Comments (3)
ffilz
commented on June 2, 2024
1
I have followed some of the NFS over TLS, but not closely. TLS IS on our radar. but it's a resource issue. As long as the certificates are easy to match with services, yes, we can use that to match instead of an IP address.
from nfs-ganesha.
ffilz
commented on June 2, 2024
When we get to TLS, we could consider allowing a bypass for TLS, but note that clients will want to use TLS, so we will need some way to indentify what services each TLS connection is allowed. So we may still end up with the same list :-)
Hmm, could there be some way to use a DNS wildcard instead of an IP address?
from nfs-ganesha.
phlogistonjohn
commented on June 2, 2024
Sure, I was specifically thinking of the case where we could use mTLS such that the ganshsa server would only trust clients (haproxy) with matching certs (and vice versa for haproxy). Since cephadm would be distributing/managing what certs get assigned to the containers, this fits our use case very well, but I realize there are uses for TLS in general outside of that for Ganesha. :-)
from nfs-ganesha.
Related Issues (20)
- nfs4_op_readdir seems inefficient and possibly buggy in some cases HOT 11
- nfs clients get "Stale file handle" when accessing a mount after a nfs-ganesha server POD restart HOT 4
- [Question] `dd` failed to open with unknown error 512
- Can we remove the ONESHOT from the epoll listening mode?
- Turn on prometheus monitoring by default, add config var to disable
- Inquiry about state_hdl HOT 6
- Some update_share_counters_locked call sites seem broken (taking directory's handle versus file's handle) HOT 4
- fd_lru_run rely on Reaper_Work that is mark deprecated HOT 2
- Attempting to read from a file over 9P causes ganesha to fall over HOT 2
- NFS-Ganesha start not working with Monitoring_Port in block NFS_CORE_PARAM {} config HOT 6
- FSAL_GLUSTER write file with openflag O_RDWR|O_CREAT hung when restart backend gluster brick process HOT 12
- Can we identify clients with the same hostname with NFSv4.1 and 4.2? HOT 4
- V4-dev.18 version crash at sockaddr_cmpf() HOT 3
- Why does the disk not release? HOT 8
- How do I get the number of clients for users of nfs-ganesha's export HOT 2
- Can we use softer way rather than exit nfs-ganesha when refcount error ? HOT 1
- fd_lru logic crashes while reaping, as fsal_export was NULL HOT 5
- Questions for ganesha v4 HOT 8
- [Question] add `recovery_start()` in `struct nfs4_recovery_backend` HOT 4
- Hang when calling `ll` during IO shortly after restart HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nfs-ganesha.