Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-02 Thread Ilya Dryomov 
On Thu, Mar 2, 2017 at 5:01 PM, Xiaoxi Chen  wrote:
> 2017-03-02 23:25 GMT+08:00 Ilya Dryomov :
>> On Thu, Mar 2, 2017 at 1:06 AM, Sage Weil  wrote:
>>> On Thu, 2 Mar 2017, Xiaoxi Chen wrote:
 >Still applies. Just create a Round Robin DNS record. The clients will
 obtain a new monmap while they are connected to the cluster.
 It works to some extent, but causing issue for "mount -a". We have such
 deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and
 it works fine in terms of failover/ mount.

 But, user usually automation such mount by fstab and even, "mount -a " are
 periodically called. With such DNS approach above, they will get mount 
 point
 busy message every time. Just due to mount.ceph resolve the DNS name to
 another IP, and kernel client was feeling like you are trying to attach
 another fs...
>>>
>>> The kernel client is (should be!) smart enough to tell that it is the same
>>> mount point and will share the superblock.  If you see a problem here it's
>>> a bug.
>>
>> I think -EBUSY actually points out that the sharing code is working.
>>
>> The DNS name in fstab doesn't match the IPs it resolves to, so "mount
>> -a" attempts to mount.  The kernel client tells that it's the same fs
>> and returns the existing super to the VFS.  The VFS refuses the same
>> super on the same mount point...
>
> True,
> root@lvspuppetmaster-ng2-1209253:/mnt# mount -a
> mount error 16 = Device or resource busy
>
> Do  we have any chane to make dynamic works(i.e suppress the -EBUSY
> for this case) for old kernel?

No, probably not.  mount.ceph resolves DNS names, so you end up with
IPs in /proc/mounts which trick "mount -a" into attempting the mount.
Currently there is no way to tell mount.ceph to not resolve, and even
if there was, the in-kernel DNS resolver is disabled -- you'd need to
rebuild libceph and ceph kernel modules to enable it.

In your case -EBUSY most likely means that the filesystem is already
mounted, so it should be safe to ignore.

Thanks,

Ilya
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-02 Thread Xiaoxi Chen 
2017-03-02 23:25 GMT+08:00 Ilya Dryomov :
> On Thu, Mar 2, 2017 at 1:06 AM, Sage Weil  wrote:
>> On Thu, 2 Mar 2017, Xiaoxi Chen wrote:
>>> >Still applies. Just create a Round Robin DNS record. The clients will
>>> obtain a new monmap while they are connected to the cluster.
>>> It works to some extent, but causing issue for "mount -a". We have such
>>> deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and
>>> it works fine in terms of failover/ mount.
>>>
>>> But, user usually automation such mount by fstab and even, "mount -a " are
>>> periodically called. With such DNS approach above, they will get mount point
>>> busy message every time. Just due to mount.ceph resolve the DNS name to
>>> another IP, and kernel client was feeling like you are trying to attach
>>> another fs...
>>
>> The kernel client is (should be!) smart enough to tell that it is the same
>> mount point and will share the superblock.  If you see a problem here it's
>> a bug.
>
> I think -EBUSY actually points out that the sharing code is working.
>
> The DNS name in fstab doesn't match the IPs it resolves to, so "mount
> -a" attempts to mount.  The kernel client tells that it's the same fs
> and returns the existing super to the VFS.  The VFS refuses the same
> super on the same mount point...

True,
root@lvspuppetmaster-ng2-1209253:/mnt# mount -a
mount error 16 = Device or resource busy

Do  we have any chane to make dynamic works(i.e suppress the -EBUSY
for this case) for old kernel?
>
> We should look into enabling the in-kernel DNS resolver.

