From: Alex Elsayed <eternaleye@gmail.com>
To: ceph-devel@vger.kernel.org
Subject: Re: Forcing Ceph into mapping all objects to a single PG
Date: Fri, 25 Jul 2014 11:14:24 -0700 [thread overview]
Message-ID: <lqu6q0$sgc$1@ger.gmane.org> (raw)
In-Reply-To: alpine.DEB.2.00.1407250709480.18917@cobra.newdream.net
Sage Weil wrote:
> On Fri, 25 Jul 2014, Daniel Hofmann wrote:
>> The main issue however is not the hash's strength, but the fact that
>> once pre-computed, I'm able to use preimages on **every Ceph cluster out
>> there**. (As the hash functions's output is a deterministic function of
>> the object's name only)
>>
>> I agree in that the general issue is inherent in hash-placement systems.
>>
>> But what I don't agree with is the following:
>>
>> Why do I have to be able to calculate my object's placement for **every
>> Ceph cluster** out there?
>>
>> Why does it not suffice for me to be able to calculate the placement
>> only for the cluster I'm currently accessing?
>>
>> >From a logical standpoint it seems reasonable. Why then, are we not able
>> to constrain the placement calculation in that regard?
>>
>>
>> If the placement is bound to a specific cluster it should suffice to
>> derive e.g. a key for SipHash based on cluster specifics.
>>
>> Is this doable from an implementation point of view?
>>
>>
>> Note: I only did this as a proof-of-concept for the object store.
>> Think about the implications, if you're able to do this e.g. for every
>> RadosGW out there and servies using RadosGW.
>
> It would be really easy to add a random salt to the pg_pool_t and feed
> that into the object -> pg hash mapping. Note, by the way, that for new
> clusters the pool id is already fed in here, so there is a *tiny* bit of
> variation depending on what orders the pools were created in (although
> probably not enough to meaningfully improve security).
I just had a thought - is the FSID a parameter? If it is, then there's
actually no need for a further salt: FSID is per cluster, preventing cross-
cluster precomputation, and if the pool ID is fed in then each pool needs
collisions calculated separately as well. In other words, the (fsid, poolid)
tuple is almost certainly sufficient salt in and of itself.
> We could also add a new hash type that is more secure. Rjenkins is used
> by default but the choice of hash is already parameterized.
>
> sage
next prev parent reply other threads:[~2014-07-25 18:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-21 22:27 Forcing Ceph into mapping all objects to a single PG Daniel Hofmann
2014-07-21 22:50 ` Gregory Farnum
2014-07-22 22:44 ` Alex Elsayed
2014-07-22 22:46 ` Alex Elsayed
2014-07-25 12:26 ` Daniel Hofmann
2014-07-25 14:12 ` Sage Weil
2014-07-25 18:14 ` Alex Elsayed [this message]
2014-07-31 0:29 ` Daniel Hofmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='lqu6q0$sgc$1@ger.gmane.org' \
--to=eternaleye@gmail.com \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.