Re: Ldap/AD Authentication

Product Officer, Instaclustr by NetApp ben.sla...@netapp.com From: Abdul Patel Date: Thursday, 15 September 2022 at 22:34 To: user@cassandra.apache.org Subject: Ldap/AD Authentication NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize

Ldap/AD Authentication

Hi All, Do we have any open source ldap/AD pkgs/software for caasandra? I see instacluster has some but seems thats paid one.

Re: Impact of enabling authentication on performance

gt; From: Jeff Jirsa mailto:jji...@gmail.com>> > DSR> Sent: Tuesday, June 2, 2020 2:39 AM > DSR> To: user@cassandra.apache.org <mailto:user@cassandra.apache.org> > DSR> Subject: [EXTERNAL] Re: Impact of enabling authentication on performance > > DSR>

Re: Impact of enabling authentication on performance

rmissions is picked up (usually less). > > > DSR> Sean Durity > > DSR> -Original Message- > DSR> From: Jeff Jirsa > DSR> Sent: Tuesday, June 2, 2020 2:39 AM > DSR> To: user@cassandra.apache.org > DSR> Subject: [EXTERNAL] Re: Impact of enabl

Re: Impact of enabling authentication on performance

> Subject: [EXTERNAL] Re: Impact of enabling authentication on performance DSR> Set the Auth cache to a long validity DSR> Don’t go crazy with RF of system auth DSR> Drop bcrypt rounds if you see massive cpu spikes on reconnect storms >> On Jun 1, 2020, at 11:26 PM, Gil Ganz

RE: Impact of enabling authentication on performance

authentication on performance Set the Auth cache to a long validity Don’t go crazy with RF of system auth Drop bcrypt rounds if you see massive cpu spikes on reconnect storms > On Jun 1, 2020, at 11:26 PM, Gil Ganz wrote: > >  > Hi > I have a production 3.11.6 cluster which I'm might

Re: Impact of enabling authentication on performance

Set the Auth cache to a long validity Don’t go crazy with RF of system auth Drop bcrypt rounds if you see massive cpu spikes on reconnect storms > On Jun 1, 2020, at 11:26 PM, Gil Ganz wrote: > >  > Hi > I have a production 3.11.6 cluster which I'm might want to enable &

Impact of enabling authentication on performance

Hi I have a production 3.11.6 cluster which I'm might want to enable authentication in, I'm trying to understand what will be the performance impact, if any. I understand each use case might be different, trying to understand if there is a common % people usually see their performance hit

Re: Nodetool Authentication

> Which exactly "read access" are you refering to? Can you point out in the > tutorial? > > On fre, 2017-10-06 at 14:03 +0530, Akshit Jain wrote: > > Hi, > For nodetool authentication I'm following this: > https://support.datastax.com/hc/en-us/articles/20422

Re: Nodetool Authentication

Which exactly "read access" are you refering to? Can you point out in the tutorial? On fre, 2017-10-06 at 14:03 +0530, Akshit Jain wrote: Hi, For nodetool authentication I'm following this: https://support.datastax.com/hc/en-us/articles/204226179-Step-by-step-instructions-for-se

Nodetool Authentication

Hi, For nodetool authentication I'm following this: https://support.datastax.com/hc/en-us/articles/204226179-Step-by-step-instructions-for-securing-JMX-authentication-for-nodetool-utility-OpsCenter-and-JConsole <https://support.datastax.com/hc/en-us/articles/204226179-Step-by-step-instructi

Re: Internal Security - Authentication & Authorization

> > Here is what I have pieced together. Please let me know if I am on the > right track. You're more or less right regarding the built in authenticator/authorizer/role manager (which are usually referred to as "internal" as they store their data in Cassandra tables). One important thing to note

Re: Internal Security - Authentication & Authorization

Jacob, seems you are on the right track however my understanding is that only the user that was auth'd has their permissions/roles/creds cached. Also. Cassandra will query at QUORUM for the "cassandra" user, and at LOCAL_ONE for *all* other users. This is the same for creating users/roles.