Thanks for explaination,  looking forward :)
>
> Thanks,
>
> Ilya
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-02 Thread Ilya Dryomov 
On Thu, Mar 2, 2017 at 1:06 AM, Sage Weil  wrote:
> On Thu, 2 Mar 2017, Xiaoxi Chen wrote:
>> >Still applies. Just create a Round Robin DNS record. The clients will
>> obtain a new monmap while they are connected to the cluster.
>> It works to some extent, but causing issue for "mount -a". We have such
>> deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and
>> it works fine in terms of failover/ mount.
>>
>> But, user usually automation such mount by fstab and even, "mount -a " are
>> periodically called. With such DNS approach above, they will get mount point
>> busy message every time. Just due to mount.ceph resolve the DNS name to
>> another IP, and kernel client was feeling like you are trying to attach
>> another fs...
>
> The kernel client is (should be!) smart enough to tell that it is the same
> mount point and will share the superblock.  If you see a problem here it's
> a bug.

I think -EBUSY actually points out that the sharing code is working.

The DNS name in fstab doesn't match the IPs it resolves to, so "mount
-a" attempts to mount.  The kernel client tells that it's the same fs
and returns the existing super to the VFS.  The VFS refuses the same
super on the same mount point...

We should look into enabling the in-kernel DNS resolver.

Thanks,

Ilya
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Sage Weil 
On Thu, 2 Mar 2017, Xiaoxi Chen wrote:
> >Still applies. Just create a Round Robin DNS record. The clients will
> obtain a new monmap while they are connected to the cluster.
> It works to some extent, but causing issue for "mount -a". We have such
> deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and
> it works fine in terms of failover/ mount.
> 
> But, user usually automation such mount by fstab and even, "mount -a " are
> periodically called. With such DNS approach above, they will get mount point
> busy message every time. Just due to mount.ceph resolve the DNS name to
> another IP, and kernel client was feeling like you are trying to attach
> another fs...

The kernel client is (should be!) smart enough to tell that it is the same 
mount point and will share the superblock.  If you see a problem here it's 
a bug.

sage


> 
> 
> 2017-03-02 0:29 GMT+08:00 Wido den Hollander :
> 
>   > Op 1 maart 2017 om 16:57 schreef Sage Weil
>   :
>   >
>   >
>   > On Wed, 1 Mar 2017, Wido den Hollander wrote:
>   > > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen
>   :
>   > > >
>   > > >
>   > > > Well , I think the argument here is not all about security
>   gain, it just
>   > > > NOT a user friendly way to let "df" show out 7 IPs of
>   monitorsMuch
>   > > > better if they seeing something like
>   "mycephfs.mydomain.com".
>   > > >
>   > >
>   > > mount / df simply prints the monmap. It doesn't print what
>   you added when you mounted the filesystem.
>   > >
>   > > Totally normal behavior.
>   >
>   > Yep.  This *could* be changed, though: modern kernels have DNS
>   resolution
>   > capability.  Not sure if all distros compile it in, but if so,
>   mount.ceph
>   > could first try to pass in the DNS name and only do the DNS
>   resolution if
>   > the kernel can't.  And the kernel client could be updated to
>   remember the
>   > DNS name and use that.  It's a bit friendlier, but imprecise,
>   since DNS
>   > might change.  What does NFS do in this case? (Show an IP or a
>   name?)
>   >
> 
>   A "df" will show the entry as it's in the fstab file, but mount
>   will show the IPs as well.
> 
>   But Ceph is a different story here due to the monmap.
> 
>   Wido
> 
>   > sage
>   >
>   >
>   > > > And using DNS give you the flexibility of changing your
>   monitor quorum
>   > > > members , without notifying end user to change their fstab
>   entry , or
>   > > > whatever mount point record.
>   > > >
>   > >
>   > > Still applies. Just create a Round Robin DNS record. The
>   clients will obtain a new monmap while they are connected to the
>   cluster.
>   > >
>   > > Wido
>   > >
>   > > > 2017-03-01 18:46 GMT+08:00 gjprabu :
>   > > >
>   > > > > Hi Robert,
>   > > > >
>   > > > >   This container host will be provided to end user and
>   we don't want to
>   > > > > expose this ip to end users.
>   > > > >
>   > > > > Regards
>   > > > > Prabu GJ
>   > > > >
>   > > > >
>   > > > >  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
>   > > > >    >* wrote 
>   > > > >
>   > > > > On 01.03.2017 10:54, gjprabu wrote:
>   > > > > > Hi,
>   > > > > >
>   > > > > > We try to use host name instead of ip address but
>   mounted partion
>   > > > > > showing up address only . How show the host name
>   instead of ip address.
>   > > > >
>   > > > > What is the security gain you try to achieve by hiding
>   the IPs?
>   > > > >
>   > > > > Regards
>   > > > > --
>   > > > > Robert Sander
>   > > > > Heinlein Support GmbH
>   > > > > Schwedter Str. 8/9b, 10119 Berlin
>   > > > >
>   > > > > http://www.heinlein-support.de
>   > > > >
>   > > > > Tel: 030 / 405051-43
>   > > > > Fax: 030 / 405051-19
>   > > > >
>   > > > > Zwangsangaben lt. §35a GmbHG:
>   > > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
>   > > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
>   > > > >
>   > > > > ___
>   > > > > ceph-users mailing list
>   > > > > ceph-users@lists.ceph.com
>   > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>   > > > >
>   > > > >
>   > > > >
>   > > > > ___
>   > > > > ceph-users mailing list
>   > > > > ceph-users@lists.ceph.com
>   > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>   > > > >
>   > > > >
>   > > > ___
>   > > >

