Project

General

Profile

Rbd - namespace support

Summary

rados namespaces can be used to provide isolation between rados clients within a pool. For example, a client could only have full permissions on a namespace specific to them. This makes using a different rados client for each tenant feasible, which is particularly useful for rbd where many different tenants are accessing their own rbd images.

Owners

  • Name (Affiliation)
  • Name (Affiliation)
  • Name

Interested Parties

  • Josh Durgin (Inktank)
  • Danny Al-Gaaf
  • John Lin (Synology)
  • Name (Affiliation)
  • Name

Current Status

Detailed Description

A namespace is a new level in the identity of an object (pool/object_locator(namespace, key)/object name). Since this affects the placement of an object, existing rbd images would need to be fully copied to be put into a namespace. rbd cp could implement this.
A new argument --namespace would be added to the rbd commands that create images. This would be stored in the image id object
in the default namespace by cls_rbd, so that image names are still unique within a pool. Old clients could see that the image exists, but not interact with it. No new feature bit would be needed because old clients would not be able to read objects stored in the namespace, including the image header. The default namespace is '', which is the rados default.
This requires new versions of create(), clone(), and copy() that take the namespace as an argument for the new image, including
updating the python bindings to support them. It would only be supported by format 2 images. A get_namespace() function should also be added to librbd and used by the 'rbd info' command to tell what namespace an image is in. This could be added as a column in 'rbd ls -l' as well.
cls_rbd should have a get_namespace() function that returns '' (the default namespace) if no namespace is set.
It will need set_namespace() that returns an error if the namespace is already set. These would operate on the rbd_id.$image_name object.
ImageCtx::init() will call a new cls_rbd_client function, get_namespace(), and save it in an ImageCtx member variable. The namespace will be set for each ioctx, or each operation (with the addition of an aio_operate(...,object_locator) api to librados).
Once this is done, things using librbd need to be modified to pass a namespace argument whenever they create an image. For simplicity,
they could use the namespace named after their rados client. qemu-img could be changed to use the new create funcitions with an rbd-specific namespace option. Things like OpenStack and CloudStack could be set up to add rados clients for each tenant and put their keys on the compute hosts automatically. This part needs more fleshing out.

Work items

Coding tasks

  1. Implement support in librbd
  2. Add --namespace to the rbd cli tool
  3. librbd bindings with new functions
  4. qemu, libvirt, openstack cloudstack, etc: Update higher-level tools to pass the namespace argument to librbd
  5. libceph: add support for setting the object_locator for an osd request in the kernel
  6. krbd: add support for opening images in a namespace to the kernel rbd driver

Documentation tasks

  1. Explain what namespaces are, and how to configure clients to use them
  2. Add examples of usage and client permissions to man page
  3. Update docs for tools using rbd once those tools are updated
  4. Note that using namespaces requires upgrading librbd and librados on all clients, and won't work on older kernels