Re: Internal Security - Authentication & Authorization

I have similar question. when we create users or roles what is the consistency level used? I know, If NOT EXISTS will use SERIAL consistency. what consistency will be used if just use CREATE USER ? On Mon, Mar 13, 2017 at 7:09 PM, Jacob Shadix wrote: > I'm looking for a

Internal Security - Authentication & Authorization

I'm looking for a deeper understanding of how Cassandra interacts with the system_auth keyspace to authenticate/authorize users. Here is what I have pieced together. Please let me know if I am on the right track. A user attempts to connect to Cassandra. Cassandra checks against system_auth for

Re: Authentication with Java driver

ster. > > > With the datastax driver, Session is what manages connection pools to > each node. Cluster manages configuration and a separate connection > ('control connection') to subscribe to state changes (schema changes, node > topology changes, node up/down events). > > > So

Re: Authentication with Java driver

h a cluster. > > > With the datastax driver, Session is what manages connection pools to > each node. Cluster manages configuration and a separate connection > ('control connection') to subscribe to state changes (schema changes, node > topology changes, node up/down events). >

Re: Authentication with Java driver

ents). So, if there are 1000 clients, then with this API it has to create 1000 cluster instances ? I'm unsure how common it is for per-user authentication to be done when connecting to the database. I think an application would normally authenticate with one set of credentials instead of mu

Re: Authentication with Java driver

ontrol connection') to subscribe to state changes (schema changes, node >> topology changes, node up/down events). >> >> >> So, if there are 1000 clients, then with this API it has to create >> 1000 cluster instances ? >> >> >> I'm unsure how comm

Re: Authentication with Java driver

clients, then with this API it has to create > 1000 cluster instances ? > > > I'm unsure how common it is for per-user authentication to be done when > connecting to the database. I think an application would normally > authenticate with one set of credentials instead

Re: Authentication with Java driver

ontrol connection') to subscribe to state changes (schema changes, node topology changes, node up/down events). So, if there are 1000 clients, then with this API it has to create > 1000 cluster instances ? I'm unsure how common it is for per-user authentication to be done when connecting to the dat

Re: Authentication with Java driver

ant to know how to authenticate Cassandra users for multiple instances > with Java driver. > For instance, each thread creates a instance to access Cassandra with > authentication. > > As the implementation example, only the first constructor builds a cluster > and a session. > Other c

Authentication with Java driver

Hi all, I want to know how to authenticate Cassandra users for multiple instances with Java driver. For instance, each thread creates a instance to access Cassandra with authentication. As the implementation example, only the first constructor builds a cluster and a session. Other constructors

Re: Cassandra Authentication

maintenance. >> >> For most users I would suggest 3 < RF <=5 is sufficient. Also make sure >> you don't use the user "Cassandra" in production as authentication queries >> are done at QUORUM. >> >> On Wed, 18 Jan 2017 at 13:41 Jai Bheemsen Rao Dhanwad

Re: Cassandra Authentication

nd manages RF==N and we also control and > manage users, however that entails it's own set of challenges and > maintenance. > > For most users I would suggest 3 < RF <=5 is sufficient. Also make sure > you don't use the user "Cassandra" in production as authentication

Re: Cassandra Authentication

manage users, however that entails it's own set of challenges and > maintenance. > > For most users I would suggest 3 < RF <=5 is sufficient. Also make sure > you don't use the user "Cassandra" in production as authentication queries > are done at QUORUM. > > On We

Re: Cassandra Authentication

We have a process that syncs and manages RF==N and we also control and manage users, however that entails it's own set of challenges and maintenance. For most users I would suggest 3 < RF <=5 is sufficient. Also make sure you don't use the user "Cassandra" in production as authen

Cassandra Authentication

Hello, When enabling Authentication on cassandra, is it required to set the RF same as the no.of nodes( https://docs.datastax.com/en/cql/3.1/cql/cql_using/update_ks_rf_t.html)? or can I live with RF of 3 in each DC (other KS are using 3) If it has to be equal to the number of nodes then, every

RE: Set up authentication on a live production cluster

Thanks for the updates on later versions. My experience on authentication was mostly 1.1 – 2.0. I am glad that it is improving a bit. However, it does seem that it is still wise to start rings with authentication on to avoid this activation procedure. Sean Durity From: li...@beobal.com