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Xiaoxi Chen 
>Still applies. Just create a Round Robin DNS record. The clients will
obtain a new monmap while they are connected to the cluster.

It works to some extent, but causing issue for "mount -a". We have such
deployment nowaday, a GTM(kinds of dns) record created with all MDS ips and
it works fine in terms of failover/ mount.

But, user usually automation such mount by fstab and even, "mount -a " are
periodically called. With such DNS approach above, they will get mount
point busy message every time. Just due to mount.ceph resolve the DNS name
to another IP, and kernel client was feeling like you are trying to attach
another fs...



2017-03-02 0:29 GMT+08:00 Wido den Hollander :

>
> > Op 1 maart 2017 om 16:57 schreef Sage Weil :
> >
> >
> > On Wed, 1 Mar 2017, Wido den Hollander wrote:
> > > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen  >:
> > > >
> > > >
> > > > Well , I think the argument here is not all about security gain, it
> just
> > > > NOT a user friendly way to let "df" show out 7 IPs of
> monitorsMuch
> > > > better if they seeing something like "mycephfs.mydomain.com".
> > > >
> > >
> > > mount / df simply prints the monmap. It doesn't print what you added
> when you mounted the filesystem.
> > >
> > > Totally normal behavior.
> >
> > Yep.  This *could* be changed, though: modern kernels have DNS resolution
> > capability.  Not sure if all distros compile it in, but if so, mount.ceph
> > could first try to pass in the DNS name and only do the DNS resolution if
> > the kernel can't.  And the kernel client could be updated to remember the
> > DNS name and use that.  It's a bit friendlier, but imprecise, since DNS
> > might change.  What does NFS do in this case? (Show an IP or a name?)
> >
>
> A "df" will show the entry as it's in the fstab file, but mount will show
> the IPs as well.
>
> But Ceph is a different story here due to the monmap.
>
> Wido
>
> > sage
> >
> >
> > > > And using DNS give you the flexibility of changing your monitor
> quorum
> > > > members , without notifying end user to change their fstab entry , or
> > > > whatever mount point record.
> > > >
> > >
> > > Still applies. Just create a Round Robin DNS record. The clients will
> obtain a new monmap while they are connected to the cluster.
> > >
> > > Wido
> > >
> > > > 2017-03-01 18:46 GMT+08:00 gjprabu :
> > > >
> > > > > Hi Robert,
> > > > >
> > > > >   This container host will be provided to end user and we don't
> want to
> > > > > expose this ip to end users.
> > > > >
> > > > > Regards
> > > > > Prabu GJ
> > > > >
> > > > >
> > > > >  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > > > > >*
> wrote 
> > > > >
> > > > > On 01.03.2017 10:54, gjprabu wrote:
> > > > > > Hi,
> > > > > >
> > > > > > We try to use host name instead of ip address but mounted partion
> > > > > > showing up address only . How show the host name instead of ip
> address.
> > > > >
> > > > > What is the security gain you try to achieve by hiding the IPs?
> > > > >
> > > > > Regards
> > > > > --
> > > > > Robert Sander
> > > > > Heinlein Support GmbH
> > > > > Schwedter Str. 8/9b, 10119 Berlin
> > > > >
> > > > > http://www.heinlein-support.de
> > > > >
> > > > > Tel: 030 / 405051-43
> > > > > Fax: 030 / 405051-19
> > > > >
> > > > > Zwangsangaben lt. §35a GmbHG:
> > > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > > > >
> > > > > ___
> > > > > ceph-users mailing list
> > > > > ceph-users@lists.ceph.com
> > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > > >
> > > > >
> > > > >
> > > > > ___
> > > > > ceph-users mailing list
> > > > > ceph-users@lists.ceph.com
> > > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > > >
> > > > >
> > > > ___
> > > > ceph-users mailing list
> > > > ceph-users@lists.ceph.com
> > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > ___
> > > ceph-users mailing list
> > > ceph-users@lists.ceph.com
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > >
>
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Wido den Hollander 

> Op 1 maart 2017 om 16:57 schreef Sage Weil :
> 
> 
> On Wed, 1 Mar 2017, Wido den Hollander wrote:
> > > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen :
> > > 
> > > 
> > > Well , I think the argument here is not all about security gain, it just
> > > NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch
> > > better if they seeing something like "mycephfs.mydomain.com".
> > > 
> > 
> > mount / df simply prints the monmap. It doesn't print what you added when 
> > you mounted the filesystem.
> > 
> > Totally normal behavior.
> 
> Yep.  This *could* be changed, though: modern kernels have DNS resolution 
> capability.  Not sure if all distros compile it in, but if so, mount.ceph 
> could first try to pass in the DNS name and only do the DNS resolution if 
> the kernel can't.  And the kernel client could be updated to remember the 
> DNS name and use that.  It's a bit friendlier, but imprecise, since DNS 
> might change.  What does NFS do in this case? (Show an IP or a name?)
> 

A "df" will show the entry as it's in the fstab file, but mount will show the 
IPs as well.

But Ceph is a different story here due to the monmap.

Wido

> sage
> 
> 
> > > And using DNS give you the flexibility of changing your monitor quorum
> > > members , without notifying end user to change their fstab entry , or
> > > whatever mount point record.
> > > 
> > 
> > Still applies. Just create a Round Robin DNS record. The clients will 
> > obtain a new monmap while they are connected to the cluster.
> > 
> > Wido
> > 
> > > 2017-03-01 18:46 GMT+08:00 gjprabu :
> > > 
> > > > Hi Robert,
> > > >
> > > >   This container host will be provided to end user and we don't want to
> > > > expose this ip to end users.
> > > >
> > > > Regards
> > > > Prabu GJ
> > > >
> > > >
> > > >  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > > > >* wrote 
> > > > 
> > > >
> > > > On 01.03.2017 10:54, gjprabu wrote:
> > > > > Hi,
> > > > >
> > > > > We try to use host name instead of ip address but mounted partion
> > > > > showing up address only . How show the host name instead of ip 
> > > > > address.
> > > >
> > > > What is the security gain you try to achieve by hiding the IPs?
> > > >
> > > > Regards
> > > > --
> > > > Robert Sander
> > > > Heinlein Support GmbH
> > > > Schwedter Str. 8/9b, 10119 Berlin
> > > >
> > > > http://www.heinlein-support.de
> > > >
> > > > Tel: 030 / 405051-43
> > > > Fax: 030 / 405051-19
> > > >
> > > > Zwangsangaben lt. §35a GmbHG:
> > > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > > >
> > > > ___
> > > > ceph-users mailing list
> > > > ceph-users@lists.ceph.com
> > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > >
> > > >
> > > >
> > > > ___
> > > > ceph-users mailing list
> > > > ceph-users@lists.ceph.com
> > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > > >
> > > >
> > > ___
> > > ceph-users mailing list
> > > ceph-users@lists.ceph.com
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > ___
> > ceph-users mailing list
> > ceph-users@lists.ceph.com
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> >
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Sage Weil 
On Wed, 1 Mar 2017, Wido den Hollander wrote:
> > Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen :
> > 
> > 
> > Well , I think the argument here is not all about security gain, it just
> > NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch
> > better if they seeing something like "mycephfs.mydomain.com".
> > 
> 
> mount / df simply prints the monmap. It doesn't print what you added when you 
> mounted the filesystem.
> 
> Totally normal behavior.

