cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tylerho...@apache.org
Subject svn commit: r1757419 [27/29] - in /cassandra/site/src/doc: ./ 3.10/ 3.10/_images/ 3.10/_sources/ 3.10/_sources/architecture/ 3.10/_sources/configuration/ 3.10/_sources/cql/ 3.10/_sources/data_modeling/ 3.10/_sources/development/ 3.10/_sources/faq/ 3.10...
Date Tue, 23 Aug 2016 19:25:18 GMT
Added: cassandra/site/src/doc/3.10/operating/security.html
URL: http://svn.apache.org/viewvc/cassandra/site/src/doc/3.10/operating/security.html?rev=1757419&view=auto
==============================================================================
--- cassandra/site/src/doc/3.10/operating/security.html (added)
+++ cassandra/site/src/doc/3.10/operating/security.html Tue Aug 23 19:25:17 2016
@@ -0,0 +1,448 @@
+---
+layout: docpage
+
+title: "Documentation"
+
+is_homepage: false
+is_sphinx_doc: true
+
+doc-parent: "Operating Cassandra"
+
+doc-title: "Security"
+doc-header-links: '
+  <link rel="top" title="Apache Cassandra Documentation v3.10" href="../index.html"/>
+      <link rel="up" title="Operating Cassandra" href="index.html"/>
+      <link rel="next" title="Hardware Choices" href="hardware.html"/>
+      <link rel="prev" title="Monitoring" href="metrics.html"/>
+'
+doc-search-path: "../search.html"
+
+extra-footer: '
+<script type="text/javascript">
+    var DOCUMENTATION_OPTIONS = {
+      URL_ROOT:    "",
+      VERSION:     "",
+      COLLAPSE_INDEX: false,
+      FILE_SUFFIX: ".html",
+      HAS_SOURCE:  false,
+      SOURCELINK_SUFFIX: ""
+    };
+</script>
+'
+
+---
+<div class="container-fluid">
+  <div class="row">
+    <div class="col-md-2">
+      <div class="doc-navigation">
+        <div class="doc-menu" role="navigation">
+          <div class="navbar-header">
+            <button type="button" class="pull-left navbar-toggle" data-toggle="collapse" data-target=".sidebar-navbar-collapse">
+              <span class="sr-only">Toggle navigation</span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+            </button>
+          </div>
+          <div class="navbar-collapse collapse sidebar-navbar-collapse">
+            <form id="doc-search-form" class="navbar-form" action="../search.html" method="get" role="search">
+              <div class="form-group">
+                <input type="text" size="30" class="form-control input-sm" name="q" placeholder="Search docs">
+                <input type="hidden" name="check_keywords" value="yes" />
+                <input type="hidden" name="area" value="default" />
+              </div>
+            </form>
+            
+            
+            
+            <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../getting_started/index.html">Getting Started</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../architecture/index.html">Architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data_modeling/index.html">Data Modeling</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../cql/index.html">The Cassandra Query Language (CQL)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../configuration/index.html">Configuring Cassandra</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Operating Cassandra</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="snitch.html">Snitch</a></li>
+<li class="toctree-l2"><a class="reference internal" href="topo_changes.html">Adding, replacing, moving and removing nodes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="repair.html">Repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="read_repair.html">Read repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hints.html">Hints</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compaction.html">Compaction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bloom_filters.html">Bloom Filters</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compression.html">Compression</a></li>
+<li class="toctree-l2"><a class="reference internal" href="cdc.html">Change Data Capture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="backups.html">Backups</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bulk_loading.html">Bulk Loading</a></li>
+<li class="toctree-l2"><a class="reference internal" href="metrics.html">Monitoring</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">Security</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#tls-ssl-encryption">TLS/SSL Encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#roles">Roles</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#authentication">Authentication</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#authorization">Authorization</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#caching">Caching</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#jmx-access">JMX access</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hardware.html">Hardware Choices</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Cassandra Tools</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../troubleshooting/index.html">Troubleshooting</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../development/index.html">Cassandra Development</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../faq/index.html">Frequently Asked Questions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../bugs.html">Reporting Bugs and Contributing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../contactus.html">Contact us</a></li>
+</ul>
+
+            
+            
+          </div><!--/.nav-collapse -->
+        </div>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="content doc-content">
+        <div class="container">
+          
+  <div class="section" id="security">
+<h1>Security<a class="headerlink" href="#security" title="Permalink to this headline">¶</a></h1>
+<p>There are three main components to the security features provided by Cassandra:</p>
+<ul class="simple">
+<li>TLS/SSL encryption for client and inter-node communication</li>
+<li>Client authentication</li>
+<li>Authorization</li>
+</ul>
+<div class="section" id="tls-ssl-encryption">
+<h2>TLS/SSL Encryption<a class="headerlink" href="#tls-ssl-encryption" title="Permalink to this headline">¶</a></h2>
+<p>Cassandra provides secure communication between a client machine and a database cluster and between nodes within a
+cluster. Enabling encryption ensures that data in flight is not compromised and is transferred securely. The options for
+client-to-node and node-to-node encryption are managed separately and may be configured independently.</p>
+<p>In both cases, the JVM defaults for supported protocols and cipher suites are used when encryption is enabled. These can
+be overidden using the settings in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>, but this is not recommended unless there are policies in place
+which dictate certain settings or a need to disable vulnerable ciphers or protocols in cases where the JVM cannot be
+updated.</p>
+<p>FIPS compliant settings can be configured at the JVM level and should not involve changing encryption settings in
+cassandra.yaml. See <a class="reference external" href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html">the java document on FIPS</a>
+for more details.</p>
+<p>For information on generating the keystore and truststore files used in SSL communications, see the
+<a class="reference external" href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore">java documentation on creating keystores</a></p>
+<div class="section" id="inter-node-encryption">
+<h3>Inter-node Encryption<a class="headerlink" href="#inter-node-encryption" title="Permalink to this headline">¶</a></h3>
+<p>The settings for managing inter-node encryption are found in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> in the <code class="docutils literal"><span class="pre">server_encryption_options</span></code>
+section. To enable inter-node encryption, change the <code class="docutils literal"><span class="pre">internode_encryption</span></code> setting from its default value of <code class="docutils literal"><span class="pre">none</span></code>
+to one value from: <code class="docutils literal"><span class="pre">rack</span></code>, <code class="docutils literal"><span class="pre">dc</span></code> or <code class="docutils literal"><span class="pre">all</span></code>.</p>
+</div>
+<div class="section" id="client-to-node-encryption">
+<h3>Client to Node Encryption<a class="headerlink" href="#client-to-node-encryption" title="Permalink to this headline">¶</a></h3>
+<p>The settings for managing client to node encryption are found in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> in the <code class="docutils literal"><span class="pre">client_encryption_options</span></code>
+section. There are two primary toggles here for enabling encryption, <code class="docutils literal"><span class="pre">enabled</span></code> and <code class="docutils literal"><span class="pre">optional</span></code>.</p>
+<ul class="simple">
+<li>If neither is set to <code class="docutils literal"><span class="pre">true</span></code>, client connections are entirely unencrypted.</li>
+<li>If <code class="docutils literal"><span class="pre">enabled</span></code> is set to <code class="docutils literal"><span class="pre">true</span></code> and <code class="docutils literal"><span class="pre">optional</span></code> is set to <code class="docutils literal"><span class="pre">false</span></code>, all client connections must be secured.</li>
+<li>If both options are set to <code class="docutils literal"><span class="pre">true</span></code>, both encrypted and unencrypted connections are supported using the same port.