Re: Set up authentication on a live production cluster

go about setting up your roles until all nodes in the cluster are on 2.2 or higher, but if they are, then you can. With open source Cassandra you cannot implement authentication without at > least a brief degradation of service (as nodes can’t authenticate) and an > outage (while the keys

Re: Set up authentication on a live production cluster

to >> address. >> >> >> >> Setting up a cluster for authentication (and authorization) requires a >> restart with the properties turned on in cassandra.yaml. However, the actual >> keyspace (system_auth) and tables are not created until the last

Re: Set up authentication on a live production cluster

edentials? That is the first thing to > address. > > > > Setting up a cluster for authentication (and authorization) requires a > restart with the properties turned on in cassandra.yaml. However, the > actual keyspace (system_auth) and tables are not created until the last > node

RE: Set up authentication on a live production cluster

Do the clients already send the credentials? That is the first thing to address. Setting up a cluster for authentication (and authorization) requires a restart with the properties turned on in cassandra.yaml. However, the actual keyspace (system_auth) and tables are not created until the last

Set up authentication on a live production cluster

Hi, I have setup a 16 node cluster (8 per DC; C* 2.2.4) up and running in our production setup. We use Datastax Java driver 2.1.8. I would like to set up Authentication and Authorization in the cluster without breaking the live clients. >From the references I found by googling, I can se

RE: External authentication options for C* (no DSE)

You can write your own using the appropriate interface(s) (for authentication and authorization). However, the interfaces have changed over the years, so it is likely not a write it and forget it bit of code. External security is one of the important features of DSE, though. Sean Durity – Lead

External authentication options for C* (no DSE)

Hi, while for DSE versions of C* it's quite clear what external authentication options are available, I'm not sure about DSC or Apache versions. Can anyone point me to the right documentation on or provide a list of possibilities? Thank you in advance. giampaolo

Re: External authentication options for C* (no DSE)

Search a bit deeper in DSE docs, I've found this: http://www.datastax.com/wp-content/themes/datastax-2014-08/files/FF-DataStax-AdvancedSecurity.pdf . Pratically no external authentication is available for Apache Cassandra. giampaolo 2015-12-23 15:13 GMT+01:00 Giampaolo Trapasso

authentication with cassandra-stress 2.1

nodesfile -un -pw ' The 2.1 version has been totally reworked, and that command fails completely. Looking through the documentation reveals nothing about authenication to cassandra. Google searches have turned up nothing since it's so new. I did try one suggestion about putting authentication

Authentication is failing.

Hi, I have been toying around with CQL. I realized when I GRANT SELECT I lose authentication. Here is the process: Can someone point out what is wrong? ➜ apache-cassandra-2.1.0 bin/cqlsh -u cassandra -p cassandra Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 2.1.0

Re: Authentication is failing.

nishant.has.a.quest...@gmail.com wrote: Hi, I have been toying around with CQL. I realized when I GRANT SELECT I lose authentication. Here is the process: Can someone point out what is wrong? ➜ apache-cassandra-2.1.0 bin/cqlsh -u cassandra -p cassandra Connected to Test Cluster at 127.0.0.1

Re: Authentication is failing.

, Pinak Pani nishant.has.a.quest...@gmail.com wrote: Hi, I have been toying around with CQL. I realized when I GRANT SELECT I lose authentication. Here is the process: Can someone point out what is wrong? ➜ apache-cassandra-2.1.0 bin/cqlsh -u cassandra -p cassandra Connected to Test

Re: Authentication is failing.

