incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiller, Dean" <Dean.Hil...@nrel.gov>
Subject Re: Consistency level for system_auth keyspace
Date Mon, 04 Mar 2013 18:43:32 GMT
Ouch, a detail I hadn't learned about yet.  Good to know.

Dean

From: Jean-Armel Luce <jaluce06@gmail.com<mailto:jaluce06@gmail.com>>
Reply-To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>>
Date: Monday, March 4, 2013 11:34 AM
To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>>
Subject: Re: Consistency level for system_auth keyspace

Hi Dean,

The new authentication modules currently uses a QUORUM consistency level when checking the
user.
That is the reason why it doesn't work in version 1.2.2.

I thing that using LOCAL_QUORUM or ONE CL instead of QUORUM should solve this problem. But
I didn't see any option in 1.2.2.

Regards.

Jean Armel

2013/3/4 Hiller, Dean <Dean.Hiller@nrel.gov<mailto:Dean.Hiller@nrel.gov>>
I thought there was already a LOCAL_QUOROM option so things continue to work when you get
 data center split.

There was also TWO I think as well which allowed 4 nodes(2 in each data center) so you can
continue to write when data center splits.

Dean

From: Jean-Armel Luce <jaluce06@gmail.com<mailto:jaluce06@gmail.com><mailto:jaluce06@gmail.com<mailto:jaluce06@gmail.com>>>
Reply-To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>"
<user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>>
Date: Monday, March 4, 2013 9:12 AM
To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>"
<user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>>
Subject: Re: Consistency level for system_auth keyspace

Hi Aaron,

I have open a ticket in Jira : https://issues.apache.org/jira/browse/CASSANDRA-5310
Reading the user using the QUORUM consistency level means that in case of network outage,
you are unable to open a connection, and all your data become unavailable.

Regards.

Jean Armel

2013/3/4 aaron morton <aaron@thelastpickle.com<mailto:aaron@thelastpickle.com><mailto:aaron@thelastpickle.com<mailto:aaron@thelastpickle.com>>>
In this case, it means that if there is a network split between the 2 datacenters, it is impossible
to get the quorum, and all connections will be rejected.
Yes.

Is there a reason why Cassandra uses the Quorum consistency level ?
I would guess to ensure there is a single, cluster wide, set of permissions.

Using LOCAL or one could result in some requests that are rejected being allowed on other
nodes.

Cheers


-----------------
Aaron Morton
Freelance Cassandra Developer
New Zealand

@aaronmorton
http://www.thelastpickle.com

On 1/03/2013, at 6:40 AM, Jean-Armel Luce <jaluce06@gmail.com<mailto:jaluce06@gmail.com><mailto:jaluce06@gmail.com<mailto:jaluce06@gmail.com>>>
wrote:

Hi,


I am using Cassandra 1.2.2.
There are 16 nodes in my cluster in 2 datacenters (8 nodes in each datacenter).
I am using NetworkTopologyStrategy.

For information, I set a RF = 6 (3 replicas in each datacenter)

With 1.2.2, I am using the new authentication backend PasswordAuthenticator with the authorizer
CassandraAuthorizer.

In the documentation (http://www.datastax.com/docs/1.2/security/security_keyspace_replication#security-keyspace-replication),
it is written that for all system_auth-related queries, Cassandra uses the QUORUM consistency
level.

In this case, it means that if there is a network split between the 2 datacenters, it is impossible
to get the quorum, and all connections will be rejected.

Is there a reason why Cassandra uses the Quorum consistency level ?
Maybe a local_quorum conssitency level (or a one consistency level) could do the job ?

Regards
Jean Armel




Mime
View raw message