+Client connections using encryption with this configuration will be automatically detected and handled by the server.</li>
+</ul>
+<p>As an alternative to the <code class="docutils literal"><span class="pre">optional</span></code> setting, separate ports can also be configured for secure and unsecure connections
+where operational requirements demand it. To do so, set <code class="docutils literal"><span class="pre">optional</span></code> to false and use the <code class="docutils literal"><span class="pre">native_transport_port_ssl</span></code>
+setting in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> to specify the port to be used for secure client communication.</p>
+</div>
+</div>
+<div class="section" id="roles">
+<span id="operation-roles"></span><h2>Roles<a class="headerlink" href="#roles" title="Permalink to this headline">¶</a></h2>
+<p>Cassandra uses database roles, which may represent either a single user or a group of users, in both authentication and
+permissions management. Role management is an extension point in Cassandra and may be configured using the
+<code class="docutils literal"><span class="pre">role_manager</span></code> setting in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>. The default setting uses <code class="docutils literal"><span class="pre">CassandraRoleManager</span></code>, an implementation
+which stores role information in the tables of the <code class="docutils literal"><span class="pre">system_auth</span></code> keyspace.</p>
+<p>See also the <a class="reference internal" href="../cql/security.html#cql-roles"><span class="std std-ref">CQL documentation on roles</span></a>.</p>
+</div>
+<div class="section" id="authentication">
+<h2>Authentication<a class="headerlink" href="#authentication" title="Permalink to this headline">¶</a></h2>
+<p>Authentication is pluggable in Cassandra and is configured using the <code class="docutils literal"><span class="pre">authenticator</span></code> setting in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>.
+Cassandra ships with two options included in the default distribution.</p>
+<p>By default, Cassandra is configured with <code class="docutils literal"><span class="pre">AllowAllAuthenticator</span></code> which performs no authentication checks and therefore
+requires no credentials. It is used to disable authentication completely. Note that authentication is a necessary
+condition of Cassandra&#8217;s permissions subsystem, so if authentication is disabled, effectively so are permissions.</p>
+<p>The default distribution also includes <code class="docutils literal"><span class="pre">PasswordAuthenticator</span></code>, which stores encrypted credentials in a system table.
+This can be used to enable simple username/password authentication.</p>
+<div class="section" id="enabling-password-authentication">
+<span id="password-authentication"></span><h3>Enabling Password Authentication<a class="headerlink" href="#enabling-password-authentication" title="Permalink to this headline">¶</a></h3>
+<p>Before enabling client authentication on the cluster, client applications should be pre-configured with their intended
+credentials. When a connection is initiated, the server will only ask for credentials once authentication is
+enabled, so setting up the client side config in advance is safe. In contrast, as soon as a server has authentication
+enabled, any connection attempt without proper credentials will be rejected which may cause availability problems for
+client applications. Once clients are setup and ready for authentication to be enabled, follow this procedure to enable
+it on the cluster.</p>
+<p>Pick a single node in the cluster on which to perform the initial configuration. Ideally, no clients should connect
+to this node during the setup process, so you may want to remove it from client config, block it at the network level
+or possibly add a new temporary node to the cluster for this purpose. On that node, perform the following steps:</p>
+<ol class="arabic simple">
+<li>Open a <code class="docutils literal"><span class="pre">cqlsh</span></code> session and change the replication factor of the <code class="docutils literal"><span class="pre">system_auth</span></code> keyspace. By default, this keyspace
+uses <code class="docutils literal"><span class="pre">SimpleReplicationStrategy</span></code> and a <code class="docutils literal"><span class="pre">replication_factor</span></code> of 1. It is recommended to change this for any
+non-trivial deployment to ensure that should nodes become unavailable, login is still possible. Best practice is to
+configure a replication factor of 3 to 5 per-DC.</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>ALTER KEYSPACE system_auth WITH replication = {&#39;class&#39;: &#39;NetworkTopologyStrategy&#39;, &#39;DC1&#39;: 3, &#39;DC2&#39;: 3};
+</pre></div>
+</div>
+<ol class="arabic simple" start="2">
+<li>Edit <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> to change the <code class="docutils literal"><span class="pre">authenticator</span></code> option like so:</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>authenticator: PasswordAuthenticator
+</pre></div>
+</div>
+<ol class="arabic simple" start="3">
+<li>Restart the node.</li>
+<li>Open a new <code class="docutils literal"><span class="pre">cqlsh</span></code> session using the credentials of the default superuser:</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>cqlsh -u cassandra -p cassandra
+</pre></div>
+</div>
+<ol class="arabic simple" start="5">
+<li>During login, the credentials for the default superuser are read with a consistency level of <code class="docutils literal"><span class="pre">QUORUM</span></code>, whereas
+those for all other users (including superusers) are read at <code class="docutils literal"><span class="pre">LOCAL_ONE</span></code>. In the interests of performance and
+availability, as well as security, operators should create another superuser and disable the default one. This step
+is optional, but highly recommended. While logged in as the default superuser, create another superuser role which
+can be used to bootstrap further configuration.</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span># create a new superuser
+CREATE ROLE dba WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = &#39;super&#39;;
+</pre></div>
+</div>
+<ol class="arabic simple" start="6">
+<li>Start a new cqlsh session, this time logging in as the new_superuser and disable the default superuser.</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;
+</pre></div>
+</div>
+<ol class="arabic simple" start="7">
+<li>Finally, set up the roles and credentials for your application users with <a class="reference internal" href="../cql/security.html#create-role-statement"><span class="std std-ref">CREATE ROLE</span></a>
+statements.</li>
+</ol>
+<p>At the end of these steps, the one node is configured to use password authentication. To roll that out across the
+cluster, repeat steps 2 and 3 on each node in the cluster. Once all nodes have been restarted, authentication will be
+fully enabled throughout the cluster.</p>
+<p>Note that using <code class="docutils literal"><span class="pre">PasswordAuthenticator</span></code> also requires the use of <a class="reference internal" href="#operation-roles"><span class="std std-ref">CassandraRoleManager</span></a>.</p>
+<p>See also: <a class="reference internal" href="../cql/security.html#setting-credentials-for-internal-authentication"><span class="std std-ref">Setting credentials for internal authentication</span></a>, <a class="reference internal" href="../cql/security.html#create-role-statement"><span class="std std-ref">CREATE ROLE</span></a>,
+<a class="reference internal" href="../cql/security.html#alter-role-statement"><span class="std std-ref">ALTER ROLE</span></a>, <a class="reference internal" href="../cql/ddl.html#alter-keyspace-statement"><span class="std std-ref">ALTER KEYSPACE</span></a> and <a class="reference internal" href="../cql/security.html#grant-permission-statement"><span class="std std-ref">GRANT PERMISSION</span></a>,</p>
+</div>
+</div>
+<div class="section" id="authorization">
+<h2>Authorization<a class="headerlink" href="#authorization" title="Permalink to this headline">¶</a></h2>
+<p>Authorization is pluggable in Cassandra and is configured using the <code class="docutils literal"><span class="pre">authorizer</span></code> setting in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>.
