accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r797867 [3/12] - in /websites/staging/accumulo/trunk/content: ./ accumulo/ accumulo/css/ accumulo/governance/ accumulo/images/ accumulo/user_manual_1.3-incubating/ accumulo/user_manual_1.3-incubating/examples/ accumulo/user_manual_1.4-incub...
Date Tue, 01 Nov 2011 17:08:19 GMT
Added: websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/High_Speed_Ingest.html
==============================================================================
--- websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/High_Speed_Ingest.html
(added)
+++ websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/High_Speed_Ingest.html
Tue Nov  1 17:08:17 2011
@@ -0,0 +1,165 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE- 2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+  <link href="/accumulo/css/accumulo.css" rel="stylesheet" type="text/css">
+  <title>Accumulo User Manual: High Speed Ingest</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <script type="text/javascript">
+
+  var _gaq = _gaq || [];
+  _gaq.push(['_setAccount', 'UA-21103458-6']);
+  _gaq.push(['_trackPageview']);
+
+  (function() {
+    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+  })();
+
+  </script>
+</head>
+
+<body>
+  <div id="banner">
+    <img id="logo" alt="Apache accumulo (Incubating)" src="/accumulo/images/accumulo-logo.png"/>
+    <div id="bannertext">
+&nbsp; 
+    </div><br />
+  </div>
+  
+  <div id="navigation">
+  <h1 id="project">Project</h1>
+<ul>
+<li><a href="/accumulo">Home</a></li>
+<li><a href="http://incubator.apache.org/projects/accumulo.html">Incubator page</a>
+<!--  - Download --></li>
+<li><a href="/accumulo/notable_features.html">Features</a></li>
+<li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+</ul>
+<h1 id="community">Community</h1>
+<ul>
+<li><a href="/accumulo/get_involved.html">Get Involved</a></li>
+<li><a href="/accumulo/mailing_list.html">Mailing Lists</a></li>
+<li><a href="https://issues.apache.org/jira/secure/ConfigureReport.jspa?versionId=-2&amp;selectedProjectId=12312121&amp;reportKey=com.sourcelabs.jira.plugin.report.contributions%3Acontributionreport">People</a></li>
+</ul>
+<h1 id="development">Development</h1>
+<ul>
+<li><a href="/accumulo/source.html">Source Code</a></li>
+<li><a href="https://issues.apache.org/jira/browse/accumulo">Issues</a></li>
+<li><a href="https://builds.apache.org/job/Accumulo-Trunk">Builds</a></li>
+</ul>
+<h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="/accumulo/user_manual_1.3-incubating">Manual v1.3</a><ul>
+<li><a href="/accumulo/user_manual_1.3-incubating/examples.html">Examples v1.3</a></li>
+</ul>
+</li>
+<li><a href="/accumulo/user_manual_1.4-incubating">Manual v1.4</a>
+<!-- - klzzwxh:0005 -->
+<!-- - Javadoc -->
+<!-- - Examples --></li>
+<li><a href="/accumulo/screenshots.html">Screenshots</a></li>
+</ul>
+<!--
+# Development
+ - Source code
+ - Building
+-->
+
+<h1 id="asf_links">ASF links</h1>
+<ul>
+<li><a href="http://www.apache.org">Apache Software Foundation</a></li>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+  </div>
+
+  <div id="content">
+    <h1 class="title">Accumulo User Manual: High Speed Ingest</h1>
+    <p><strong> Next:</strong> <a href="Analytics.html">Analytics</a>
<strong> Up:</strong> <a href="accumulo_user_manual.html">Accumulo User
Manual Version 1.3</a> <strong> Previous:</strong> <a href="Table_Design.html">Table
Design</a>   <strong> <a href="Contents.html">Contents</a></strong>
<br />
+</p>
+<p><a id=CHILD_LINKS></a><strong>Subsections</strong></p>
+<ul>
+<li><a href="High_Speed_Ingest.html#Pre-Splitting_New_Tables">Pre-Splitting New
Tables</a></li>
+<li><a href="High_Speed_Ingest.html#Multiple_Ingester_Clients">Multiple Ingester
Clients</a></li>
+<li><a href="High_Speed_Ingest.html#Bulk_Ingest">Bulk Ingest</a></li>
+<li><a href="High_Speed_Ingest.html#MapReduce_Ingest">MapReduce Ingest</a></li>
+</ul>
+<hr />
+<h2 id="a_idhigh-speed_ingesta_high-speed_ingest"><a id=High-Speed_Ingest></a>
High-Speed Ingest</h2>
+<p>Accumulo is often used as part of a larger data processing and storage system. To
maximize the performance of a parallel system involving Accumulo, the ingestion and query
components should be designed to provide enough parallelism and concurrency to avoid creating
bottlenecks for users and other systems writing to and reading from Accumulo. There are several
ways to achieve high ingest performance. </p>
+<h2 id="a_idpre-splitting_new_tablesa_pre-splitting_new_tables"><a id=Pre-Splitting_New_Tables></a>
Pre-Splitting New Tables</h2>
+<p>New tables consist of a single tablet by default. As mutations are applied, the
table grows and splits into multiple tablets which are balanced by the Master across TabletServers.
