On Wed, 29 Jan 2020 at 16:52, Matthew Vernon
<mv3(a)sanger.ac.uk> wrote:
Hi,
On 29/01/2020 16:40, Paul Browne wrote:
Recently we deployed a brand new Stein cluster
however, and I'm curious
whether the idea of pointing the new OpenStack cluster at the same RBD
pools for Cinder/Glance/Nova as the Luminous cluster would be considered
bad practice, or even potentially dangerous.
I think that would be pretty risky - here we have a Ceph cluster that
provides backing for our OpenStacks, and each OpenStack has its own set
of pools -metrics,-images,-volumes,-vms (and its own credential).
Hi Matthew,
I think I've come around to that thinking now too.
Despite using different keys, the 2 sets of clients in different OpenStack
clusters would require the same capabilities on the shared pools, which
widens the blast radius a bit too far for me, I think (unless there were
also a capability to restrict the sets of clients' keys to specific
namespaces within the shared pools similar to the caps given out to CephFS
clients)
This is supported since Nautilus: namespace support for librbd. I do
not now however if there is already support for this in
qemu/libvirt/openstack. OpenNebula support is pending [1].
Gr. Stefan
[1]:
Kamer van Koophandel 09090351
| GPG: 0xD14839C6 +31 318 648 688 / info(a)bit.nl