Yep.  This *could* be changed, though: modern kernels have DNS resolution 
capability.  Not sure if all distros compile it in, but if so, mount.ceph 
could first try to pass in the DNS name and only do the DNS resolution if 
the kernel can't.  And the kernel client could be updated to remember the 
DNS name and use that.  It's a bit friendlier, but imprecise, since DNS 
might change.  What does NFS do in this case? (Show an IP or a name?)

sage


> > And using DNS give you the flexibility of changing your monitor quorum
> > members , without notifying end user to change their fstab entry , or
> > whatever mount point record.
> > 
> 
> Still applies. Just create a Round Robin DNS record. The clients will obtain 
> a new monmap while they are connected to the cluster.
> 
> Wido
> 
> > 2017-03-01 18:46 GMT+08:00 gjprabu :
> > 
> > > Hi Robert,
> > >
> > >   This container host will be provided to end user and we don't want to
> > > expose this ip to end users.
> > >
> > > Regards
> > > Prabu GJ
> > >
> > >
> > >  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > > >* wrote 
> > >
> > > On 01.03.2017 10:54, gjprabu wrote:
> > > > Hi,
> > > >
> > > > We try to use host name instead of ip address but mounted partion
> > > > showing up address only . How show the host name instead of ip address.
> > >
> > > What is the security gain you try to achieve by hiding the IPs?
> > >
> > > Regards
> > > --
> > > Robert Sander
> > > Heinlein Support GmbH
> > > Schwedter Str. 8/9b, 10119 Berlin
> > >
> > > http://www.heinlein-support.de
> > >
> > > Tel: 030 / 405051-43
> > > Fax: 030 / 405051-19
> > >
> > > Zwangsangaben lt. §35a GmbHG:
> > > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > >
> > > ___
> > > ceph-users mailing list
> > > ceph-users@lists.ceph.com
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > >
> > >
> > >
> > > ___
> > > ceph-users mailing list
> > > ceph-users@lists.ceph.com
> > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> > >
> > >
> > ___
> > ceph-users mailing list
> > ceph-users@lists.ceph.com
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> ___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Wido den Hollander 

> Op 1 maart 2017 om 15:40 schreef Xiaoxi Chen :
> 
> 
> Well , I think the argument here is not all about security gain, it just
> NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch
> better if they seeing something like "mycephfs.mydomain.com".
> 

mount / df simply prints the monmap. It doesn't print what you added when you 
mounted the filesystem.

Totally normal behavior.

> And using DNS give you the flexibility of changing your monitor quorum
> members , without notifying end user to change their fstab entry , or
> whatever mount point record.
> 

Still applies. Just create a Round Robin DNS record. The clients will obtain a 
new monmap while they are connected to the cluster.

Wido

> 2017-03-01 18:46 GMT+08:00 gjprabu :
> 
> > Hi Robert,
> >
> >   This container host will be provided to end user and we don't want to
> > expose this ip to end users.
> >
> > Regards
> > Prabu GJ
> >
> >
> >  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> > >* wrote 
> >
> > On 01.03.2017 10:54, gjprabu wrote:
> > > Hi,
> > >
> > > We try to use host name instead of ip address but mounted partion
> > > showing up address only . How show the host name instead of ip address.
> >
> > What is the security gain you try to achieve by hiding the IPs?
> >
> > Regards
> > --
> > Robert Sander
> > Heinlein Support GmbH
> > Schwedter Str. 8/9b, 10119 Berlin
> >
> > http://www.heinlein-support.de
> >
> > Tel: 030 / 405051-43
> > Fax: 030 / 405051-19
> >
> > Zwangsangaben lt. §35a GmbHG:
> > HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> >
> > ___
> > ceph-users mailing list
> > ceph-users@lists.ceph.com
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> >
> >
> >
> > ___
> > ceph-users mailing list
> > ceph-users@lists.ceph.com
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> >
> >
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Xiaoxi Chen 
Well , I think the argument here is not all about security gain, it just
NOT a user friendly way to let "df" show out 7 IPs of monitorsMuch
better if they seeing something like "mycephfs.mydomain.com".

