yifan-c commented on code in PR #212: URL: https://github.com/apache/cassandra-sidecar/pull/212#discussion_r2116873672
########## server/src/main/java/org/apache/cassandra/sidecar/config/LiveMigrationConfiguration.java: ########## @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.config; + +import java.util.Map; +import java.util.Set; + +/** + * Configuration for Live Migration feature. + */ +public interface LiveMigrationConfiguration +{ + + /** + * Files to be excluded from Live Migration. + * @return set of file exclusion patterns. + */ + Set<String> filesToExclude(); + + /** + * Directories to be excluded from Live Migration. + * @return set of directory exclusion patterns. + */ + Set<String> directoriesToExclude(); + + /** + * Map of source and destination Cassandra instances to migrate. + * + * @return Map of strings where key is the source instance name and value is the destination instance name. + */ + Map<String, String> migrationMap(); +} Review Comment: Thanks for the explanation! However, I am not convinced. > The map should be determined by the admin/operator but not the caller. Accepting remote host as part of the migration request becomes security risk. Who is the target audience of this feature? I think they are the admin/operators. The security risk should not be resolved by how task is configured, but via authn & authz. In fact, this patch contains the access control already. Cluster admins can configure that only admins have the permission to invoke the APIs. It is a requirement already. > Cassandra won't be running when the sidecar is started at the destination. So it cannot fetch sidecar internal keyspace for the config. Does sidecar running in one host talks to Cassandra running in other hosts? Sidecar has access to the pairing cassandra cluster only, but not other clusters. You are right, that the sidecar instances in the target cluster won't have access to Cassandra. Now, I am just thinking out. In CEP-40, the approach is a pull model, i.e. target sidecar instances pull from source cluster. What if the control is inverted? Briefly, in this sequence, 1. Operator submit task to source cluster (sidecar) via an API and the config is persisted 2. [Optional] an explicit step to start live migration 3. Each source sidecar instance behaves as a coordinator, who performs the steps of sync describe in CEP-40, i.e. contacts the assigned sidecar instance (according to the mapping in the config) to do the initial and last pull, validation, etc. Does it sound right to you? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For additional commands, e-mail: pr-h...@cassandra.apache.org
