Project

General

Profile

Ceph-Brag

Summary

Ceph-brag is going to be an anonymized cluster reporting tool designed to collect a "registry" of Ceph clusters for community knowledge. This data will be displayed on a public web page using UUID by default, but users can claim their cluster and publish information about ownership if they so desire.

Owners

  • Loic Dachary <>
  • Patrick McGarry (Inktank)
  • Sebastien Han (eNovance)
  • Sage Weil (Inktank)

Interested Parties

Current Status

Detailed Description

Client side is a 'ceph brag' or 'ceph-brag' command. Generates a lump of JSON that is anonymous and sends it to brag.ceph.com (or similar). Includes:
  • a unique identifier for the cluster. this is not the cluster fsid, but a new uuid, generated once and stored via the config-key interface, so that subsequent ceph-brag commands wil re-use the same id.
  • cluster creation date
  • number of osds, mons, mdss, pgs
  • number of bytes, objects, pools
  • number of bytes, ios read/written
  • number of unique ips (hosts)?
  • count of crush items by type (root, rack, host, osd)
  • per-pool metadata
    • replica count
    • type (just rep for now, soon ec)
  • os, kernel info (once available)
  • hardware information (CPUs,RAM,Network ... maybe reduced to some basic anonymised data)
  • ceph version(s)
On each brag, dump the current ownership information for the cluster. By default this is empty/undefined. ceph-brag options can be used to update the following fields:
  • Name
  • Organization
  • Contact email
  • Use-case (rgw, openstack, genomics, hpc, log archival, backups, whatever)

We need to make sure to expose no critical information to the public that could be a source to run e.g. exploits or DDoS attacks against a cluster. This is critical, otherwise no big company will ever expose any information via this tool. It could be even a problem to provide information abou the used ceph version.

Usage:

ceph-brag # generate brag json, dump to stdout
ceph-brag publish # post it!
ceph-brag update-metadata --name ... --organization ... --email ... --description ...
ceph-brag clear-metadata
ceph-brag unpublish --yes-i-am-shy

Server side is some WSGI or similar modern/cute REST endpoint. Simply logs the result to a database.

Work items

Coding tasks

  1. ceph-brag
    1. generate all the json
  2. ceph-brag publish
  3. ceph-brag update-metadata
  4. ceph-brag clear-metadata
  5. ceph-brag unpublish
  6. ceph-brag server
  7. basic tool to summarize results
    1. number of clusters, bytes, objects
    2. os, ceph version histograms

Build / release tasks

  1. deploy brag server to ceph.com

Documentation tasks

  1. document security implications of ceph-brag
  2. document how to obtain the public database
    1. programmatically, or by request from a human?