Ceph

h1. -1G - Client Security for CephFS

<pre>

rturk	don't worry, nobody is in track 2 either :)  I think our lunch break was a bit short	12:29

rturk	most of the inktank devs in LA are still in the lunch room	12:29

rturk	I'll go get them	12:29

scuttlemonkey	hehe	12:29

scuttlemonkey	gregaf: we'll definitely want you for this one	12:31

rturk	he is on the way	12:31

gregaf	yeah, sorry, we were all shoveling food into our faces	12:31

gregaf	same hangout url?	12:31

scuttlemonkey	nah, ended up having to kill it...sent new	12:31

gregaf	ah, got it	12:31

*** sjustlaptop has joined #ceph-summit1	12:33

saras	boo	12:35

gregaf	yes	12:35

saras	at least i did not mess any thin	12:37

saras	some please define pg and osd	12:40

*** paravoid has joined #ceph-summit1	12:40

dmick	pg: placement group.  Sort of the first level of sharding objects across servers: grossly, an object hashes into a pg, and then the pg is placed	12:40

dmick	OSD: object storage daemon.  The intelligent storage entity that maintains replication and fault tolerance	12:41

dmick	and does most of the I/O	12:41

saras	dmick: thanks very much	12:41

rturk	(glossary coming in the docs very soon, I saw a sneek-preview)	12:41

*** cdl has quit IRC	12:42

*** cdl has joined #ceph-summit1	12:43

paravoid	our use case won't be covered by this	12:46

paravoid	the "perms per TB of data"	12:46

paravoid	that's a shame :/	12:46

saras	paravoid: what whould you need	12:46

paravoid	so basically we have a multi-tenant openstack nova setup and we'd like to give a shared filesystem per tenant, but over multiple VMs	12:47

Ryan_Lane	a similar use case to sharing directories via nfs	12:48

paravoid	hundreds of tenants (we call them "projects"), so a pool per project is excessive	12:48

paravoid	oh Ryan_Lane you're here	12:48

saras	paravoid: could join the hangout please	12:48

Ryan_Lane	where x set of instances can read, and another set can write, etc	12:49

Ryan_Lane	just think NFS exports :)	12:49

paravoid	Ryan_Lane: want to do that? I think you'll be much better at it	12:49

Ryan_Lane	hm	12:49

Ryan_Lane	I'm in a coworking space. i think I can, though	12:49

*** loicd has joined #ceph-summit1	12:50

Ryan_Lane	how do I join?	12:50

paravoid	I think rturk or scuttlemonkey have to invite you	12:50

paravoid	or maybe saras?	12:50

rturk	scuttlemonkey has a link	12:50

scuttlemonkey	yeah, sec	12:50

saras	not me here	12:50

scuttlemonkey	pm'd Ryan	12:51

saras	any one in the hangout could copy the link into the chat	12:51

saras	that works	12:51

scuttlemonkey	yep	12:51

Ryan_Lane	joined	12:51

paravoid	the discussion seems to be very technical now, maybe they'll leave some space for comments at the end	12:52

* Ryan_Lane nods	12:52

Ryan_Lane	so, I missed part of this	12:52

Ryan_Lane	what was their current idea on how to handle it?	12:53

paravoid	I missed half of it too, but there's this at the pad:     -- Permissions per TB of data would scale well, permissions per MB of data would be excessive	12:53

saras	soulds like their look at disc drive size	12:54

Ryan_Lane	I don't think our use case is abnormal	12:54

paravoid	Ryan_Lane is a colleague of mine	12:56

scuttlemonkey	are there specific questions now that we're in the last 5 mins	12:56

scuttlemonkey	ahh!	12:56

paravoid	we both work at wikimedia	12:56

scuttlemonkey	cool	12:56

gregaf	we have 4 minutes left, any questions we can address?	12:56

paravoid	and while I've been doing most of the ceph work so far, he's much better suited to talk about our cephfs plans	12:56

Ryan_Lane	I'm working with openstack nova, which is why we need the multi-tenancy :)	12:56

paravoid	we're expanding our use cases basically :)	12:56

AaronSchulz	paravoid: we have cephfs plans?	12:57

paravoid	AaronSchulz: labs	12:57

AaronSchulz	news to me :)	12:57

paravoid	replacement for gluster basically	12:57

paravoid	well, not formalized plans, it'd just be nice to reuse our expertise	12:58

saras	please	12:58

</pre>