Am 03.03.2015 um 19:31 schrieb Deepak Shetty:
[...]
>> For us security is very critical, as the performance is too. The
>> first solution via ganesha is not what we prefer (to use CephFS
>> via p9 and NFS would not perform that well I guess). The second
>> solution, to use CephFS directly to the VM would be a bad
>> solution from the security point of view since we can't expose
>> the Ceph public network directly to the VMs to prevent all the
>> security issues we discussed already.
>>
>
> Is there any place the security issues are captured for the case
> where VMs access CephFS directly ?

No there isn't any place and this is the issue for us.

> I was curious to understand. IIUC Neutron provides private and
> public networks and for VMs to access external CephFS network, the
> tenant private network needs to be bridged/routed to the external
> provider network and there are ways neturon achives it.
>
> Are you saying that this approach of neutron is insecure ?

I don't say neutron itself is insecure.

The problem is: we don't want any VM to get access to the ceph public
network at all since this would mean access to all MON, OSDs and MDS
daemons.

If a tenant VM has access to the ceph public net, which is needed to
use/mount native cephfs in this VM, one critical issue would be: the
client can attack any ceph component via this network. Maybe I misses
something, but routing doesn't change this fact.

Danny