This implies that the aggregate ingest rate will be limited to fewer servers than are available
within the cluster until the table has reached the point where there are tablets on every
TabletServer. </p>
+<p>Pre-splitting a table ensures that there are as many tablets as desired available
before ingest begins to take advantage of all the parallelism possible with the cluster hardware.
Tables can be split anytime by using the shell: </p>
+<div class="codehilite"><pre><span class="n">user</span><span
class="nv">@myinstance</span> <span class="n">mytable</span><span
class="o">&gt;</span> <span class="n">addsplits</span> <span class="o">-</span><span
class="n">sf</span> <span class="o">/</span><span class="n">local_splitfile</span>
<span class="o">-</span><span class="n">t</span> <span class="n">mytable</span>
+</pre></div>
+
+
+<p>For the purposes of providing parallelism to ingest it is not necessary to create
more tablets than there are physical machines within the cluster as the aggregate ingest rate
is a function of the number of physical machines. Note that the aggregate ingest rate is still
subject to the number of machines running ingest clients, and the distribution of rowIDs across
the table. The aggregation ingest rate will be suboptimal if there are many inserts into a
small number of rowIDs. </p>
+<h2 id="a_idmultiple_ingester_clientsa_multiple_ingester_clients"><a id=Multiple_Ingester_Clients></a>
Multiple Ingester Clients</h2>
+<p>Accumulo is capable of scaling to very high rates of ingest, which is dependent
upon not just the number of TabletServers in operation but also the number of ingest clients.
This is because a single client, while capable of batching mutations and sending them to all
TabletServers, is ultimately limited by the amount of data that can be processed on a single
machine. The aggregate ingest rate will scale linearly with the number of clients up to the
point at which either the aggregate I/O of TabletServers or total network bandwidth capacity
is reached. </p>
+<p>In operational settings where high rates of ingest are paramount, clusters are often
configured to dedicate some number of machines solely to running Ingester Clients. The exact
ratio of clients to TabletServers necessary for optimum ingestion rates will vary according
to the distribution of resources per machine and by data type. </p>
+<h2 id="a_idbulk_ingesta_bulk_ingest"><a id=Bulk_Ingest></a> Bulk Ingest</h2>
+<p>Accumulo supports the ability to import files produced by an external process such
as MapReduce into an existing table. In some cases it may be faster to load data this way
rather than via ingesting through clients using BatchWriters. This allows a large number of
machines to format data the way Accumulo expects. The new files can then simply be introduced
to Accumulo via a shell command. </p>
+<p>To configure MapReduce to format data in preparation for bulk loading, the job should
be set to use a range partitioner instead of the default hash partitioner. The range partitioner
uses the split points of the Accumulo table that will receive the data. The split points can
be obtained from the shell and used by the MapReduce RangePartitioner. Note that this is only
useful if the existing table is already split into multiple tablets. </p>
+<div class="codehilite"><pre><span class="n">user</span><span
class="nv">@myinstance</span> <span class="n">mytable</span><span
class="o">&gt;</span> <span class="n">getsplits</span>
+<span class="n">aa</span>
+<span class="n">ab</span>
+<span class="n">ac</span>
+<span class="o">...</span>
+<span class="n">zx</span>
+<span class="n">zy</span>
+<span class="n">zz</span>
+</pre></div>
+
+
+<p>Run the MapReduce job, using the AccumuloFileOutputFormat to create the files to
be introduced to Accumulo. Once this is complete, the files can be added to Accumulo via the
shell: </p>
