Project

General

Profile

Bug #24284

cephfs: allow prohibiting user snapshots in CephFS

Added by Patrick Donnelly 7 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Administration/Usability
Target version:
Start date:
05/24/2018
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
mimic
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Client, MDS, kceph
Labels (FS):
snapshots
Pull request ID:

Description

Since snapshots can be used to circumvent (accidentally or not) the quotas as snapshot file data that has since been modified or deleted does not count towards the quota.

(This may already be implemented?)

Alternatively, we could also just start counting the snapshot data but this seems non-trivial?


Related issues

Related to fs - Feature #11154: snapshots: support rstats better New 03/18/2015
Copied to fs - Backport #24705: mimic: cephfs: allow prohibiting user snapshots in CephFS Resolved

History

#1 Updated by Patrick Donnelly 7 months ago

#2 Updated by Zheng Yan 7 months ago

change default of mds_snap_max_uid to 0

#3 Updated by Patrick Donnelly 7 months ago

Zheng Yan wrote:

change default of mds_snap_max_uid to 0

Okay, but we should enforce that as a file system option (`ceph fs set`) so it's consistently enforced by all MDS and visible to clients.

#4 Updated by Greg Farnum 7 months ago

We should actually discuss what kind of interface admins want. Dan van der Ster certainly has thoughts; others might as well.

eg an "fs set" max uid is better than nothing, but they might prefer it be set for subtrees similarly to layouts? So a privileged user can grant permission to an unprivileged user to snapshot their directory on a case-by-case basis or something.

#5 Updated by Zheng Yan 7 months ago

maybe we can use 'auth string'

#6 Updated by Dan van der Ster 7 months ago

change default of mds_snap_max_uid to 0

Use-cases such as Manila let the users mount with root so this will be ineffective.

My humble opinion about this topic is to document the behaviour (limitation) until incremental snapshot usage can be accounted properly by the quota.

We can document that "quota" refers to space used by current head, and e.g. "snapquota" is a snapshot aware quota still to be developed...

#7 Updated by Zheng Yan 6 months ago

  • Status changed from New to Need Review

#8 Updated by Patrick Donnelly 6 months ago

  • Status changed from Need Review to Pending Backport

#9 Updated by Patrick Donnelly 6 months ago

  • Copied to Backport #24705: mimic: cephfs: allow prohibiting user snapshots in CephFS added

#10 Updated by Nathan Cutler 5 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF