain.com". > > > > > > > > > > mount / df simply prints the monmap. It doesn't print what you added > when you mounted the filesystem. > > > > > > Totally normal behavior. > > > > Yep. This *could* be changed, though: modern kernels have DNS resolution > > capability. Not sure if all distros compile it in, but if so, mount.ceph > > could first try to pass in the DNS name and only do the DNS resolution if > > the kernel can't. And the kernel client could be updated to remember the > > DNS name and use that. It's a bit friendlier, but imprecise, since DNS > > might change. What does NFS do in this case? (Show an IP or a name?) > > > > A "df" will show the entry as it's in the fstab file, but mount will show > the IPs as well. > > But Ceph is a different story here due to the monmap. > > Wido > > > sage > > > > > > > > And using DNS give you the flexibility of changing your monitor > quorum > > > > members , without notifying end user to change their fstab entry , or > > > > whatever mount point record. > > > > > > > > > > Still applies. Just create a Round Robin DNS record. The clients will > obtain a new monmap while they are connected to the cluster. > > > > > > Wido > > > > > > > 2017-03-01 18:46 GMT+08:00 gjprabu : > > > > > > > > > Hi Robert, > > > > > > > > > > This container host will be provided to end user and we don't > want to > > > > > expose this ip to end users. > > > > > > > > > > Regards > > > > > Prabu GJ > > > > > > > > > > > > > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > > > > > >* > wrote > > > > > > > > > > On 01.03.2017 10:54, gjprabu wrote: > > > > > > Hi, > > > > > > > > > > > > We try to use host name instead of ip address but mounted partion > > > > > > showing up address only . How show the host name instead of ip > address. > > > > > > > > > > What is the security gain you try to achieve by hiding the IPs? > > > > > > > > > > Regards > > > > > -- > > > > > Robert Sander > > > > > Heinlein Support GmbH > > > > > Schwedter Str. 8/9b, 10119 Berlin > > > > > > > > > > http://www.heinlein-support.de > > > > > > > > > > Tel: 030 / 405051-43 > > > > > Fax: 030 / 405051-19 > > > > > > > > > > Zwangsangaben lt. §35a GmbHG: > > > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > > > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > > > > > > > > ___ > > > > > ceph-users mailing list > > > > > ceph-users@lists.ceph.com > > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > > > > > > > > > ___ > > > > > ceph-users mailing list > > > > > ceph-users@lists.ceph.com > > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > > > ___ > > > > ceph-users mailing list > > > > ceph-users@lists.ceph.com > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > ___ > > > ceph-users mailing list > > > ceph-users@lists.ceph.com > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
> Op 1 maart 2017 om 16:57 schreef Sage Weil: > > > On Wed, 1 Mar 2017, Wido den Hollander wrote: > > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen : > > > > > > > > > Well , I think the argument here is not all about security gain, it just > > > NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch > > > better if they seeing something like "mycephfs.mydomain.com". > > > > > > > mount / df simply prints the monmap. It doesn't print what you added when > > you mounted the filesystem. > > > > Totally normal behavior. > > Yep. This *could* be changed, though: modern kernels have DNS resolution > capability. Not sure if all distros compile it in, but if so, mount.ceph > could first try to pass in the DNS name and only do the DNS resolution if > the kernel can't. And the kernel client could be updated to remember the > DNS name and use that. It's a bit friendlier, but imprecise, since DNS > might change. What does NFS do in this case? (Show an IP or a name?) > A "df" will show the entry as it's in the fstab file, but mount will show the IPs as well. But Ceph is a different story here due to the monmap. Wido > sage > > > > > And using DNS give you the flexibility of changing your monitor quorum > > > members , without notifying end user to change their fstab entry , or > > > whatever mount point record. > > > > > > > Still applies. Just create a Round Robin DNS record. The clients will > > obtain a new monmap while they are connected to the cluster. > > > > Wido > > > > > 2017-03-01 18:46 GMT+08:00 gjprabu : > > > > > > > Hi Robert, > > > > > > > > This container host will be provided to end user and we don't want to > > > > expose this ip to end users. > > > > > > > > Regards > > > > Prabu GJ > > > > > > > > > > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > > > > >* wrote > > > > > > > > > > > > On 01.03.2017 10:54, gjprabu wrote: > > > > > Hi, > > > > > > > > > > We try to use host name instead of ip address but mounted partion > > > > > showing up address only . How show the host name instead of ip > > > > > address. > > > > > > > > What is the security gain you try to achieve by hiding the IPs? > > > > > > > > Regards > > > > -- > > > > Robert Sander > > > > Heinlein Support GmbH > > > > Schwedter Str. 8/9b, 10119 Berlin > > > > > > > > http://www.heinlein-support.de > > > > > > > > Tel: 030 / 405051-43 > > > > Fax: 030 / 405051-19 > > > > > > > > Zwangsangaben lt. §35a GmbHG: > > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > > > > > > ___ > > > > ceph-users mailing list > > > > ceph-users@lists.ceph.com > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > > > > > ___ > > > > ceph-users mailing list > > > > ceph-users@lists.ceph.com > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > ___ > > > ceph-users mailing list > > > ceph-users@lists.ceph.com > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > ___ > > ceph-users mailing list > > ceph-users@lists.ceph.com > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