, Pinak Pani nishant.has.a.quest...@gmail.com wrote: Hi, I have been toying around with CQL. I realized when I GRANT SELECT I lose authentication. Here is the process: Can someone point out what is wrong? ➜ apache-cassandra-2.1.0 bin/cqlsh -u cassandra -p cassandra Connected to Test

Authentication for Mx4j

Does anyone know how to enable basic authentication of MX4J with Cassandra? Mx4j supports it but not sure how to pass the variables to enable it. I was able to set the listen address and port for the http server, but can't get authentication to work. Rahul Neelakantan

Re: Authentication exception

Did you ran a repair after changing replication factor for system_auth ? On Tue, Jul 29, 2014 at 5:48 PM, Jeremy Jongsma jer...@barchart.com wrote: This is still happening to me; is there anything else I can check? All nodes have NTP installed, all are in sync, all have open communication to

Re: Authentication exception

Yes, and all nodes have had at least two more scheduled repairs since then. On Jul 30, 2014 1:47 AM, Or Sher or.sh...@gmail.com wrote: Did you ran a repair after changing replication factor for system_auth ? On Tue, Jul 29, 2014 at 5:48 PM, Jeremy Jongsma jer...@barchart.com wrote: This is

Re: Authentication exception

This is still happening to me; is there anything else I can check? All nodes have NTP installed, all are in sync, all have open communication to each other. But usually first thing in the morning, I get this auth exception. A little while later, it starts working. I'm very puzzled. On Tue, Jul

Re: Authentication exception

Verified all clocks are in sync. On Mon, Jul 21, 2014 at 10:03 PM, Rahul Menon ra...@apigee.com wrote: I could you perhaps check your ntp? On Tue, Jul 22, 2014 at 3:35 AM, Jeremy Jongsma jer...@barchart.com wrote: I routinely get this exception from cqlsh on one of my clusters:

Authentication exception

I routinely get this exception from cqlsh on one of my clusters: cql.cassandra.ttypes.AuthenticationException: AuthenticationException(why='org.apache.cassandra.exceptions.ReadTimeoutException: Operation timed out - received only 2 responses.') The system_auth keyspace is set to replicate X

Re: Authentication exception

I could you perhaps check your ntp? On Tue, Jul 22, 2014 at 3:35 AM, Jeremy Jongsma jer...@barchart.com wrote: I routinely get this exception from cqlsh on one of my clusters: cql.cassandra.ttypes.AuthenticationException:

Re: Cassandra Client authentication and system table replication question

cassandra client authentication and have set new user/pass per keyspace. As I understand user/pass is stored in the system table, do we need to change the replication factor of the system table so this data is replicated? The cluster is going to be multi-dc. Thanks Anand

Cassandra Client authentication and system table replication question

Hi We have enabled cassandra client authentication and have set new user/pass per keyspace. As I understand user/pass is stored in the system table, do we need to change the replication factor of the system table so this data is replicated? The cluster is going to be multi-dc. Thanks Anand

Re: Cassandra Client authentication and system table replication question

Correction credentials are stored in the system_auth table, so it is ok/recommended to change the replication factor of that keyspace? On Tue, Apr 29, 2014 at 10:41 PM, Anand Somani meatfor...@gmail.com wrote: Hi We have enabled cassandra client authentication and have set new user/pass per

Re: user / password authentication advice

You could use CassandraAuthorizer and PaaswordAuthenticator which ships with Cassandra. See this article[1] for a good overview. [1] http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra On Thursday

user / password authentication advice

Hi, I’m using Cassandra in an environment where many users can login to use an application I’m developing. I’m curious if anyone has any advice or links to documentation / blogs where it discusses common implementations or best practices for user and password authentication. My cursory search

Re: user / password authentication advice

Not sure if you are asking about the authentication authorisation in cassandra or how to implemented the same using cassandra. info on the cassandra authentication and authorisation is here http://www.datastax.com/documentation/cassandra/2.0/webhelp/index.html#cassandra/security

Re: user / password authentication advice

Hi! You're right, this isn't really Cassandra-specific. Most languages/web frameworks have their own way of doing user authentication, and then you just typically write a plugin that just stores whatever data the system needs in Cassandra. For example, if you're using Java (or Scala

Re: user / password authentication advice

OK, thanks for getting me going in the right direction. I imagine most people would store password and tokenized authentication information in a single table, using the username (e.g. email address) as the key? On Dec 11, 2013, at 10:44 PM, Janne Jalkanen janne.jalka...@ecyrd.com wrote: Hi