+Cassandra ships with two options included in the default distribution.</p>
+<p>By default, Cassandra is configured with <code class="docutils literal"><span class="pre">AllowAllAuthorizer</span></code> which performs no checking and so effectively grants all
+permissions to all roles. This must be used if <code class="docutils literal"><span class="pre">AllowAllAuthenticator</span></code> is the configured authenticator.</p>
+<p>The default distribution also includes <code class="docutils literal"><span class="pre">CassandraAuthorizer</span></code>, which does implement full permissions management
+functionality and stores its data in Cassandra system tables.</p>
+<div class="section" id="enabling-internal-authorization">
+<h3>Enabling Internal Authorization<a class="headerlink" href="#enabling-internal-authorization" title="Permalink to this headline">¶</a></h3>
+<p>Permissions are modelled as a whitelist, with the default assumption that a given role has no access to any database
+resources. The implication of this is that once authorization is enabled on a node, all requests will be rejected until
+the required permissions have been granted. For this reason, it is strongly recommended to perform the initial setup on
+a node which is not processing client requests.</p>
+<p>The following assumes that authentication has already been enabled via the process outlined in
+<a class="reference internal" href="#password-authentication"><span class="std std-ref">Enabling Password Authentication</span></a>. Perform these steps to enable internal authorization across the cluster:</p>
+<ol class="arabic simple">
+<li>On the selected node, edit <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> to change the <code class="docutils literal"><span class="pre">authorizer</span></code> option like so:</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>authorizer: CassandraAuthorizer
+</pre></div>
+</div>
+<ol class="arabic simple" start="2">
+<li>Restart the node.</li>
+<li>Open a new <code class="docutils literal"><span class="pre">cqlsh</span></code> session using the credentials of a role with superuser credentials:</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>cqlsh -u dba -p super
+</pre></div>
+</div>
+<ol class="arabic simple" start="4">
+<li>Configure the appropriate access privileges for your clients using <a class="reference external" href="cql.html#grant-permission">GRANT PERMISSION</a>
+statements. On the other nodes, until configuration is updated and the node restarted, this will have no effect so
+disruption to clients is avoided.</li>
+</ol>
+<div class="highlight-none"><div class="highlight"><pre><span></span>GRANT SELECT ON ks.t1 TO db_user;
+</pre></div>
+</div>
+<ol class="arabic simple" start="5">
+<li>Once all the necessary permissions have been granted, repeat steps 1 and 2 for each node in turn. As each node
+restarts and clients reconnect, the enforcement of the granted permissions will begin.</li>
+</ol>
+<p>See also: <a class="reference internal" href="../cql/security.html#grant-permission-statement"><span class="std std-ref">GRANT PERMISSION</span></a>, <cite>GRANT ALL &lt;grant-all&gt;</cite> and <a class="reference internal" href="../cql/security.html#revoke-permission-statement"><span class="std std-ref">REVOKE PERMISSION</span></a></p>
+</div>
+</div>
+<div class="section" id="caching">
+<h2>Caching<a class="headerlink" href="#caching" title="Permalink to this headline">¶</a></h2>
+<p>Enabling authentication and authorization places additional load on the cluster by frequently reading from the
+<code class="docutils literal"><span class="pre">system_auth</span></code> tables. Furthermore, these reads are in the critical paths of many client operations, and so has the
+potential to severely impact quality of service. To mitigate this, auth data such as credentials, permissions and role
+details are cached for a configurable period. The caching can be configured (and even disabled) from <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>
+or using a JMX client. The JMX interface also supports invalidation of the various caches, but any changes made via JMX
+are not persistent and will be re-read from <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> when the node is restarted.</p>
+<p>Each cache has 3 options which can be set:</p>
+<dl class="docutils">
+<dt>Validity Period</dt>
+<dd>Controls the expiration of cache entries. After this period, entries are invalidated and removed from the cache.</dd>
+<dt>Refresh Rate</dt>
+<dd>Controls the rate at which background reads are performed to pick up any changes to the underlying data. While these
+async refreshes are performed, caches will continue to serve (possibly) stale data. Typically, this will be set to a
+shorter time than the validity period.</dd>
+<dt>Max Entries</dt>
+<dd>Controls the upper bound on cache size.</dd>
+</dl>
+<p>The naming for these options in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> follows the convention:</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">&lt;type&gt;_validity_in_ms</span></code></li>
+<li><code class="docutils literal"><span class="pre">&lt;type&gt;_update_interval_in_ms</span></code></li>
+<li><code class="docutils literal"><span class="pre">&lt;type&gt;_cache_max_entries</span></code></li>
+</ul>
+<p>Where <code class="docutils literal"><span class="pre">&lt;type&gt;</span></code> is one of <code class="docutils literal"><span class="pre">credentials</span></code>, <code class="docutils literal"><span class="pre">permissions</span></code>, or <code class="docutils literal"><span class="pre">roles</span></code>.</p>
+<p>As mentioned, these are also exposed via JMX in the mbeans under the <code class="docutils literal"><span class="pre">org.apache.cassandra.auth</span></code> domain.</p>
+</div>
+<div class="section" id="jmx-access">
+<h2>JMX access<a class="headerlink" href="#jmx-access" title="Permalink to this headline">¶</a></h2>
+<p>Access control for JMX clients is configured separately to that for CQL. For both authentication and authorization, two
+providers are available; the first based on standard JMX security and the second which integrates more closely with
+Cassandra&#8217;s own auth subsystem.</p>
+<p>The default settings for Cassandra make JMX accessible only from localhost. To enable remote JMX connections, edit
+<code class="docutils literal"><span class="pre">cassandra-env.sh</span></code> (or <code class="docutils literal"><span class="pre">cassandra-env.ps1</span></code> on Windows) to change the <code class="docutils literal"><span class="pre">LOCAL_JMX</span></code> setting to <code class="docutils literal"><span class="pre">yes</span></code>. Under the
+standard configuration, when remote JMX connections are enabled, <a class="reference internal" href="#standard-jmx-auth"><span class="std std-ref">standard JMX authentication</span></a>
+is also switched on.</p>
+<p>Note that by default, local-only connections are not subject to authentication, but this can be enabled.</p>
+<p>If enabling remote connections, it is recommended to also use <a class="reference internal" href="#jmx-with-ssl"><span class="std std-ref">SSL</span></a> connections.</p>
+<p>Finally, after enabling auth and/or SSL, ensure that tools which use JMX, such as <a class="reference internal" href="../tools/nodetool.html#nodetool"><span class="std std-ref">nodetool</span></a>, are
+correctly configured and working as expected.</p>
+<div class="section" id="standard-jmx-auth">
+<span id="id1"></span><h3>Standard JMX Auth<a class="headerlink" href="#standard-jmx-auth" title="Permalink to this headline">¶</a></h3>
+<p>Users permitted to connect to the JMX server are specified in a simple text file. The location of this file is set in
