Re: Reaper 1.0

2017-11-16 Thread Anshu Vajpayee 
Thanks John for your efforts and nicley putting it on website & youtube .

Just quick question - Is  it compactiable with DSE  versions? I know under
the hood they have  cassandra only , but just wanted to listen your
thoughts.

On Thu, Nov 16, 2017 at 1:23 AM, Jon Haddad  wrote:

> Apache 2 Licensed, just like Cassandra.  https://github.com/
> thelastpickle/cassandra-reaper/blob/master/LICENSE.txt
>
> Feel free to modify, put in prod, fork or improve.
>
> Unfortunately I had to re-upload the Getting Started video, we had
> accidentally uploaded a first cut.  Correctly link is here:
> https://www.youtube.com/watch?v=0dub29BgwPI
>
> Jon
>
> On Nov 15, 2017, at 9:14 AM, Harika Vangapelli -T (hvangape - AKRAYA INC
> at Cisco)  wrote:
>
> Open source, free to use in production? Any License constraints, Please
> let me know.
>
> I experimented with it yesterday, really liked it.
>
> 
>
> *Harika Vangapelli*
> Engineer - IT
> hvang...@cisco.com
> Tel:
> *Cisco Systems, Inc.*
>
>
>
> United States
> cisco.com
>
> Think before you print.
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply email and delete all copies of this message.
> Please click here
>  for
> Company Registration Information.
>
> *From:* Jon Haddad [mailto:jonathan.had...@gmail.com
> ] *On Behalf Of *Jon Haddad
> *Sent:* Tuesday, November 14, 2017 2:18 PM
> *To:* user 
> *Subject:* Reaper 1.0
>
> We’re excited to announce the release of the 1.0 version of Reaper for
> Apache Cassandra!  We’ve made a lot of improvements to the flexibility of
> managing repairs and simplified the UI based on feedback we’ve received.
>
> We’ve written a blog post discussing the changes in detail here:
> http://thelastpickle.com/blog/2017/11/14/reaper-10-announcement.html
>
> We also have a new YouTube video to help folks get up and running quickly:
> https://www.youtube.com/watch?v=YKJRRFa22T4
>
> The reaper site has all the docs should you have any questions:
> http://cassandra-reaper.io/
>
> Thanks all,
> Jon
>
>
>


-- 
*C*heers,*
*Anshu V*

Re: DC aware failover

2017-11-16 Thread Alexander Dejanovski 
Hi Anil,

yes, that's the one in use there.
I should probably merge it into master to avoid confusion.

Cheers,

On Fri, Nov 17, 2017 at 6:12 AM CPC  wrote:

> Hi Alex,
>
> Is lost-token-range detection impl finished? Since this feature is more
> appealing I want to test it.
>
> Thank you for your help
>
>
> On Nov 16, 2017 10:35 AM, "Alexander Dejanovski" 
> wrote:
>
> Hi,
>
> The policy is used in production at least in my former company.
>
> I can help if you have issues using it.
>
> Cheers,
>
> Le jeu. 16 nov. 2017 à 08:32, CPC  a écrit :
>
>> Hi,
>>
>> We want to implement DC aware failover policy. For example if application
>> could not reach some part of the ring or if we loose 50% of local DC then
>> we want our application automatically to switch other DC. We found this
>> project on GitHub
>> https://github.com/adejanovski/cassandra-dcaware-failover but we don't
>> know whether it is stable and used in production. Do you know about this
>> project or do you know other projects that provide same kind of
>> functionality.
>>
>> Thanks...
>>
> --
> -
> Alexander Dejanovski
> France
> @alexanderdeja
>
> Consultant
> Apache Cassandra Consulting
> http://www.thelastpickle.com
>
>
> --
-
Alexander Dejanovski
France
@alexanderdeja

Consultant
Apache Cassandra Consulting
http://www.thelastpickle.com

Re: DC aware failover

2017-11-16 Thread CPC 
Hi Alex,

Is lost-token-range detection impl finished? Since this feature is more
appealing I want to test it.

Thank you for your help

On Nov 16, 2017 10:35 AM, "Alexander Dejanovski" 
wrote:

Hi,

The policy is used in production at least in my former company.

I can help if you have issues using it.