High CPU usage with authentication enabled

great as long as authentication is disabled (using the AllowAll* modules.) In that configuration CPU usage on the application servers and the Cassandra servers is minimal. But as soon as enable authentication the CPU usage on the Cassandra nodes shoots up to around 150% on all nodes, and any requests

Re: High CPU usage with authentication enabled

great as long as authentication is disabled (using the AllowAll* modules.) In that configuration CPU usage on the application servers and the Cassandra servers is minimal. But as soon as enable authentication the CPU usage on the Cassandra nodes shoots up to around 150% on all nodes, and any

Re: High CPU usage with authentication enabled

, like MD5. It's not ideal but it's better than turning off authentication altogether.

Re: Added nodes to cluster, authentication stopped working

'. When I created the Cluster I disabled the 'cassandra' superuser and now I can't do anything on my Cluster. Is there any method to reset a user and/or password, or recreate a new superuser?? Otherwise I need to drop all the data from the cluster... Since even disabling authentication

Added nodes to cluster, authentication stopped working

to reset a user and/or password, or recreate a new superuser?? Otherwise I need to drop all the data from the cluster... Since even disabling authentication and authorization my clients give errors writting data.

Re: Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family

Sorry for not following up on this one in time. I filed a JIRA (5651) and it seems user lookup is here to stay. https://issues.apache.org/jira/browse/CASSANDRA-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel On a related note, that column family is, by default, set up to

Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family

Hi,     We have a custom  authenticator that works well with Cassandra 1.1.5. When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName()) if the AuthenticatedUser is not Anonymous user. This isExistingUser method

Re: Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family

. When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName()) if the AuthenticatedUser is not Anonymous user. This isExistingUser method does a query on system_auth.users and if it cannot find the name there, throw

Re: Authentication and Authorization with Cassandra 1.2.2.

authentication and authorization mechanism. The classes org.apache.cassandra.auth.PasswordAuthenticator (authenticator) and org.apache.cassandra.auth.CassandraAuthorizer (authorization) provide that. They both write to a keyspace called system_auth and there are 2 column families that are used

1.2 Authentication

exist - create it with CREATE USER query first) What does create it with CREATE USER query first mean? I put debug information in SimpleAuthenticator class, that showed authentication is passed in the authenticate() method. Thanks, Daning

Re: Cassandra Authentication

practices for addessing security for Cassandra on AWS. Besides Security Groups in AWS how is Cassandra Client to Cluster authentication handled best? There used to be a SimpleAuthenticator that has been moved to Examples. Any recommendations/experiences that you could share? Any hints

Cassandra Authentication

Hi, we are using Cassandra v1.0.8 with Hector v1.0-5 and would like to move our current system to an operational setting based on Amazon AWS. What are best practices for addessing security for Cassandra on AWS. Besides Security Groups in AWS how is Cassandra Client to Cluster authentication

Re: Cassandra Authentication

for Cassandra on AWS. Besides Security Groups in AWS how is Cassandra Client to Cluster authentication handled best? There used to be a SimpleAuthenticator that has been moved to Examples. Any recommendations/experiences that you could share? Any hints and guidance is higly appreciated

Re: [Windows] How to configure simple authentication and authorization ?

Have you build and installed SimpleAuthenticator from the source repository? It is not included in the binary kit. maki 2012/3/14 Sabbiolina sabbiol...@gmail.com: HI. I followed this: To set up simple authentication and authorization 1. Edit cassandra.yaml, setting

Re: [Windows] How to configure simple authentication and authorization ?

watanabe.m...@gmail.comwrote: Have you build and installed SimpleAuthenticator from the source repository? It is not included in the binary kit. maki 2012/3/14 Sabbiolina sabbiol...@gmail.com: HI. I followed this: To set up simple authentication and authorization 1. Edit

[Windows] How to configure simple authentication and authorization ?

