couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@apache.org>
Subject Re: replication users
Date Fri, 20 Aug 2010 18:11:51 GMT

On Aug 20, 2010, at 7:14 AM, zecat wrote:

> Hi everyone,
> 
> I'm very interested to get any information on this topic too, and in security replication
in general.
> I plan to deploy several couchdb instance, and I plan to implement different users and
roles to use on this cloud.
> I think, I don't understand very well the user/role and replication mechanism. I tried
different configuration.
> As far as I understand, the _users databases can be replicated, but not the user and
role assigned on another database.

Yes, this is true. Replicating the _users database is totally fine (note that the replicator
must have admin privileges on the target database, or else on the currently logged in user's
document will be replicated.)

> Example :
> - I created a tesdb on couchdb1
> - I applied a security setting (with Futon ) to define some admins and readers names/roles
,
> - I defined a replica of  testb on couchdb2
> - I launched a replication job between couchdb1/testdb and couchdb2/testdb.
> But it seems there is no security replicated from couchdb1/testdb to couchdb2/testdb.
> 

The security configuration object is not replicated. This is by design, as one replica may
be on an end-user machine, and another on shared cloud instance, necessitating different rules.

> Is it normal ? Does it could be a great security feature to assist replication of the
security setting for a replication database in a cloud ?
> 
> Maybe I'm completly wrong on this subject ?
> 
> Other question about multiple couchdb instance and replication :
> When (for perf, or LB, or HA purpose) you need more than 2 couchdb replica of the same
database, what is supposed to be the more efficent architecture ?
> - Something in ring style : A>B>C>A
> - Same with a dual reverse replication scheme ? A>B>C>A,   A>C>B>A
> - Or a grap cluster style A>B, A>C, B>A, C>A
> - Or a n^2 dual replica with every possible peer db ? A>B, A>C, B>A, B>C,
C>A, C>B
> 
> I'd appreciate any comment on this !
> 
> Thanks,
> 
> Thierry.
> 
> 
> 
> Le 19/08/2010 16:21, Nathan Stott a écrit :
>>  Are there any special considerations when replicating the _users
>> database as opposed to normal databases?  Is this a good way to share
>> users between servers that should share users and trust one another?
>>   


Mime
View raw message