Cheers,

Le jeu. 16 nov. 2017 à 08:32, CPC  a écrit :

> Hi,
>
> We want to implement DC aware failover policy. For example if application
> could not reach some part of the ring or if we loose 50% of local DC then
> we want our application automatically to switch other DC. We found this
> project on GitHub  https://github.com/adejanovski/cassandra-dcaware-
> failover but we don't know whether it is stable and used in production.
> Do you know about this project or do you know other projects that provide
> same kind of functionality.
>
> Thanks...
>
-- 
-
Alexander Dejanovski
France
@alexanderdeja

Consultant
Apache Cassandra Consulting
http://www.thelastpickle.com

Re: Executing a check before replication / manual replication

2017-11-16 Thread kurt greaves 
That sounds like a great way to DoS yourself. While I'm sure it could be
achieved, probably in a pretty messy way, I don't think it's a good idea
and seems to me like way over the top security. Especially because sure,
you might be able to protect against CQL "attacks" via triggers (ugh) - but
if they have CQL access they could just drop the trigger (yes it requires
superuser, but I don't think that's sufficient protection). Anyway, even if
you do manage to achieve some kind of obscure protection in CQL you won't
be able to protect against internode attacks, or better yet, an attacker
just dumping a bunch of crafted SSTables in your data directories. Better
yet, using sstableloader to achieve the same on all nodes. You should focus
on locking down your client machines and nodes, as if they get access to
either I assure you they'll find a way around whatever security solution
you hack into C*.​

Re: Executing a check before replication / manual replication

2017-11-16 Thread Abdelkrim Fitouri 
ok please find bellow an example:

Lets suppose that i have a cassandra cluster of 4 nodes / one DC /
replication factor = 4, So in this architecture i have on full copy of the
data on each node.

Imagine now that one node have been hacked and in some way with full access
to cqlsh session, if data is changed on that node, data will be changed on
the three other, am i right ?

imagine now that i am able to know (using cryptographic bases) if one
column was modified by my API ( => normal way) or not ( => suspicious way),
and i want to execute this check function just before any replication of a
keyspace to avoid that all the replica will be affected by that and so a
rollback will be not easy and the integrity of all the system will be down,
the check will for example kill the local cassandra service ...

Hope that my question is more clear now.

Many thanks for any help.


2017-11-16 22:01 GMT+01:00 Oliver Ruebenacker :

>
>  Hello,
>
>   If I understand the OP right, he wants an automated response one node
> displays suspicious activity.
>
>   I suppose in that case, one would want the node to be removed from the
> cluster or shut down or both.
>
>  Best, Oliver
>
> On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves 
> wrote:
>
>> What's the purpose here? If they have access to cqlsh, they have access
>> to every nodes data, not just the one they are on. An attacker modifying RF
>> would be the least of your worries. If you manage to detect that some node
>> is compromise you should isolate it immediately.
>>
>>
>> On 16 Nov. 2017 07:33, "Abdelkrim Fitouri"  wrote:
>>
>> Hi,
>>
>> I know that cassandra handel properly data replication between cluster
>> nodes, but for some security reasons I am wonderning how to avoid data
>> replication after a server node have been compromised and someone is
>> executing modification via cqlsh ?
>>
>> is there a posibility on Cassandra to execute a custom check / Hook
>> before replication ?
>>
>> is there a posibilty to execute a manual replication between node ?
>>
>>>
>>
>>
>> --
>>
>> Best Regards.
>>
>> *Abdelkarim FITOURI*
>>
>> System And Security Engineer
>>
>>
>>
>>
>
>
> --
> Oliver Ruebenacker
> Senior Software Engineer, Diabetes Portal
> , Broad Institute
> 
>
>

Re: Executing a check before replication / manual replication

2017-11-16 Thread Oliver Ruebenacker 
 Hello,

  If I understand the OP right, he wants an automated response one node
displays suspicious activity.

  I suppose in that case, one would want the node to be removed from the
cluster or shut down or both.