+<code class="docutils literal"><span class="pre">cassandra-env.sh</span></code> by the line:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>JVM_OPTS=&quot;$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password&quot;
+</pre></div>
+</div>
+<p>Edit the password file to add username/password pairs:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>jmx_user jmx_password
+</pre></div>
+</div>
+<p>Secure the credentials file so that only the user running the Cassandra process can read it :</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>$ chown cassandra:cassandra /etc/cassandra/jmxremote.password
+$ chmod 400 /etc/cassandra/jmxremote.password
+</pre></div>
+</div>
+<p>Optionally, enable access control to limit the scope of what defined users can do via JMX. Note that this is a fairly
+blunt instrument in this context as most operational tools in Cassandra require full read/write access. To configure a
+simple access file, uncomment this line in <code class="docutils literal"><span class="pre">cassandra-env.sh</span></code>:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>#JVM_OPTS=&quot;$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access&quot;
+</pre></div>
+</div>
+<p>Then edit the access file to grant your JMX user readwrite permission:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>jmx_user readwrite
+</pre></div>
+</div>
+<p>Cassandra must be restarted to pick up the new settings.</p>
+<p>See also : <a class="reference external" href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdenv">Using File-Based Password Authentication In JMX</a></p>
+</div>
+<div class="section" id="cassandra-integrated-auth">
+<h3>Cassandra Integrated Auth<a class="headerlink" href="#cassandra-integrated-auth" title="Permalink to this headline">¶</a></h3>
+<p>An alternative to the out-of-the-box JMX auth is to useeCassandra&#8217;s own authentication and/or authorization providers
+for JMX clients. This is potentially more flexible and secure but it come with one major caveat. Namely that it is not
+available until <cite>after</cite> a node has joined the ring, because the auth subsystem is not fully configured until that point
+However, it is often critical for monitoring purposes to have JMX access particularly during bootstrap. So it is
+recommended, where possible, to use local only JMX auth during bootstrap and then, if remote connectivity is required,
+to switch to integrated auth once the node has joined the ring and initial setup is complete.</p>
+<p>With this option, the same database roles used for CQL authentication can be used to control access to JMX, so updates
+can be managed centrally using just <code class="docutils literal"><span class="pre">cqlsh</span></code>. Furthermore, fine grained control over exactly which operations are
+permitted on particular MBeans can be acheived via <a class="reference internal" href="../cql/security.html#grant-permission-statement"><span class="std std-ref">GRANT PERMISSION</span></a>.</p>
+<p>To enable integrated authentication, edit <code class="docutils literal"><span class="pre">cassandra-env.sh</span></code> to uncomment these lines:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>#JVM_OPTS=&quot;$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin&quot;
+#JVM_OPTS=&quot;$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_HOME/conf/cassandra-jaas.config&quot;
+</pre></div>
+</div>
+<p>And disable the JMX standard auth by commenting this line:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>JVM_OPTS=&quot;$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password&quot;
+</pre></div>
+</div>
+<p>To enable integrated authorization, uncomment this line:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>#JVM_OPTS=&quot;$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy&quot;
+</pre></div>
+</div>
+<p>Check standard access control is off by ensuring this line is commented out:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>#JVM_OPTS=&quot;$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access&quot;
+</pre></div>
+</div>
+<p>With integrated authentication and authorization enabled, operators can define specific roles and grant them access to
+the particular JMX resources that they need. For example, a role with the necessary permissions to use tools such as
+jconsole or jmc in read-only mode would be defined as:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>CREATE ROLE jmx WITH LOGIN = false;
+GRANT SELECT ON ALL MBEANS TO jmx;
+GRANT DESCRIBE ON ALL MBEANS TO jmx;
+GRANT EXECUTE ON MBEAN &#39;java.lang:type=Threading&#39; TO jmx;
+GRANT EXECUTE ON MBEAN &#39;com.sun.management:type=HotSpotDiagnostic&#39; TO jmx;
+
+# Grant the jmx role to one with login permissions so that it can access the JMX tooling
+CREATE ROLE ks_user WITH PASSWORD = &#39;password&#39; AND LOGIN = true AND SUPERUSER = false;
+GRANT jmx TO ks_user;
+</pre></div>
+</div>
+<p>Fine grained access control to individual MBeans is also supported:</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>GRANT EXECUTE ON MBEAN &#39;org.apache.cassandra.db:type=Tables,keyspace=test_keyspace,table=t1&#39; TO ks_user;
+GRANT EXECUTE ON MBEAN &#39;org.apache.cassandra.db:type=Tables,keyspace=test_keyspace,table=*&#39; TO ks_owner;
+</pre></div>
+</div>
+<p>This permits the <code class="docutils literal"><span class="pre">ks_user</span></code> role to invoke methods on the MBean representing a single table in <code class="docutils literal"><span class="pre">test_keyspace</span></code>, while
+granting the same permission for all table level MBeans in that keyspace to the <code class="docutils literal"><span class="pre">ks_owner</span></code> role.</p>
+<p>Adding/removing roles and granting/revoking of permissions is handled dynamically once the initial setup is complete, so
+no further restarts are required if permissions are altered.</p>
+<p>See also: <a class="reference internal" href="../cql/security.html#cql-permissions"><span class="std std-ref">Permissions</span></a>.</p>
+</div>
+<div class="section" id="jmx-with-ssl">
+<span id="id2"></span><h3>JMX With SSL<a class="headerlink" href="#jmx-with-ssl" title="Permalink to this headline">¶</a></h3>
+<p>JMX SSL configuration is controlled by a number of system properties, some of which are optional. To turn on SSL, edit
+the relevant lines in <code class="docutils literal"><span class="pre">cassandra-env.sh</span></code> (or <code class="docutils literal"><span class="pre">cassandra-env.ps1</span></code> on Windows) to uncomment and set the values of these
+properties as required:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">com.sun.management.jmxremote.ssl</span></code></dt>
+<dd>set to true to enable SSL</dd>
+<dt><code class="docutils literal"><span class="pre">com.sun.management.jmxremote.ssl.need.client.auth</span></code></dt>
+<dd>set to true to enable validation of client certificates</dd>
+<dt><code class="docutils literal"><span class="pre">com.sun.management.jmxremote.registry.ssl</span></code></dt>
+<dd>enables SSL sockets for the RMI registry from which clients obtain the JMX connector stub</dd>
+<dt><code class="docutils literal"><span class="pre">com.sun.management.jmxremote.ssl.enabled.protocols</span></code></dt>
+<dd>by default, the protocols supported by the JVM will be used, override with a comma-separated list. Note that this is
+not usually necessary and using the defaults is the preferred option.</dd>
+<dt><code class="docutils literal"><span class="pre">com.sun.management.jmxremote.ssl.enabled.cipher.suites</span></code></dt>
+<dd>by default, the cipher suites supported by the JVM will be used, override with a comma-separated list. Note that
+this is not usually necessary and using the defaults is the preferred option.</dd>