HI. I followed this: To set up simple authentication and authorization 1. Edit cassandra.yaml, setting org.apache.cassandra.auth.SimpleAuthenticator as the authenticator value. The default value of AllowAllAuthenticator is equivalent to no authentication. 2. Edit access.properties, adding

datastax opscenter authentication

I am trying to integrate opscenter in our environment and I was wondering if we can use PAM authentication instead of a password file for opscenter authentication? thanks Ramesh

Re: datastax opscenter authentication

Unfortunately the current method using a password file is the only option for authentication in OpsCenter at the moment. I've noted PAM authentication as a feature request though. On Mon, Jan 23, 2012 at 8:16 AM, Ramesh Natarajan rames...@gmail.com wrote: I am trying to integrate opscenter

Re: Authentication setup

alexander.kono...@gmail.com wrote: Hello :-) Does anyone have a working config with normal secure authentication? I've just installed Cassandra 1.0.0 and see that SimpleAuthenticate is meant to be non-secure and was moved to examples. I need a production config - so I've tried to write

Re: Authentication setup

to implement this for now. On Fri, Oct 21, 2011 at 6:53 PM, Alexander Konotop alexander.kono...@gmail.com wrote: Hello :-) Does anyone have a working config with normal secure authentication? I've just installed Cassandra 1.0.0 and see that SimpleAuthenticate is meant to be non

Authentication setup

Hello :-) Does anyone have a working config with normal secure authentication? I've just installed Cassandra 1.0.0 and see that SimpleAuthenticate is meant to be non-secure and was moved to examples. I need a production config - so I've tried to write this to config: authenticator

Custom Authentication with Cassandra

Hi, We are trying out Custom Authentication (with Database) with Cassandra, by implementing IAuthenticator interface. We are storing the following details in a properties file and passing the location of the properties file as a startup parameter to Cassandra 1. DB URL 2. DB

Re: Custom Authentication with Cassandra

On Tue, Jul 19, 2011 at 5:50 AM, Chandrasekhar M chandrasekha...@impetus.co.in wrote: If one logs into the client (Cassandra Cli) without a userid or password, an exception is thrown, but login happens into the shell as default@unknown. Are you really authenticated at that point or does the cli

RE: Custom Authentication with Cassandra

Hi, Appears to me that the CLI allows login even though there is an authentication exception. At that point there is actually no user id/pwd, ie, both are empty strings. If necessary, I can send the code, I am using for the CustomAuthentication. Regards Chandra -Original Message

Re: Custom Authentication with Cassandra

It lets you insert data as if you were authorized? On Tue, Jul 19, 2011 at 2:55 PM, Chandrasekhar M chandrasekha...@impetus.co.in wrote: Hi, Appears to me that the CLI allows login even though there is an authentication exception. At that point there is actually no user id/pwd, ie, both

Re: Multi-tenancy, and authentication and authorization

As far as I can tell, if Cassandra supports three levels of configuration (server, keyspace, column family) we can support multi-tenancy. It is trivial to give each tenant their own keyspace (e.g. just use the tenant's id as the keyspace name) and let them go wild. (Any out-of-bounds behavior on

Re: Multi-tenancy, and authentication and authorization

Thanks David We decided to do it at our client-side as the initial implementation. I will investigate the approaches for supporting the fine grained control of the resources consumed by a sever, tenant, and CF. Thanks, Indika On Thu, Jan 20, 2011 at 3:20 PM, David Boxenhorn

Re: Multi-tenancy, and authentication and authorization

I have added my comments to this issue: https://issues.apache.org/jira/browse/CASSANDRA-2006 Good luck! On Thu, Jan 20, 2011 at 1:53 PM, indika kumara indika.k...@gmail.comwrote: Thanks David We decided to do it at our client-side as the initial implementation. I will investigate the

Re: Multi-tenancy, and authentication and authorization

Hi, I have a question that somewhat related to the above. Is there a tool that predicts the resource consumption (i.e, memory, disk, CPU) in an offline mode? Means it is given with the storage conf parameters, ks, CFs and data model, and then application parameters such read/write average rates.

Re: Multi-tenancy, and authentication and authorization

I do not have a better knowledge about the Cassandra. As per my knowledge, there is no such a tool. I believe, such a tool would be worth. Thanks, Indika On Thu, Jan 20, 2011 at 6:15 PM, Mimi Aluminium mimi.alumin...@gmail.comwrote: Hi, I have a question that somewhat related to the above.