And using DNS give you the flexibility of changing your monitor quorum
members , without notifying end user to change their fstab entry , or
whatever mount point record.

2017-03-01 18:46 GMT+08:00 gjprabu :

> Hi Robert,
>
>   This container host will be provided to end user and we don't want to
> expose this ip to end users.
>
> Regards
> Prabu GJ
>
>
>  On Wed, 01 Mar 2017 16:03:49 +0530 *Robert Sander
> >* wrote 
>
> On 01.03.2017 10:54, gjprabu wrote:
> > Hi,
> >
> > We try to use host name instead of ip address but mounted partion
> > showing up address only . How show the host name instead of ip address.
>
> What is the security gain you try to achieve by hiding the IPs?
>
> Regards
> --
> Robert Sander
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> http://www.heinlein-support.de
>
> Tel: 030 / 405051-43
> Fax: 030 / 405051-19
>
> Zwangsangaben lt. §35a GmbHG:
> HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein -- Sitz: Berlin
>
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
>
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread gjprabu 
Hi Robert,


  This container host will be provided to end user and we don't want to expose 
this ip to end users.



Regards

Prabu GJ




 On Wed, 01 Mar 2017 16:03:49 +0530 Robert Sander 
r.san...@heinlein-support.de wrote 




On 01.03.2017 10:54, gjprabu wrote: 

 Hi, 

 

 We try to use host name instead of ip address but mounted partion 

 showing up address only . How show the host name instead of ip address. 

 

What is the security gain you try to achieve by hiding the IPs? 

 

Regards 

-- 

Robert Sander 

Heinlein Support GmbH 

Schwedter Str. 8/9b, 10119 Berlin 

 

http://www.heinlein-support.de 

 

Tel: 030 / 405051-43 

Fax: 030 / 405051-19 

 

Zwangsangaben lt. §35a GmbHG: 

HRB 93818 B / Amtsgericht Berlin-Charlottenburg, 

Geschäftsführer: Peer Heinlein -- Sitz: Berlin 

 

___ 

ceph-users mailing list 

ceph-users@lists.ceph.com 

http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com 






___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread Robert Sander 
On 01.03.2017 10:54, gjprabu wrote:
> Hi,
> 
> We try to use host name instead of ip address but mounted partion
> showing up address only . How show the host name instead of ip address.

What is the security gain you try to achieve by hiding the IPs?

Regards
-- 
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin



signature.asc
Description: OpenPGP digital signature
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread gjprabu 
Hi Robert,

   As per my understand whichever partion it has that will be replicated from 
base machine to docker container. My only concern is instead of ip how to show 
the dns name.

Regards
Prabu 

 On Tue, 28 Feb 2017 13:44:30 +0530 r.san...@heinlein-support.de wrote 

On 28.02.2017 07:19, gjprabu wrote: 

> How to hide internal ip address on cephfs mounting. Due to 
> security reason we need to hide ip address. Also we are running docker 
> container in the base machine and which will shown the partition details 
> over there. Kindly let us know is there any solution for this. 
> 
> 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ 
> ceph 6.4T 2.0T 4.5T 31% /home/ 

If this is needed as a "security measure" you should not mount CephFS on 
this host in the first place. 

Only mount CephFS on hosts you trust (especially the root user) as the 
Filesystem uses the local accounts for access control. 