+<dt><code class="docutils literal"><span class="pre">javax.net.ssl.keyStore</span></code></dt>
+<dd>set the path on the local filesystem of the keystore containing server private keys and public certificates</dd>
+<dt><code class="docutils literal"><span class="pre">javax.net.ssl.keyStorePassword</span></code></dt>
+<dd>set the password of the keystore file</dd>
+<dt><code class="docutils literal"><span class="pre">javax.net.ssl.trustStore</span></code></dt>
+<dd>if validation of client certificates is required, use this property to specify the path of the truststore containing
+the public certificates of trusted clients</dd>
+<dt><code class="docutils literal"><span class="pre">javax.net.ssl.trustStorePassword</span></code></dt>
+<dd>set the password of the truststore file</dd>
+</dl>
+<p>See also: <a class="reference external" href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdemv">Oracle Java7 Docs</a>,
+<a class="reference external" href="https://www.lullabot.com/articles/monitor-java-with-jmx">Monitor Java with JMX</a></p>
+</div>
+</div>
+</div>
+
+
+
+          
+          <div class="doc-prev-next-links" role="navigation" aria-label="footer navigation">
+            
+            <a href="hardware.html" class="btn btn-default pull-right " role="button" title="Hardware Choices" accesskey="n">Next <span class="glyphicon glyphicon-circle-arrow-right" aria-hidden="true"></span></a>
+            
+            
+            <a href="metrics.html" class="btn btn-default" role="button" title="Monitoring" accesskey="p"><span class="glyphicon glyphicon-circle-arrow-left" aria-hidden="true"></span> Previous</a>
+            
+          </div>
+          
+        </div>
+      </div>
+    </div>
+    <div class="col-md-2">
+    </div>
+  </div>
+</div>
\ No newline at end of file

Added: cassandra/site/src/doc/3.10/operating/snitch.html
URL: http://svn.apache.org/viewvc/cassandra/site/src/doc/3.10/operating/snitch.html?rev=1757419&view=auto
==============================================================================
--- cassandra/site/src/doc/3.10/operating/snitch.html (added)
+++ cassandra/site/src/doc/3.10/operating/snitch.html Tue Aug 23 19:25:17 2016
@@ -0,0 +1,178 @@
+---
+layout: docpage
+
+title: "Documentation"
+
+is_homepage: false
+is_sphinx_doc: true
+
+doc-parent: "Operating Cassandra"
+
+doc-title: "Snitch"
+doc-header-links: '
+  <link rel="top" title="Apache Cassandra Documentation v3.10" href="../index.html"/>
+      <link rel="up" title="Operating Cassandra" href="index.html"/>
+      <link rel="next" title="Adding, replacing, moving and removing nodes" href="topo_changes.html"/>
+      <link rel="prev" title="Operating Cassandra" href="index.html"/>
+'
+doc-search-path: "../search.html"
+
+extra-footer: '
+<script type="text/javascript">
+    var DOCUMENTATION_OPTIONS = {
+      URL_ROOT:    "",
+      VERSION:     "",
+      COLLAPSE_INDEX: false,
+      FILE_SUFFIX: ".html",
+      HAS_SOURCE:  false,
+      SOURCELINK_SUFFIX: ""
+    };
+</script>
+'
+
+---
+<div class="container-fluid">
+  <div class="row">
+    <div class="col-md-2">
+      <div class="doc-navigation">
+        <div class="doc-menu" role="navigation">
+          <div class="navbar-header">
+            <button type="button" class="pull-left navbar-toggle" data-toggle="collapse" data-target=".sidebar-navbar-collapse">
+              <span class="sr-only">Toggle navigation</span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+            </button>
+          </div>
+          <div class="navbar-collapse collapse sidebar-navbar-collapse">
+            <form id="doc-search-form" class="navbar-form" action="../search.html" method="get" role="search">
+              <div class="form-group">
+                <input type="text" size="30" class="form-control input-sm" name="q" placeholder="Search docs">
+                <input type="hidden" name="check_keywords" value="yes" />
+                <input type="hidden" name="area" value="default" />
+              </div>
+            </form>
+            
+            
+            
+            <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../getting_started/index.html">Getting Started</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../architecture/index.html">Architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data_modeling/index.html">Data Modeling</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../cql/index.html">The Cassandra Query Language (CQL)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../configuration/index.html">Configuring Cassandra</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Operating Cassandra</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="#">Snitch</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#dynamic-snitching">Dynamic snitching</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#snitch-classes">Snitch classes</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="topo_changes.html">Adding, replacing, moving and removing nodes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="repair.html">Repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="read_repair.html">Read repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hints.html">Hints</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compaction.html">Compaction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bloom_filters.html">Bloom Filters</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compression.html">Compression</a></li>
+<li class="toctree-l2"><a class="reference internal" href="cdc.html">Change Data Capture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="backups.html">Backups</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bulk_loading.html">Bulk Loading</a></li>
+<li class="toctree-l2"><a class="reference internal" href="metrics.html">Monitoring</a></li>
+<li class="toctree-l2"><a class="reference internal" href="security.html">Security</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hardware.html">Hardware Choices</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Cassandra Tools</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../troubleshooting/index.html">Troubleshooting</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../development/index.html">Cassandra Development</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../faq/index.html">Frequently Asked Questions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../bugs.html">Reporting Bugs and Contributing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../contactus.html">Contact us</a></li>
+</ul>
+
+            
+            
+          </div><!--/.nav-collapse -->
+        </div>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="content doc-content">
+        <div class="container">
+          
+  <div class="section" id="snitch">
+<h1>Snitch<a class="headerlink" href="#snitch" title="Permalink to this headline">¶</a></h1>
+<p>In cassandra, the snitch has two functions:</p>
+<ul class="simple">
+<li>it teaches Cassandra enough about your network topology to route requests efficiently.</li>
+<li>it allows Cassandra to spread replicas around your cluster to avoid correlated failures. It does this by grouping
+machines into &#8220;datacenters&#8221; and &#8220;racks.&#8221;  Cassandra will do its best not to have more than one replica on the same
+&#8220;rack&#8221; (which may not actually be a physical location).</li>
+</ul>
+<div class="section" id="dynamic-snitching">
+<h2>Dynamic snitching<a class="headerlink" href="#dynamic-snitching" title="Permalink to this headline">¶</a></h2>
+<p>The dynamic snitch monitor read latencies to avoid reading from hosts that have slowed down. The dynamic snitch is