On Wed, 1 Mar 2017, Wido den Hollander wrote: > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen: > > > > > > Well , I think the argument here is not all about security gain, it just > > NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch > > better if they seeing something like "mycephfs.mydomain.com". > > > > mount / df simply prints the monmap. It doesn't print what you added when you > mounted the filesystem. > > Totally normal behavior. Yep. This *could* be changed, though: modern kernels have DNS resolution capability. Not sure if all distros compile it in, but if so, mount.ceph could first try to pass in the DNS name and only do the DNS resolution if the kernel can't. And the kernel client could be updated to remember the DNS name and use that. It's a bit friendlier, but imprecise, since DNS might change. What does NFS do in this case? (Show an IP or a name?) sage > > And using DNS give you the flexibility of changing your monitor quorum > > members , without notifying end user to change their fstab entry , or > > whatever mount point record. > > > > Still applies. Just create a Round Robin DNS record. The clients will obtain > a new monmap while they are connected to the cluster. > > Wido > > > 2017-03-01 18:46 GMT+08:00 gjprabu : > > > > > Hi Robert, > > > > > > This container host will be provided to end user and we don't want to > > > expose this ip to end users. > > > > > > Regards > > > Prabu GJ > > > > > > > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > > > >* wrote > > > > > > On 01.03.2017 10:54, gjprabu wrote: > > > > Hi, > > > > > > > > We try to use host name instead of ip address but mounted partion > > > > showing up address only . How show the host name instead of ip address. > > > > > > What is the security gain you try to achieve by hiding the IPs? > > > > > > Regards > > > -- > > > Robert Sander > > > Heinlein Support GmbH > > > Schwedter Str. 8/9b, 10119 Berlin > > > > > > http://www.heinlein-support.de > > > > > > Tel: 030 / 405051-43 > > > Fax: 030 / 405051-19 > > > > > > Zwangsangaben lt. §35a GmbHG: > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > > > > ___ > > > ceph-users mailing list > > > ceph-users@lists.ceph.com > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > > > > > ___ > > > ceph-users mailing list > > > ceph-users@lists.ceph.com > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > ___ > > ceph-users mailing list > > ceph-users@lists.ceph.com > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
> Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen: > > > Well , I think the argument here is not all about security gain, it just > NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch > better if they seeing something like "mycephfs.mydomain.com". > mount / df simply prints the monmap. It doesn't print what you added when you mounted the filesystem. Totally normal behavior. > And using DNS give you the flexibility of changing your monitor quorum > members , without notifying end user to change their fstab entry , or > whatever mount point record. > Still applies. Just create a Round Robin DNS record. The clients will obtain a new monmap while they are connected to the cluster. Wido > 2017-03-01 18:46 GMT+08:00 gjprabu : > > > Hi Robert, > > > > This container host will be provided to end user and we don't want to > > expose this ip to end users. > > > > Regards > > Prabu GJ > > > > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > > >* wrote > > > > On 01.03.2017 10:54, gjprabu wrote: > > > Hi, > > > > > > We try to use host name instead of ip address but mounted partion > > > showing up address only . How show the host name instead of ip address. > > > > What is the security gain you try to achieve by hiding the IPs? > > > > Regards > > -- > > Robert Sander > > Heinlein Support GmbH > > Schwedter Str. 8/9b, 10119 Berlin > > > > http://www.heinlein-support.de > > > > Tel: 030 / 405051-43 > > Fax: 030 / 405051-19 > > > > Zwangsangaben lt. §35a GmbHG: > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > > ___ > > ceph-users mailing list > > ceph-users@lists.ceph.com > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > ___ > > ceph-users mailing list > > ceph-users@lists.ceph.com > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
Well , I think the argument here is not all about security gain, it just NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch better if they seeing something like "mycephfs.mydomain.com". And using DNS give you the flexibility of changing your monitor quorum members , without notifying end user to change their fstab entry , or whatever mount point record. 2017-03-01 18:46 GMT+08:00 gjprabu: > Hi Robert, > > This container host will be provided to end user and we don't want to > expose this ip to end users. > > Regards > Prabu GJ > > > On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander > >* wrote > > On 01.03.2017 10:54, gjprabu wrote: > > Hi, > > > > We try to use host name instead of ip address but mounted partion > > showing up address only . How show the host name instead of ip address. > > What is the security gain you try to achieve by hiding the IPs? > > Regards > -- > Robert Sander > Heinlein Support GmbH > Schwedter Str. 8/9b, 10119 Berlin > > http://www.heinlein-support.de > > Tel: 030 / 405051-43 > Fax: 030 / 405051-19 > > Zwangsangaben lt. §35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
