> For ultra isolation, the RADOS pools would also be configured to map to > different OSDs.
This is really good idea, and will be motivation to me. > Separate RADOS namespaces do not provide physical separation (multiple > namespaces exist within one pool, hence on the same OSDs), but they > would provide server-side security for preventing clients seeing into > one anothers data pools. The terminology is confusing because RADOS > namespace is a distinct ceph specific concept from filesystem > namespaces. Would there be another namespace for the driver? I think it's better to have. And it would make things more simple. > CephFS doesn't currently have either the "separate MDSs" isolation, or the > support for using RADOS namespaces in layouts. Yes, it's better to have dedicated MON so that we use different keyring. Do you have any blueprint? __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