+configured with the following properties on <code class="docutils literal"><span class="pre">cassandra.yaml</span></code>:</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">dynamic_snitch</span></code>: whether the dynamic snitch should be enabled or disabled.</li>
+<li><code class="docutils literal"><span class="pre">dynamic_snitch_update_interval_in_ms</span></code>: controls how often to perform the more expensive part of host score
+calculation.</li>
+<li><code class="docutils literal"><span class="pre">dynamic_snitch_reset_interval_in_ms</span></code>: if set greater than zero and read_repair_chance is &lt; 1.0, this will allow
+&#8216;pinning&#8217; of replicas to hosts in order to increase cache capacity.</li>
+<li><code class="docutils literal"><span class="pre">dynamic_snitch_badness_threshold:</span></code>: The badness threshold will control how much worse the pinned host has to be
+before the dynamic snitch will prefer other replicas over it.  This is expressed as a double which represents a
+percentage.  Thus, a value of 0.2 means Cassandra would continue to prefer the static snitch values until the pinned
+host was 20% worse than the fastest.</li>
+</ul>
+</div>
+<div class="section" id="snitch-classes">
+<h2>Snitch classes<a class="headerlink" href="#snitch-classes" title="Permalink to this headline">¶</a></h2>
+<p>The <code class="docutils literal"><span class="pre">endpoint_snitch</span></code> parameter in <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> should be set to the class the class that implements
+<code class="docutils literal"><span class="pre">IEndPointSnitch</span></code> which will be wrapped by the dynamic snitch and decide if two endpoints are in the same data center
+or on the same rack. Out of the box, Cassandra provides the snitch implementations:</p>
+<dl class="docutils">
+<dt>GossipingPropertyFileSnitch</dt>
+<dd>This should be your go-to snitch for production use. The rack and datacenter for the local node are defined in
+cassandra-rackdc.properties and propagated to other nodes via gossip. If <code class="docutils literal"><span class="pre">cassandra-topology.properties</span></code> exists,
+it is used as a fallback, allowing migration from the PropertyFileSnitch.</dd>
+<dt>SimpleSnitch</dt>
+<dd>Treats Strategy order as proximity. This can improve cache locality when disabling read repair. Only appropriate for
+single-datacenter deployments.</dd>
+<dt>PropertyFileSnitch</dt>
+<dd>Proximity is determined by rack and data center, which are explicitly configured in
+<code class="docutils literal"><span class="pre">cassandra-topology.properties</span></code>.</dd>
+<dt>Ec2Snitch</dt>
+<dd>Appropriate for EC2 deployments in a single Region. Loads Region and Availability Zone information from the EC2 API.
+The Region is treated as the datacenter, and the Availability Zone as the rack. Only private IPs are used, so this
+will not work across multiple regions.</dd>
+<dt>Ec2MultiRegionSnitch</dt>
+<dd>Uses public IPs as broadcast_address to allow cross-region connectivity (thus, you should set seed addresses to the
+public IP as well). You will need to open the <code class="docutils literal"><span class="pre">storage_port</span></code> or <code class="docutils literal"><span class="pre">ssl_storage_port</span></code> on the public IP firewall
+(For intra-Region traffic, Cassandra will switch to the private IP after establishing a connection).</dd>
+<dt>RackInferringSnitch</dt>
+<dd>Proximity is determined by rack and data center, which are assumed to correspond to the 3rd and 2nd octet of each
+node&#8217;s IP address, respectively.  Unless this happens to match your deployment conventions, this is best used as an
+example of writing a custom Snitch class and is provided in that spirit.</dd>
+</dl>
+</div>
+</div>
+
+
+
+          
+          <div class="doc-prev-next-links" role="navigation" aria-label="footer navigation">
+            
+            <a href="topo_changes.html" class="btn btn-default pull-right " role="button" title="Adding, replacing, moving and removing nodes" accesskey="n">Next <span class="glyphicon glyphicon-circle-arrow-right" aria-hidden="true"></span></a>
+            
+            
+            <a href="index.html" class="btn btn-default" role="button" title="Operating Cassandra" accesskey="p"><span class="glyphicon glyphicon-circle-arrow-left" aria-hidden="true"></span> Previous</a>
+            
+          </div>
+          
+        </div>
+      </div>
+    </div>
+    <div class="col-md-2">
+    </div>
+  </div>
+</div>
\ No newline at end of file

Added: cassandra/site/src/doc/3.10/operating/topo_changes.html
URL: http://svn.apache.org/viewvc/cassandra/site/src/doc/3.10/operating/topo_changes.html?rev=1757419&view=auto
==============================================================================
--- cassandra/site/src/doc/3.10/operating/topo_changes.html (added)
+++ cassandra/site/src/doc/3.10/operating/topo_changes.html Tue Aug 23 19:25:17 2016
@@ -0,0 +1,216 @@
+---
+layout: docpage
+
+title: "Documentation"
+
+is_homepage: false
+is_sphinx_doc: true
+
+doc-parent: "Operating Cassandra"
+
+doc-title: "Adding, replacing, moving and removing nodes"
+doc-header-links: '
+  <link rel="top" title="Apache Cassandra Documentation v3.10" href="../index.html"/>
+      <link rel="up" title="Operating Cassandra" href="index.html"/>
+      <link rel="next" title="Repair" href="repair.html"/>
+      <link rel="prev" title="Snitch" href="snitch.html"/>
+'
+doc-search-path: "../search.html"
+
+extra-footer: '
+<script type="text/javascript">
+    var DOCUMENTATION_OPTIONS = {
+      URL_ROOT:    "",
+      VERSION:     "",
+      COLLAPSE_INDEX: false,
+      FILE_SUFFIX: ".html",
+      HAS_SOURCE:  false,
+      SOURCELINK_SUFFIX: ""
+    };
+</script>
+'
+
+---
+<div class="container-fluid">
+  <div class="row">
+    <div class="col-md-2">
+      <div class="doc-navigation">
+        <div class="doc-menu" role="navigation">
+          <div class="navbar-header">
+            <button type="button" class="pull-left navbar-toggle" data-toggle="collapse" data-target=".sidebar-navbar-collapse">
+              <span class="sr-only">Toggle navigation</span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+            </button>
+          </div>
+          <div class="navbar-collapse collapse sidebar-navbar-collapse">
+            <form id="doc-search-form" class="navbar-form" action="../search.html" method="get" role="search">
+              <div class="form-group">
+                <input type="text" size="30" class="form-control input-sm" name="q" placeholder="Search docs">
+                <input type="hidden" name="check_keywords" value="yes" />
+                <input type="hidden" name="area" value="default" />
+              </div>
+            </form>
+            
+            
+            
+            <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../getting_started/index.html">Getting Started</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../architecture/index.html">Architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data_modeling/index.html">Data Modeling</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../cql/index.html">The Cassandra Query Language (CQL)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../configuration/index.html">Configuring Cassandra</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Operating Cassandra</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="snitch.html">Snitch</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">Adding, replacing, moving and removing nodes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#bootstrap">Bootstrap</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#removing-nodes">Removing nodes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#moving-nodes">Moving nodes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#replacing-a-dead-node">Replacing a dead node</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#monitoring-progress">Monitoring progress</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#cleanup-data-after-range-movements">Cleanup data after range movements</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="repair.html">Repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="read_repair.html">Read repair</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hints.html">Hints</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compaction.html">Compaction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bloom_filters.html">Bloom Filters</a></li>
