Hey all,
When I moved my file server shares to CephFS, I set each share on its own
CephFS. The reason was this comment in the nfs-ganesha example config:
# Note that FSAL_CEPH does not support subtree checking, so there is
# no way to validate that a filehandle presented by a client is
# reachable via an exported subtree.
#
# For that reason, we just export "/" here.
Now, this is fine for low numbers of shares, but as they have grown it feels a
bit overkill to be creating two or more new pools (metadata + data + sometimes
another EC data) for each share. Tuning the PG numbers for those pools is also
kind of a pain.
I'm wondering, would using a subvolume for the share provide the needed
security isolation?
Best,
Davíð
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