+<div class="codehilite"><pre><span class="n">user</span><span
class="nv">@myinstance</span> <span class="n">mytable</span><span
class="o">&gt;</span> <span class="n">importdirectory</span> <span
class="sr">/files_dir /</span><span class="n">failures</span>
+</pre></div>
+
+
+<p>Note that the paths referenced are directories within the same HDFS instance over
which Accumulo is running. Accumulo places any files that failed to be added to the second
directory specified. </p>
+<p>A complete example of using Bulk Ingest can be found at <br />
+accumulo/docs/examples/README.bulkIngest </p>
+<h2 id="a_idmapreduce_ingesta_mapreduce_ingest"><a id=MapReduce_Ingest></a>
MapReduce Ingest</h2>
+<p>It is possible to efficiently write many mutations to Accumulo in parallel via a
MapReduce job. In this scenario the MapReduce is written to process data that lives in HDFS
and write mutations to Accumulo using the AccumuloOutputFormat. See the MapReduce section
under Analytics for details. </p>
+<p>An example of using MapReduce can be found under <br />
+accumulo/docs/examples/README.mapred </p>
+<hr />
+<p><strong> Next:</strong> <a href="Analytics.html">Analytics</a>
<strong> Up:</strong> <a href="accumulo_user_manual.html">Accumulo User
Manual Version 1.3</a> <strong> Previous:</strong> <a href="Table_Design.html">Table
Design</a>   <strong> <a href="Contents.html">Contents</a></strong></p>
+  </div>
+
+  <div id="footer">
+    <div class="copyright">
+      <p>
+        Copyright &copy; 2011 The Apache Software Foundation, Licensed under
+        the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version
2.0</a>.
+        <br />
+        Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+      </p>
+    </div> 
+    <a alt="Apache Incubator" href="http://incubator.apache.org">
+      <img id="asf-logo" alt="Apache Incubator" src="/accumulo/images/apache-incubator-logo.png"
width="150"/>
+    </a>
+
+  </div>
+
+</body>
+</html>

Added: websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Introduction.html
==============================================================================
--- websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Introduction.html
(added)
+++ websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Introduction.html
Tue Nov  1 17:08:17 2011
@@ -0,0 +1,120 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE- 2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+  <link href="/accumulo/css/accumulo.css" rel="stylesheet" type="text/css">
+  <title>Accumulo User Manual: Introduction</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <script type="text/javascript">
+
+  var _gaq = _gaq || [];
+  _gaq.push(['_setAccount', 'UA-21103458-6']);
+  _gaq.push(['_trackPageview']);
+
+  (function() {
+    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+  })();
+
+  </script>
+</head>
+
+<body>
+  <div id="banner">
+    <img id="logo" alt="Apache accumulo (Incubating)" src="/accumulo/images/accumulo-logo.png"/>
+    <div id="bannertext">
+&nbsp; 
+    </div><br />
+  </div>
+  
+  <div id="navigation">
+  <h1 id="project">Project</h1>
+<ul>
+<li><a href="/accumulo">Home</a></li>
+<li><a href="http://incubator.apache.org/projects/accumulo.html">Incubator page</a>
+<!--  - Download --></li>
+<li><a href="/accumulo/notable_features.html">Features</a></li>
+<li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+</ul>
+<h1 id="community">Community</h1>
+<ul>
+<li><a href="/accumulo/get_involved.html">Get Involved</a></li>
+<li><a href="/accumulo/mailing_list.html">Mailing Lists</a></li>
+<li><a href="https://issues.apache.org/jira/secure/ConfigureReport.jspa?versionId=-2&amp;selectedProjectId=12312121&amp;reportKey=com.sourcelabs.jira.plugin.report.contributions%3Acontributionreport">People</a></li>
+</ul>
+<h1 id="development">Development</h1>
+<ul>
+<li><a href="/accumulo/source.html">Source Code</a></li>