+<li class="toctree-l2"><a class="reference internal" href="compression.html">Compression</a></li>
+<li class="toctree-l2"><a class="reference internal" href="cdc.html">Change Data Capture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="backups.html">Backups</a></li>
+<li class="toctree-l2"><a class="reference internal" href="bulk_loading.html">Bulk Loading</a></li>
+<li class="toctree-l2"><a class="reference internal" href="metrics.html">Monitoring</a></li>
+<li class="toctree-l2"><a class="reference internal" href="security.html">Security</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hardware.html">Hardware Choices</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Cassandra Tools</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../troubleshooting/index.html">Troubleshooting</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../development/index.html">Cassandra Development</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../faq/index.html">Frequently Asked Questions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../bugs.html">Reporting Bugs and Contributing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../contactus.html">Contact us</a></li>
+</ul>
+
+            
+            
+          </div><!--/.nav-collapse -->
+        </div>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="content doc-content">
+        <div class="container">
+          
+  <div class="section" id="adding-replacing-moving-and-removing-nodes">
+<span id="topology-changes"></span><h1>Adding, replacing, moving and removing nodes<a class="headerlink" href="#adding-replacing-moving-and-removing-nodes" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="bootstrap">
+<h2>Bootstrap<a class="headerlink" href="#bootstrap" title="Permalink to this headline">¶</a></h2>
+<p>Adding new nodes is called &#8220;bootstrapping&#8221;. The <code class="docutils literal"><span class="pre">num_tokens</span></code> parameter will define the amount of virtual nodes
+(tokens) the joining node will be assigned during bootstrap. The tokens define the sections of the ring (token ranges)
+the node will become responsible for.</p>
+<div class="section" id="token-allocation">
+<h3>Token allocation<a class="headerlink" href="#token-allocation" title="Permalink to this headline">¶</a></h3>
+<p>With the default token allocation algorithm the new node will pick <code class="docutils literal"><span class="pre">num_tokens</span></code> random tokens to become responsible
+for. Since tokens are distributed randomly, load distribution improves with a higher amount of virtual nodes, but it
+also increases token management overhead. The default of 256 virtual nodes should provide a reasonable load balance with
+acceptable overhead.</p>
+<p>On 3.0+ a new token allocation algorithm was introduced to allocate tokens based on the load of existing virtual nodes
+for a given keyspace, and thus yield an improved load distribution with a lower number of tokens. To use this approach,
+the new node must be started with the JVM option <code class="docutils literal"><span class="pre">-Dcassandra.allocate_tokens_for_keyspace=&lt;keyspace&gt;</span></code>, where
+<code class="docutils literal"><span class="pre">&lt;keyspace&gt;</span></code> is the keyspace from which the algorithm can find the load information to optimize token assignment for.</p>
+<div class="section" id="manual-token-assignment">
+<h4>Manual token assignment<a class="headerlink" href="#manual-token-assignment" title="Permalink to this headline">¶</a></h4>
+<p>You may specify a comma-separated list of tokens manually with the <code class="docutils literal"><span class="pre">initial_token</span></code> <code class="docutils literal"><span class="pre">cassandra.yaml</span></code> parameter, and
+if that is specified Cassandra will skip the token allocation process. This may be useful when doing token assignment
+with an external tool or when restoring a node with its previous tokens.</p>
+</div>
+</div>
+<div class="section" id="range-streaming">
+<h3>Range streaming<a class="headerlink" href="#range-streaming" title="Permalink to this headline">¶</a></h3>
+<p>After the tokens are allocated, the joining node will pick current replicas of the token ranges it will become
+responsible for to stream data from. By default it will stream from the primary replica of each token range in order to
+guarantee data in the new node will be consistent with the current state.</p>
+<p>In the case of any unavailable replica, the consistent bootstrap process will fail. To override this behavior and
+potentially miss data from an unavailable replica, set the JVM flag <code class="docutils literal"><span class="pre">-Dcassandra.consistent.rangemovement=false</span></code>.</p>
+</div>
+<div class="section" id="resuming-failed-hanged-bootstrap">
+<h3>Resuming failed/hanged bootstrap<a class="headerlink" href="#resuming-failed-hanged-bootstrap" title="Permalink to this headline">¶</a></h3>
+<p>On 2.2+, if the bootstrap process fails, it&#8217;s possible to resume bootstrap from the previous saved state by calling
+<code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">bootstrap</span> <span class="pre">resume</span></code>. If for some reason the bootstrap hangs or stalls, it may also be resumed by simply
+restarting the node. In order to cleanup bootstrap state and start fresh, you may set the JVM startup flag
+<code class="docutils literal"><span class="pre">-Dcassandra.reset_bootstrap_progress=true</span></code>.</p>
+<p>On lower versions, when the bootstrap proces fails it is recommended to wipe the node (remove all the data), and restart
+the bootstrap process again.</p>
+</div>
+<div class="section" id="manual-bootstrapping">
+<h3>Manual bootstrapping<a class="headerlink" href="#manual-bootstrapping" title="Permalink to this headline">¶</a></h3>
+<p>It&#8217;s possible to skip the bootstrapping process entirely and join the ring straight away by setting the hidden parameter
+<code class="docutils literal"><span class="pre">auto_bootstrap:</span> <span class="pre">false</span></code>. This may be useful when restoring a node from a backup or creating a new data-center.</p>
+</div>
+</div>
+<div class="section" id="removing-nodes">
+<h2>Removing nodes<a class="headerlink" href="#removing-nodes" title="Permalink to this headline">¶</a></h2>
+<p>You can take a node out of the cluster with <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">decommission</span></code> to a live node, or <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">removenode</span></code> (to any
+other machine) to remove a dead one. This will assign the ranges the old node was responsible for to other nodes, and
+replicate the appropriate data there. If decommission is used, the data will stream from the decommissioned node. If
+removenode is used, the data will stream from the remaining replicas.</p>
+<p>No data is removed automatically from the node being decommissioned, so if you want to put the node back into service at
+a different token on the ring, it should be removed manually.</p>
+</div>
+<div class="section" id="moving-nodes">
