[Gluster-users] [Gluster-devel] User-serviceable snapshots design

Jeff Darcy jdarcy at redhat.com
Thu May 8 19:20:59 UTC 2014


> Overall, it seems like having clients connect *directly* to the
>> snapshot volumes once they've been started might have avoided some
>> complexity or problems. Was this considered?

> Yes this was considered. I have mentioned the two reasons why this was
> dropped in the other mail.

I look forward to the next version of the design which reflects the new
ideas since this email thread started.

> They were: a) snap view generation requires privileged ops to
> glusterd. So moving this task to the server side solves a lot of those
> challenges.

Not really.  A server-side component issuing privileged requests
whenever a client asks it to is no more secure than a client-side
component issuing them directly.  There needs to be some sort of
authentication and authorization at the glusterd level (the only place
these all converge).  This is a more general problem that we've had with
glusterd for a long time.  If security is a sincere concern for USS,
shouldn't we address it by trying to move the general solution forward?



More information about the Gluster-users mailing list