+<li><a href="https://issues.apache.org/jira/browse/accumulo">Issues</a></li>
+<li><a href="https://builds.apache.org/job/Accumulo-Trunk">Builds</a></li>
+</ul>
+<h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="/accumulo/user_manual_1.3-incubating">Manual v1.3</a><ul>
+<li><a href="/accumulo/user_manual_1.3-incubating/examples.html">Examples v1.3</a></li>
+</ul>
+</li>
+<li><a href="/accumulo/user_manual_1.4-incubating">Manual v1.4</a>
+<!-- - klzzwxh:0005 -->
+<!-- - Javadoc -->
+<!-- - Examples --></li>
+<li><a href="/accumulo/screenshots.html">Screenshots</a></li>
+</ul>
+<!--
+# Development
+ - Source code
+ - Building
+-->
+
+<h1 id="asf_links">ASF links</h1>
+<ul>
+<li><a href="http://www.apache.org">Apache Software Foundation</a></li>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+  </div>
+
+  <div id="content">
+    <h1 class="title">Accumulo User Manual: Introduction</h1>
+    <p><strong> Next:</strong> <a href="Accumulo_Design.html">Accumulo
Design</a> <strong> Up:</strong> <a href="accumulo_user_manual.html">Accumulo
User Manual Version 1.3</a> <strong> Previous:</strong> <a href="Contents.html">Contents</a>
  <strong> <a href="Contents.html">Contents</a></strong> <br />
+</p>
+<h2 id="a_idintroductiona_introduction"><a id=Introduction></a> Introduction</h2>
+<p>Accumulo is a highly scalable structured store based on Google's BigTable. Accumulo
is written in Java and operates over the Hadoop Distributed File System (HDFS), which is part
of the popular Apache Hadoop project. Accumulo supports efficient storage and retrieval of
structured data, including queries for ranges, and provides support for using Accumulo tables
as input and output for MapReduce jobs. </p>
+<p>Accumulo features automatic load-balancing and partitioning, data compression and
fine-grained security labels. </p>
+<hr />
+  </div>
+
+  <div id="footer">
+    <div class="copyright">
+      <p>
+        Copyright &copy; 2011 The Apache Software Foundation, Licensed under
+        the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version
2.0</a>.
+        <br />
+        Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+      </p>
+    </div> 
+    <a alt="Apache Incubator" href="http://incubator.apache.org">
+      <img id="asf-logo" alt="Apache Incubator" src="/accumulo/images/apache-incubator-logo.png"
width="150"/>
+    </a>
+
+  </div>
+
+</body>
+</html>

Added: websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Security.html
==============================================================================
--- websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Security.html
(added)
+++ websites/staging/accumulo/trunk/content/accumulo/user_manual_1.3-incubating/Security.html
Tue Nov  1 17:08:17 2011
@@ -0,0 +1,186 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE- 2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+  <link href="/accumulo/css/accumulo.css" rel="stylesheet" type="text/css">
+  <title>Accumulo User Manual: Security</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <script type="text/javascript">
+
+  var _gaq = _gaq || [];
+  _gaq.push(['_setAccount', 'UA-21103458-6']);
+  _gaq.push(['_trackPageview']);
+
+  (function() {
+    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+  })();
+
+  </script>
+</head>
+
+<body>
+  <div id="banner">
+    <img id="logo" alt="Apache accumulo (Incubating)" src="/accumulo/images/accumulo-logo.png"/>
+    <div id="bannertext">
+&nbsp; 
+    </div><br />
+  </div>
+  
+  <div id="navigation">
+  <h1 id="project">Project</h1>
+<ul>
+<li><a href="/accumulo">Home</a></li>
+<li><a href="http://incubator.apache.org/projects/accumulo.html">Incubator page</a>
+<!--  - Download --></li>
+<li><a href="/accumulo/notable_features.html">Features</a></li>
+<li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+</ul>
+<h1 id="community">Community</h1>
+<ul>
+<li><a href="/accumulo/get_involved.html">Get Involved</a></li>