+<h2>Moving nodes<a class="headerlink" href="#moving-nodes" title="Permalink to this headline">¶</a></h2>
+<p>When <code class="docutils literal"><span class="pre">num_tokens:</span> <span class="pre">1</span></code> it&#8217;s possible to move the node position in the ring with <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">move</span></code>. Moving is both a
+convenience over and more efficient than decommission + bootstrap. After moving a node, <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">cleanup</span></code> should be
+run to remove any unnecessary data.</p>
+</div>
+<div class="section" id="replacing-a-dead-node">
+<h2>Replacing a dead node<a class="headerlink" href="#replacing-a-dead-node" title="Permalink to this headline">¶</a></h2>
+<p>In order to replace a dead node, start cassandra with the JVM startup flag
+<code class="docutils literal"><span class="pre">-Dcassandra.replace_address_first_boot=&lt;dead_node_ip&gt;</span></code>. Once this property is enabled the node starts in a hibernate
+state, during which all the other nodes will see this node to be down.</p>
+<p>The replacing node will now start to bootstrap the data from the rest of the nodes in the cluster. The main difference
+between normal bootstrapping of a new node is that this new node will not accept any writes during this phase.</p>
+<p>Once the bootstrapping is complete the node will be marked &#8220;UP&#8221;, we rely on the hinted handoff&#8217;s for making this node
+consistent (since we don&#8217;t accept writes since the start of the bootstrap).</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">If the replacement process takes longer than <code class="docutils literal"><span class="pre">max_hint_window_in_ms</span></code> you <strong>MUST</strong> run repair to make the
+replaced node consistent again, since it missed ongoing writes during bootstrapping.</p>
+</div>
+</div>
+<div class="section" id="monitoring-progress">
+<h2>Monitoring progress<a class="headerlink" href="#monitoring-progress" title="Permalink to this headline">¶</a></h2>
+<p>Bootstrap, replace, move and remove progress can be monitored using <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">netstats</span></code> which will show the progress
+of the streaming operations.</p>
+</div>
+<div class="section" id="cleanup-data-after-range-movements">
+<h2>Cleanup data after range movements<a class="headerlink" href="#cleanup-data-after-range-movements" title="Permalink to this headline">¶</a></h2>
+<p>As a safety measure, Cassandra does not automatically remove data from nodes that &#8220;lose&#8221; part of their token range due
+to a range movement operation (bootstrap, move, replace). Run <code class="docutils literal"><span class="pre">nodetool</span> <span class="pre">cleanup</span></code> on the nodes that lost ranges to the
+joining node when you are satisfied the new node is up and working. If you do not do this the old data will still be
+counted against the load on that node.</p>
+</div>
+</div>
+
+
+
+          
+          <div class="doc-prev-next-links" role="navigation" aria-label="footer navigation">
+            
+            <a href="repair.html" class="btn btn-default pull-right " role="button" title="Repair" accesskey="n">Next <span class="glyphicon glyphicon-circle-arrow-right" aria-hidden="true"></span></a>
+            
+            
+            <a href="snitch.html" class="btn btn-default" role="button" title="Snitch" accesskey="p"><span class="glyphicon glyphicon-circle-arrow-left" aria-hidden="true"></span> Previous</a>
+            
+          </div>
+          
+        </div>
+      </div>
+    </div>
+    <div class="col-md-2">
+    </div>
+  </div>
+</div>
\ No newline at end of file

Added: cassandra/site/src/doc/3.10/search.html
URL: http://svn.apache.org/viewvc/cassandra/site/src/doc/3.10/search.html?rev=1757419&view=auto
==============================================================================
--- cassandra/site/src/doc/3.10/search.html (added)
+++ cassandra/site/src/doc/3.10/search.html Tue Aug 23 19:25:17 2016
@@ -0,0 +1,105 @@
+---
+layout: docpage
+
+title: "Search"
+
+is_homepage: false
+is_sphinx_doc: true
+
+doc-title: ""
+doc-header-links: '
+  <link rel="top" title="Apache Cassandra Documentation v3.10" href="index.html"/>
+'
+doc-search-path: "#"
+
+extra-footer: '
+  <script type="text/javascript">
+    var DOCUMENTATION_OPTIONS = {
+      URL_ROOT:    "",
+      VERSION:     "",
+      COLLAPSE_INDEX: false,
+      FILE_SUFFIX: ".html",
+      HAS_SOURCE:  false,
+      SOURCELINK_SUFFIX: ""
+    };
+  </script>
+  <script type="text/javascript">
+    jQuery(function() { Search.loadIndex("searchindex.js"); });
+  </script>
+  
+  <script type="text/javascript" id="searchindexloader"></script>
+'
+
+---
+<div class="container-fluid">
+  <div class="row">
+    <div class="col-md-2">
+      <div class="doc-navigation">
+        <div class="doc-menu" role="navigation">
+          <div class="navbar-header">
+            <button type="button" class="pull-left navbar-toggle" data-toggle="collapse" data-target=".sidebar-navbar-collapse">
+              <span class="sr-only">Toggle navigation</span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+              <span class="icon-bar"></span>
+            </button>
+          </div>
+          <div class="navbar-collapse collapse sidebar-navbar-collapse">
+            <form id="doc-search-form" class="navbar-form" action="#" method="get" role="search">
+              <div class="form-group">
+                <input type="text" size="30" class="form-control input-sm" name="q" placeholder="Search docs">
+                <input type="hidden" name="check_keywords" value="yes" />
+                <input type="hidden" name="area" value="default" />
+              </div>
+            </form>
+            
+            
+            
+            <ul>
+<li class="toctree-l1"><a class="reference internal" href="getting_started/index.html">Getting Started</a></li>
+<li class="toctree-l1"><a class="reference internal" href="architecture/index.html">Architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="data_modeling/index.html">Data Modeling</a></li>
+<li class="toctree-l1"><a class="reference internal" href="cql/index.html">The Cassandra Query Language (CQL)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="configuration/index.html">Configuring Cassandra</a></li>
+<li class="toctree-l1"><a class="reference internal" href="operating/index.html">Operating Cassandra</a></li>
+<li class="toctree-l1"><a class="reference internal" href="tools/index.html">Cassandra Tools</a></li>
+<li class="toctree-l1"><a class="reference internal" href="troubleshooting/index.html">Troubleshooting</a></li>
+<li class="toctree-l1"><a class="reference internal" href="development/index.html">Cassandra Development</a></li>
+<li class="toctree-l1"><a class="reference internal" href="faq/index.html">Frequently Asked Questions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="bugs.html">Reporting Bugs and Contributing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="contactus.html">Contact us</a></li>
+</ul>
+
+            
+            
+          </div><!--/.nav-collapse -->
+        </div>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="content doc-content">
+        <div class="container">
+          
+  <noscript>
+  <div id="fallback" class="admonition warning">
+    <p class="last">
+      Please activate JavaScript to enable the search
+      functionality.
+    </p>
+  </div>
+  </noscript>
+
+  
+  <div id="search-results">
+  
+  </div>
+
+
+          
+        </div>
+      </div>
+    </div>
+    <div class="col-md-2">
+    </div>
+  </div>
+</div>
\ No newline at end of file



Mime
View raw message