 Best, Oliver

On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves  wrote:

> What's the purpose here? If they have access to cqlsh, they have access to
> every nodes data, not just the one they are on. An attacker modifying RF
> would be the least of your worries. If you manage to detect that some node
> is compromise you should isolate it immediately.
>
>
> On 16 Nov. 2017 07:33, "Abdelkrim Fitouri"  wrote:
>
> Hi,
>
> I know that cassandra handel properly data replication between cluster
> nodes, but for some security reasons I am wonderning how to avoid data
> replication after a server node have been compromised and someone is
> executing modification via cqlsh ?
>
> is there a posibility on Cassandra to execute a custom check / Hook
> before replication ?
>
> is there a posibilty to execute a manual replication between node ?
>
>>
>
>
> --
>
> Best Regards.
>
> *Abdelkarim FITOURI*
>
> System And Security Engineer
>
>
>
>


-- 
Oliver Ruebenacker
Senior Software Engineer, Diabetes Portal
, Broad Institute

Re: Executing a check before replication / manual replication

2017-11-16 Thread Jeff Jirsa 
Yea there’s a whole lot of stuff here that doesn’t make sense

I’m not sure what the threat model really is, but there’s a lot of moving 
pieces here, and the place you’re thinking about adding validation isn’t the 
first place I’d be concerned with (internode tends to be a bigger problem).

Why do you think a compromised server will try to send data elsewhere?

Where is it going to send it?


-- 
Jeff Jirsa


> On Nov 16, 2017, at 12:40 PM, kurt greaves  wrote:
> 
> What's the purpose here? If they have access to cqlsh, they have access to 
> every nodes data, not just the one they are on. An attacker modifying RF 
> would be the least of your worries. If you manage to detect that some node is 
> compromise you should isolate it immediately.
> 
> On 16 Nov. 2017 07:33, "Abdelkrim Fitouri"  wrote:
> Hi,
> 
> I know that cassandra handel properly data replication between cluster nodes, 
> but for some security reasons I am wonderning how to avoid data replication 
> after a server node have been compromised and someone is executing 
> modification via cqlsh ?
> 
> is there a posibility on Cassandra to execute a custom check / Hook  before 
> replication ?
> 
> is there a posibilty to execute a manual replication between node ?
> 
> 
> 
> -- 
> Best Regards.
> 
> Abdelkarim FITOURI
> 
> System And Security Engineer
> 
> 
>

Re: Executing a check before replication / manual replication

2017-11-16 Thread kurt greaves 
What's the purpose here? If they have access to cqlsh, they have access to
every nodes data, not just the one they are on. An attacker modifying RF
would be the least of your worries. If you manage to detect that some node
is compromise you should isolate it immediately.

On 16 Nov. 2017 07:33, "Abdelkrim Fitouri"  wrote:

Hi,

I know that cassandra handel properly data replication between cluster
nodes, but for some security reasons I am wonderning how to avoid data
replication after a server node have been compromised and someone is
executing modification via cqlsh ?

is there a posibility on Cassandra to execute a custom check / Hook  before
replication ?

is there a posibilty to execute a manual replication between node ?

>


-- 

Best Regards.

*Abdelkarim FITOURI*

System And Security Engineer

Re: CQL Map vs clustering keys

2017-11-16 Thread eugene miretsky 
Thanks!

So assuming C* 3.0 and that my table stores only one collection, using
clustering keys will be more performant?

Extending this to sets - would doing something like this make sense?

(

 id UUID PRIMARY KEY,

val text,

PRIMARY KEY (id, val))

);

SELECT count(*) FROM TABLE WHERE id = 123 AND val = "test" // Key exists if
count != 0

On Wed, Nov 15, 2017 at 12:48 PM, Jon Haddad  wrote:

> In 3.0, clustering columns are not actually part of the column name
> anymore.  Yay.  Aaron Morton wrote a detailed analysis of the 3.x storage
> engine here: http://thelastpickle.com/blog/2016/03/04/
> introductiont-to-the-apache-cassandra-3-storage-engine.html
>
> The advantage of maps is a single table that can contain a very flexible
> data model, of maps and sets all in the same table.  Fun times.
>
> The advantage of using clustering keys is performance and you can use WAY
> more K/V pairs.
>
> Jon
>
>
> On Nov 15, 2017, at 8:12 AM, eugene miretsky 
> wrote:
>
> Hi,
>
> What would be the tradeoffs between using
>
> 1) Map
>
> (
>
> id UUID PRIMARY KEY,
>
> myMap map
>
> );
>
> 2) Clustering key
>
> (
>
>  id UUID PRIMARY KEY,
>
> key int,
>
> val text,
>
> PRIMARY KEY (id, key))
>
> );
>
> My understanding is that maps are stored very similarly to clustering
> columns, where the map key is part of the SSTable's column name. The main
> difference seems to be that with maps all the key/value pairs get retrieved
> together, while with clustering keys we can retrieve individual rows, or a
> range of keys.
>
> Cheers,
> Eugene
>
>
>