+<li><a href="/accumulo/mailing_list.html">Mailing Lists</a></li>
+<li><a href="https://issues.apache.org/jira/secure/ConfigureReport.jspa?versionId=-2&amp;selectedProjectId=12312121&amp;reportKey=com.sourcelabs.jira.plugin.report.contributions%3Acontributionreport">People</a></li>
+</ul>
+<h1 id="development">Development</h1>
+<ul>
+<li><a href="/accumulo/source.html">Source Code</a></li>
+<li><a href="https://issues.apache.org/jira/browse/accumulo">Issues</a></li>
+<li><a href="https://builds.apache.org/job/Accumulo-Trunk">Builds</a></li>
+</ul>
+<h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="/accumulo/user_manual_1.3-incubating">Manual v1.3</a><ul>
+<li><a href="/accumulo/user_manual_1.3-incubating/examples.html">Examples v1.3</a></li>
+</ul>
+</li>
+<li><a href="/accumulo/user_manual_1.4-incubating">Manual v1.4</a>
+<!-- - klzzwxh:0005 -->
+<!-- - Javadoc -->
+<!-- - Examples --></li>
+<li><a href="/accumulo/screenshots.html">Screenshots</a></li>
+</ul>
+<!--
+# Development
+ - Source code
+ - Building
+-->
+
+<h1 id="asf_links">ASF links</h1>
+<ul>
+<li><a href="http://www.apache.org">Apache Software Foundation</a></li>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+  </div>
+
+  <div id="content">
+    <h1 class="title">Accumulo User Manual: Security</h1>
+    <p><strong> Next:</strong> <a href="Administration.html">Administration</a>
<strong> Up:</strong> <a href="accumulo_user_manual.html">Accumulo User
Manual Version 1.3</a> <strong> Previous:</strong> <a href="Analytics.html">Analytics</a>
  <strong> <a href="Contents.html">Contents</a></strong> <br />
+</p>
+<p><a id=CHILD_LINKS></a><strong>Subsections</strong></p>
+<ul>
+<li><a href="Security.html#Security_Label_Expressions">Security Label Expressions</a></li>
+<li><a href="Security.html#Security_Label_Expression_Syntax">Security Label Expression
Syntax</a></li>
+<li><a href="Security.html#Authorization">Authorization</a></li>
+<li><a href="Security.html#Secure_Authorizations_Handling">Secure Authorizations
Handling</a></li>
+<li><a href="Security.html#Query_Services_Layer">Query Services Layer</a></li>
+</ul>
+<hr />
+<h2 id="a_idsecuritya_security"><a id=Security></a> Security</h2>
+<p>Accumulo extends the BigTable data model to implement a security mechanism known
as cell-level security. Every key-value pair has its own security label, stored under the
column visibility element of the key, which is used to determine whether a given user meets
the security requirements to read the value. This enables data of various security levels
to be stored within the same row, and users of varying degrees of access to query the same
table, while preserving data confidentiality. </p>
+<h2 id="a_idsecurity_label_expressionsa_security_label_expressions"><a id=Security_Label_Expressions></a>
Security Label Expressions</h2>
+<p>When mutations are applied, users can specify a security label for each value. This
is done as the Mutation is created by passing a ColumnVisibility object to the put() method:
</p>
+<div class="codehilite"><pre><span class="n">Text</span> <span
class="n">rowID</span> <span class="o">=</span> <span class="k">new</span>
<span class="n">Text</span><span class="p">(</span><span class="s">&quot;row1&quot;</span><span
class="p">);</span>
+<span class="n">Text</span> <span class="n">colFam</span> <span
class="o">=</span> <span class="k">new</span> <span class="n">Text</span><span
class="p">(</span><span class="s">&quot;myColFam&quot;</span><span
class="p">);</span>
+<span class="n">Text</span> <span class="n">colQual</span> <span
class="o">=</span> <span class="k">new</span> <span class="n">Text</span><span
class="p">(</span><span class="s">&quot;myColQual&quot;</span><span
class="p">);</span>
+<span class="n">ColumnVisibility</span> <span class="n">colVis</span>
<span class="o">=</span> <span class="k">new</span> <span class="n">ColumnVisibility</span><span
