Hi Dean,

The new authentication modules currently uses a QUORUM consistency level when checking the user.
That is the reason why it doesn't work in version 1.2.2.

I thing that using LOCAL_QUORUM or ONE CL instead of QUORUM should solve this problem. But I didn't see any option in 1.2.2.

Regards.

Jean Armel

2013/3/4 Hiller, Dean <Dean.Hiller@nrel.gov>
I thought there was already a LOCAL_QUOROM option so things continue to work when you get  data center split.

There was also TWO I think as well which allowed 4 nodes(2 in each data center) so you can continue to write when data center splits.

Dean

From: Jean-Armel Luce <jaluce06@gmail.com<mailto:jaluce06@gmail.com>>
Reply-To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>>
Date: Monday, March 4, 2013 9:12 AM
To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>>
Subject: Re: Consistency level for system_auth keyspace

Hi Aaron,

I have open a ticket in Jira : https://issues.apache.org/jira/browse/CASSANDRA-5310
Reading the user using the QUORUM consistency level means that in case of network outage, you are unable to open a connection, and all your data become unavailable.

Regards.

Jean Armel

2013/3/4 aaron morton <aaron@thelastpickle.com<mailto:aaron@thelastpickle.com>>
In this case, it means that if there is a network split between the 2 datacenters, it is impossible to get the quorum, and all connections will be rejected.
Yes.

Is there a reason why Cassandra uses the Quorum consistency level ?
I would guess to ensure there is a single, cluster wide, set of permissions.

Using LOCAL or one could result in some requests that are rejected being allowed on other nodes.

Cheers


-----------------
Aaron Morton
Freelance Cassandra Developer
New Zealand

@aaronmorton
http://www.thelastpickle.com

On 1/03/2013, at 6:40 AM, Jean-Armel Luce <jaluce06@gmail.com<mailto:jaluce06@gmail.com>> wrote:

Hi,


I am using Cassandra 1.2.2.
There are 16 nodes in my cluster in 2 datacenters (8 nodes in each datacenter).
I am using NetworkTopologyStrategy.

For information, I set a RF = 6 (3 replicas in each datacenter)

With 1.2.2, I am using the new authentication backend PasswordAuthenticator with the authorizer CassandraAuthorizer.

In the documentation (http://www.datastax.com/docs/1.2/security/security_keyspace_replication#security-keyspace-replication), it is written that for all system_auth-related queries, Cassandra uses the QUORUM consistency level.

In this case, it means that if there is a network split between the 2 datacenters, it is impossible to get the quorum, and all connections will be rejected.

Is there a reason why Cassandra uses the Quorum consistency level ?
Maybe a local_quorum conssitency level (or a one consistency level) could do the job ?

Regards
Jean Armel