On Saturday, December 6, 2014, Sage Weil <sw...@redhat.com> wrote: > While we are on the subject of init systems and packaging, I would *love* > to fix things up for hammer to > > - create a ceph user and group > - add various users to ceph group (like qemu or kvm user and > apache/www-data?)
Maybe a calamari user too - fix permissions on /var/log/ceph and /var/run/ceph (770?) so that qemu > and rgw can write logs and asok files there Yes - make daemons run as ceph user instead of root I think this is the right approach > > The main hangup is with that last one. As I understand it, when packages > create users, they get a semi-random UID assigned. That means that all > the data on a ceph-osd disk would have a semi-random UID. If it were > hot-swapped into another host, the uid would be wrong. Is there a way > use a fixed uid? > > There's no guarantee that any given uid will be available across any two unix systems. You could pick 6789 or something uncommon, but I'm sure someone somewhere is using any given uid. I would take the approach that the uid shouldn't matter. Add a standard tool to assist with osd hot swaps that would change the file permissions on the new osd disk. I think the osd hot swap process requires some manual intervention anyway. The only downside is the tool would need to be run with root permissions. I haven't tried moving an osd disk from one node to another. Can someone describe the process? > Also on the roadmap is defining proper selinux policies so that these > dameons are confined into the appropriate directories etc., but I imagine > running as non-root is a big help (or even prerequisite?) to making that > happen? > > Suggestions or comments? Or volunteers? We haven't had time to look at > this yet but I think it's important! > > sage > > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com <javascript:;> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
