On Wed, 29 Jan 2020 at 16:52, Matthew Vernon <mv3(a)sanger.ac.uk> wrote:
Hi,
On 29/01/2020 16:40, Paul Browne wrote:
Recently we deployed a brand new Stein cluster
however, and I'm curious
whether the idea of pointing the new OpenStack cluster at the same RBD
pools for Cinder/Glance/Nova as the Luminous cluster would be considered
bad practice, or even potentially dangerous.
I think that would be pretty risky - here we have a Ceph cluster that
provides backing for our OpenStacks, and each OpenStack has its own set
of pools -metrics,-images,-volumes,-vms (and its own credential).
Hi Matthew,
I think I've come around to that thinking now too.
Despite using different keys, the 2 sets of clients in different OpenStack
clusters would require the same capabilities on the shared pools, which
widens the blast radius a bit too far for me, I think (unless there were
also a capability to restrict the sets of clients' keys to specific
namespaces within the shared pools similar to the caps given out to CephFS
clients)
Thanmks,
Paul
Regards,
Matthew
--
*******************
Paul Browne
Research Computing Platforms
University Information Services
Roger Needham Building
JJ Thompson Avenue
University of Cambridge
Cambridge
United Kingdom
E-Mail: pfb29(a)cam.ac.uk
Tel: 0044-1223-746548
*******************