On Thu, Jun 3, 2021 at 2:18 AM Marc <Marc(a)f1-outsourcing.eu> wrote:
Not using cephadm, I would also question other things
like:
- If it uses docker and docker daemon fails what happens to you containers?
This is an obnoxious feature of docker; podman does not have this problem.
- I assume the ceph-osd containers need linux
capability sysadmin. So if you have to allow this via your OC, all your tasks have
potentially access to this permission. (That is why I chose not to allow the OC access to
it)
The --privileged flag and other caps are only passed on an as-needed
basis, based on the daemon (each daemon runs in its own container).
(There is only one container image, though.)
sage