class="p">(</span><span class="s">&quot;public&quot;</span><span
class="p">);</span>
+<span class="n">long</span> <span class="n">timestamp</span> <span
class="o">=</span> <span class="n">System</span><span class="o">.</span><span
class="n">currentTimeMillis</span><span class="p">();</span>
+
+<span class="n">Value</span> <span class="n">value</span> <span
class="o">=</span> <span class="k">new</span> <span class="n">Value</span><span
class="p">(</span><span class="s">&quot;myValue&quot;</span><span
class="p">);</span>
+
+<span class="n">Mutation</span> <span class="n">mutation</span> <span
class="o">=</span> <span class="k">new</span> <span class="n">Mutation</span><span
class="p">(</span><span class="n">rowID</span><span class="p">);</span>
+<span class="n">mutation</span><span class="o">.</span><span class="n">put</span><span
class="p">(</span><span class="n">colFam</span><span class="p">,</span>
<span class="n">colQual</span><span class="p">,</span> <span class="n">colVis</span><span
class="p">,</span> <span class="n">timestamp</span><span class="p">,</span>
<span class="n">value</span><span class="p">);</span>
+</pre></div>
+
+
+<h2 id="a_idsecurity_label_expression_syntaxa_security_label_expression_syntax"><a
id=Security_Label_Expression_Syntax></a> Security Label Expression Syntax</h2>
+<p>Security labels consist of a set of user-defined tokens that are required to read
the value the label is associated with. The set of tokens required can be specified using
syntax that supports logical AND and OR combinations of tokens, as well as nesting groups
of tokens together. </p>
+<p>For example, suppose within our organization we want to label our data values with
security labels defined in terms of user roles. We might have tokens such as: </p>
+<div class="codehilite"><pre><span class="n">admin</span>
+<span class="n">audit</span>
+<span class="nb">system</span>
+</pre></div>
+
+
+<p>These can be specified alone or combined using logical operators: </p>
+<div class="codehilite"><pre><span class="sr">//</span> <span
class="n">Users</span> <span class="n">must</span> <span class="n">have</span>
<span class="n">admin</span> <span class="n">privileges:</span>
+<span class="n">admin</span>
+
+<span class="sr">//</span> <span class="n">Users</span> <span
class="n">must</span> <span class="n">have</span> <span class="n">admin</span>
<span class="ow">and</span> <span class="n">audit</span> <span
class="n">privileges</span>
+<span class="n">admin</span><span class="o">&amp;</span><span
class="n">audit</span>
+
+<span class="sr">//</span> <span class="n">Users</span> <span
class="n">with</span> <span class="n">either</span> <span class="n">admin</span>
<span class="ow">or</span> <span class="n">audit</span> <span class="n">privileges</span>
+<span class="n">admin</span><span class="o">|</span><span class="n">audit</span>
+
+<span class="sr">//</span> <span class="n">Users</span> <span
class="n">must</span> <span class="n">have</span> <span class="n">audit</span>
<span class="ow">and</span> <span class="n">one</span> <span class="ow">or</span>
<span class="n">both</span> <span class="n">of</span> <span class="n">admin</span>
<span class="ow">or</span> <span class="nb">system</span>
+<span class="p">(</span><span class="n">admin</span><span class="o">|</span><span
class="nb">system</span><span class="p">)</span><span class="o">&amp;</span><span
class="n">audit</span>
+</pre></div>
+
+
+<p>When both <code>|</code> and <code>&amp;</code> operators
are used, parentheses must be used to specify precedence of the operators. </p>
+<h2 id="a_idauthorizationa_authorization"><a id=Authorization></a> Authorization</h2>
+<p>When clients attempt to read data from Accumulo, any security labels present are
examined against the set of authorizations passed by the client code when the Scanner or BatchScanner