Hi Robert, This container host will be provided to end user and we don't want to expose this ip to end users. Regards Prabu GJ On Wed, 01 Mar 2017 16:03:49 +0530 Robert Sander r.san...@heinlein-support.de wrote On 01.03.2017 10:54, gjprabu wrote: Hi, We try to use host name instead of ip address but mounted partion showing up address only . How show the host name instead of ip address. What is the security gain you try to achieve by hiding the IPs? Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
On 01.03.2017 10:54, gjprabu wrote: > Hi, > > We try to use host name instead of ip address but mounted partion > showing up address only . How show the host name instead of ip address. What is the security gain you try to achieve by hiding the IPs? Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin signature.asc Description: OpenPGP digital signature ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
Hi Robert, As per my understand whichever partion it has that will be replicated from base machine to docker container. My only concern is instead of ip how to show the dns name. Regards Prabu On Tue, 28 Feb 2017 13:44:30 +0530 r.san...@heinlein-support.de wrote On 28.02.2017 07:19, gjprabu wrote: > How to hide internal ip address on cephfs mounting. Due to > security reason we need to hide ip address. Also we are running docker > container in the base machine and which will shown the partition details > over there. Kindly let us know is there any solution for this. > > 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ > ceph 6.4T 2.0T 4.5T 31% /home/ If this is needed as a "security measure" you should not mount CephFS on this host in the first place. Only mount CephFS on hosts you trust (especially the root user) as the Filesystem uses the local accounts for access control. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
Hi, We try to use host name instead of ip address but mounted partion showing up address only . How show the host name instead of ip address. On Wed, 01 Mar 2017 07:43:17 +0530 superdebu...@gmail.com wrote We do try to use DNS to hide the IP and achieve kinds of HA, but failed. mount.ceph will resolve whatever you provide, to IP address, and pass it to kernel. 2017-02-28 16:14 GMT+08:00 Robert Sander: On 28.02.2017 07:19, gjprabu wrote: > How to hide internal ip address on cephfs mounting. Due to > security reason we need to hide ip address. Also we are running docker > container in the base machine and which will shown the partition details > over there. Kindly let us know is there any solution for this. > > 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ > ceph 6.4T 2.0T 4.5T 31% /home/ If this is needed as a "security measure" you should not mount CephFS on this host in the first place. Only mount CephFS on hosts you trust (especially the root user) as the Filesystem uses the local accounts for access control. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
We do try to use DNS to hide the IP and achieve kinds of HA, but failed. mount.ceph will resolve whatever you provide, to IP address, and pass it to kernel. 2017-02-28 16:14 GMT+08:00 Robert Sander: > On 28.02.2017 07:19, gjprabu wrote: > > > How to hide internal ip address on cephfs mounting. Due to > > security reason we need to hide ip address. Also we are running docker > > container in the base machine and which will shown the partition details > > over there. Kindly let us know is there any solution for this. > > > > 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ > > ceph 6.4T 2.0T 4.5T 31% /home/ > > If this is needed as a "security measure" you should not mount CephFS on > this host in the first place. > > Only mount CephFS on hosts you trust (especially the root user) as the > Filesystem uses the local accounts for access control. > > Regards > -- > Robert Sander > Heinlein Support GmbH > Schwedter Str. 8/9b, 10119 Berlin > > http://www.heinlein-support.de > > Tel: 030 / 405051-43 > Fax: 030 / 405051-19 > > Zwangsangaben lt. §35a GmbHG: > HRB 93818 B / Amtsgericht Berlin-Charlottenburg, > Geschäftsführer: Peer Heinlein -- Sitz: Berlin > > > ___ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Re: [ceph-users] How to hide internal ip on ceph mount
On 28.02.2017 07:19, gjprabu wrote: > How to hide internal ip address on cephfs mounting. Due to > security reason we need to hide ip address. Also we are running docker > container in the base machine and which will shown the partition details > over there. Kindly let us know is there any solution for this. > > 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ > ceph 6.4T 2.0T 4.5T 31% /home/ If this is needed as a "security measure" you should not mount CephFS on this host in the first place. Only mount CephFS on hosts you trust (especially the root user) as the Filesystem uses the local accounts for access control. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin signature.asc Description: OpenPGP digital signature ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[ceph-users] How to hide internal ip on ceph mount
Hi Team, How to hide internal ip address on cephfs mounting. Due to security reason we need to hide ip address. Also we are running docker container in the base machine and which will shown the partition details over there. Kindly let us know is there any solution for this. 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ ceph 6.4T 2.0T 4.5T 31% /home/ ___ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com