Re: Multi-tenancy, and authentication and authorization

Opened https://issues.apache.org/jira/browse/CASSANDRA-2006 with the solution we had suggested on the MultiTenant wiki page. On Tue, Jan 18, 2011 at 11:56 PM, David Boxenhorn da...@lookin2.com wrote: I think tuning of Cassandra is overly complex, and even with a single tenant you can run into

Re: Multi-tenancy, and authentication and authorization

Right now there is a one-to-one mapping between memtables and SSTables. Instead of that, would it be possible to have one giant memtable for each Cassandra instance, with partial flushing to SSTs? I think a complication here is that, although I agree things need to be easier to tweak at least

Re: Multi-tenancy, and authentication and authorization

I'm not sure that you'd still want to retain the ability to individually control how flushing happens on a per-cf basis in order to cater to different workloads that benefit from different flushing behavior. It seems to me like a good system-wide algorithm that works dynamically, and takes into

Re: Multi-tenancy, and authentication and authorization

+1 On Wed, Jan 19, 2011 at 10:35 AM, Stu Hood stuh...@gmail.com wrote: Opened https://issues.apache.org/jira/browse/CASSANDRA-2006 with the solution we had suggested on the MultiTenant wiki page. On Tue, Jan 18, 2011 at 11:56 PM, David Boxenhorn da...@lookin2.comwrote: I think tuning of

Re: Multi-tenancy, and authentication and authorization

As the actual problem is mostly related to the number of CFs in the system (may be number of the columns), I still believe that supporting exposing the Cassandra ‘as-is’ to a tenant is doable and suitable though need some fixes. That multi-tenancy model allows a tenant to use the programming

Re: Multi-tenancy, and authentication and authorization

Yes, the way I see it - and it becomes even more necessary for a multi-tenant configuration - there should be completely separate configurations for applications and for servers. - Application configuration is based on data and usage characteristics of your application. - Server configuration is

Re: Multi-tenancy, and authentication and authorization

+1 Are there JIRAs for these requirements? I would like to contribute from my capacity. As per my understanding, to support some muti-tenant models, it is needed to qualified keyspaces' names, Cfs' names, etc. with the tenant namespace (or id). The easiest way to do this would be to modify

Re: Multi-tenancy, and authentication and authorization

Moving to user list On Tue, Jan 18, 2011 at 4:05 PM, Aaron Morton aa...@thelastpickle.comwrote: Have a read about JVM heap sizing here http://wiki.apache.org/cassandra/MemtableThresholds If you let people create keyspaces with a mouse click you will soon run out of memory. I use Cassandra

Re: Multi-tenancy, and authentication and authorization

Hi Aaron, I appreciate your help. I am a newbie to Cassandra - just began to study the code-base. Do you suggest the following approach? *1) No changes are in either keyspace names or column family names but the row-key would be ‘the actual row key’ + 'tenant ID'. It is needed to keep separate

Re: Multi-tenancy, and authentication and authorization

Hi Aaron, I read some articles about the Cassandra, and now understand a little bit about trade-offs. I feel the goal should be to optimize memory as well as performance. I have to consider the number of column families, the columns per a family, the number of rows, the memtable’s threshold, and

Re: Multi-tenancy, and authentication and authorization

Hi Indika, I've done a lot of work using the keyspace per tenant model, and I'm seeing big problems with the memory consumption, even though it's certainly the most clean way to implement it. Luckily, before I used the keyspace per tenant approach, I'd implemented my system using a single

Re: Multi-tenancy, and authentication and authorization

Feel free to use that wiki page or another wiki page to collaborate on more pressing multi tenant issues. The wiki is editable by all. The MultiTenant page was meant as a launching point for tracking progress on things we could think of wrt MT. Obviously the memtable problem is the largest

Re: Multi-tenancy, and authentication and authorization

Hi Jeremy, thanks, I was really coming at it from the question of whether keyspaces were a functional basis for multitenancy in Cassandra. I think the MT issues discussed on the wiki page are the , but I'd like to get a better understanding of the core issue of keyspaces and then try to get that

  1   2   >