[Gluster-devel] Ability to turn off 'glusterfs' protocol

Niels de Vos ndevos at redhat.com
Thu Jan 29 09:29:53 UTC 2015


On Wed, Jan 28, 2015 at 06:46:58PM -0500, Csaba Henk wrote:
> Hi Niels,
> 
> ----- Original Message -----
> > From: "Niels de Vos" <ndevos at redhat.com>
> > To: "Csaba Henk" <chenk at redhat.com>
> > Cc: gluster-devel at gluster.org
> > Sent: Wednesday, January 28, 2015 9:19:34 AM
> > Subject: Re: [Gluster-devel] Ability to turn off 'glusterfs' protocol
> > 
> 
> > The High-Availability NFS-Ganesha design puts the NFS-Ganesha service in
> > the trusted storage pool, possibly on the servers hosting bricks. Maybe
> > you can comment on why this is not suitable or wished for in your
> > environment? This design basically swaps Gluster/NFS for NFS-Ganesha.
> > 
> >     http://www.gluster.org/community/documentation/index.php/Features/HA_for_ganesha
> > 
> [...]
> > 
> > I'm not sure if you're talking about this?
> > 
> >     http://www.gluster.org/community/documentation/index.php/Features/Gluster_CLI_for_ganesha
> > 
> > At the moment, I think that also assumes the NFS-Ganesha service is
> > running inside the trusted storage pool. If you need any of those
> > functions available outside of the trusted storage pool, get in touch
> > with the feature owners and keep the gluster-devel list on CC.
> 
> The resources you mention elaborate on an effort to integrate Ganesha into
> the Gluster cluster. Which is very nice, but it's simply not what we want.
> 
> In the cloud context we take the management of the Ganesha service(s) completely
> upon us. There, for example, it might be the case that the tenant will be network
> separated from the Gluster cluster, and the node where Ganesha resides will be set
> up to be connected to both netwokrs (of tenant and of the Gluster cluster), and
> thus, implied by said separation, it won't be included in either.
> 
> Anyway, we can forget Ganesha.
> 
> TL;DR: what we need that from a given cloud that uses the Gluster cluster as an
> external backend we want a general ban on glusterfs proto access, but make it
> possible to specify some exceptions.

Thanks! This and Deepaks description explain the details quite nicely. I
guess you have ideas on how to restrict the GlusterFS protocol access,
and I (and hopefully others) understand more about the Gluster use-cases
in OpenStack Manilla.

Cheers,
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20150129/69ab3ad1/attachment.sig>


More information about the Gluster-devel mailing list