are created. If the authorizations are determined to be insufficient to satisfy the security
label, the value is suppressed from the set of results sent back to the client. </p>
+<p>Authorizations are specified as a comma-separated list of tokens the user possesses:
</p>
+<div class="codehilite"><pre><span class="sr">//</span> <span
class="n">user</span> <span class="n">possess</span> <span class="n">both</span>
<span class="n">admin</span> <span class="ow">and</span> <span
class="nb">system</span> <span class="n">level</span> <span class="n">access</span>
+<span class="n">Authorization</span> <span class="n">auths</span>
<span class="o">=</span> <span class="k">new</span> <span class="n">Authorization</span><span
class="p">(</span><span class="s">&quot;admin,system&quot;</span><span
class="p">);</span>
+
+<span class="n">Scanner</span> <span class="n">s</span> <span
class="o">=</span> <span class="n">connector</span><span class="o">.</span><span
class="n">createScanner</span><span class="p">(</span><span class="s">&quot;table&quot;</span><span
class="p">,</span> <span class="n">auths</span><span class="p">);</span>
+</pre></div>
+
+
+<h2 id="a_idsecure_authorizations_handlinga_secure_authorizations_handling"><a id=Secure_Authorizations_Handling></a>
Secure Authorizations Handling</h2>
+<p>Because the client can pass any authorization tokens to Accumulo, applications must
be designed to obtain users' authorization tokens from a trusted 3rd party rather than having
the users specify their authorizations directly. </p>
+<p>Often production systems will integrate with Public-Key Infrastructure (PKI) and
designate client code within the query layer to negotiate with PKI servers in order to authenticate
users and retrieve their authorization tokens (credentials). This requires users to specify
only the information necessary to authenticate themselves to the system. Once user identity
is established, their credentials can be accessed by the client code and passed to Accumulo
outside of the reach of the user. </p>
+<h2 id="a_idquery_services_layera_query_services_layer"><a id=Query_Services_Layer></a>
Query Services Layer</h2>
+<p>Since the primary method of interaction with Accumulo is through the Java API, production
environments often call for the implementation of a Query layer. This can be done using web
services in containers such as Apache Tomcat, but is not a requirement. The Query Services
Layer provides a mechanism for providing a platform on which user facing applications can
be built. This allows the application designers to isolate potentially complex query logic,
and enables a convenient point at which to perform essential security functions. </p>
+<p>Several production environments choose to implement authentication at this layer,
where users identifiers are used to retrieve their access credentials which are then cached
within the query layer and presented to Accumulo through the Authorizations mechanism. </p>
+<p>Typically, the query services layer sits between Accumulo and user workstations.
</p>
+<hr />
+<p><strong> Next:</strong> <a href="Administration.html">Administration</a>
<strong> Up:</strong> <a href="accumulo_user_manual.html">Accumulo User
Manual Version 1.3</a> <strong> Previous:</strong> <a href="Analytics.html">Analytics</a>
  <strong> <a href="Contents.html">Contents</a></strong></p>
+  </div>
+
+  <div id="footer">
+    <div class="copyright">
+      <p>
+        Copyright &copy; 2011 The Apache Software Foundation, Licensed under
+        the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version
2.0</a>.
+        <br />
+        Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+      </p>
+    </div> 
+    <a alt="Apache Incubator" href="http://incubator.apache.org">
+      <img id="asf-logo" alt="Apache Incubator" src="/accumulo/images/apache-incubator-logo.png"
width="150"/>
+    </a>
+
+  </div>
+
+</body>
+</html>



Mime
View raw message