Regards 
-- 
Robert Sander 
Heinlein Support GmbH 
Schwedter Str. 8/9b, 10119 Berlin 

http://www.heinlein-support.de 

Tel: 030 / 405051-43 
Fax: 030 / 405051-19 

Zwangsangaben lt. §35a GmbHG: 
HRB 93818 B / Amtsgericht Berlin-Charlottenburg, 
Geschäftsführer: Peer Heinlein -- Sitz: Berlin 

___ 
ceph-users mailing list 
ceph-users@lists.ceph.com 
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com 
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-03-01 Thread gjprabu 
Hi,

We try to use host name instead of ip address but mounted partion showing 
up address only . How show the host name instead of ip address.

 On Wed, 01 Mar 2017 07:43:17 +0530  superdebu...@gmail.com wrote 

We do try to use DNS to hide the IP and achieve kinds of HA, but failed.

mount.ceph will resolve whatever you provide, to IP address, and pass it to 
kernel.

2017-02-28 16:14 GMT+08:00 Robert Sander :
On 28.02.2017 07:19, gjprabu wrote:

>              How to hide internal ip address on cephfs mounting. Due to
> security reason we need to hide ip address. Also we are running docker
> container in the base machine and which will shown the partition details
> over there. Kindly let us know is there any solution for this.
>
> 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/
> ceph      6.4T  2.0T  4.5T  31% /home/

If this is needed as a "security measure" you should not mount CephFS on
this host in the first place.

Only mount CephFS on hosts you trust (especially the root user) as the
Filesystem uses the local accounts for access control.

Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin


___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


___ 
ceph-users mailing list 
ceph-users@lists.ceph.com 
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com 
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-02-28 Thread Xiaoxi Chen 
We do try to use DNS to hide the IP and achieve kinds of HA, but failed.

mount.ceph will resolve whatever you provide, to IP address, and pass it to
kernel.

2017-02-28 16:14 GMT+08:00 Robert Sander :

> On 28.02.2017 07:19, gjprabu wrote:
>
> >  How to hide internal ip address on cephfs mounting. Due to
> > security reason we need to hide ip address. Also we are running docker
> > container in the base machine and which will shown the partition details
> > over there. Kindly let us know is there any solution for this.
> >
> > 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/
> > ceph  6.4T  2.0T  4.5T  31% /home/
>
> If this is needed as a "security measure" you should not mount CephFS on
> this host in the first place.
>
> Only mount CephFS on hosts you trust (especially the root user) as the
> Filesystem uses the local accounts for access control.
>
> Regards
> --
> Robert Sander
> Heinlein Support GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> http://www.heinlein-support.de
>
> Tel: 030 / 405051-43
> Fax: 030 / 405051-19
>
> Zwangsangaben lt. §35a GmbHG:
> HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
> Geschäftsführer: Peer Heinlein -- Sitz: Berlin
>
>
> ___
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: [ceph-users] How to hide internal ip on ceph mount

2017-02-28 Thread Robert Sander 
On 28.02.2017 07:19, gjprabu wrote:

>  How to hide internal ip address on cephfs mounting. Due to
> security reason we need to hide ip address. Also we are running docker
> container in the base machine and which will shown the partition details
> over there. Kindly let us know is there any solution for this. 
> 
> 192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/
> ceph  6.4T  2.0T  4.5T  31% /home/

If this is needed as a "security measure" you should not mount CephFS on
this host in the first place.

Only mount CephFS on hosts you trust (especially the root user) as the
Filesystem uses the local accounts for access control.

Regards
-- 
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin



signature.asc
Description: OpenPGP digital signature
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[ceph-users] How to hide internal ip on ceph mount

2017-02-27 Thread gjprabu 
Hi Team,



 How to hide internal ip address on cephfs mounting. Due to 
security reason we need to hide ip address. Also we are running docker 
container in the base machine and which will shown the partition details over 
there. Kindly let us know is there any solution for this. 



192.168.xxx.xxx:6789,192.168.xxx.xxx:6789,192.168.xxx.xxx:6789:/ ceph  6.4T 
 2.0T  4.5T  31% /home/




___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com