Re: Dropping Python 3.6 support in 4.1

[Michael Shuler]

This. RHEL8 is going to be around for a long while, so I'd say 
python-3.6 should not be dropped for a long while. 2029 EOL is the date 
I see on the RHEL8 Planning Guide[0]..


I saw the RHEL7/CentOS7 comments earlier and immediately thought about 
RHEL8 and python-3.6, since I'm working in that OS environment lately, 
along with C* being one small component of the system..


[0] https://access.redhat.com/support/policy/updates/errata

Kind regards,
Michael

On 4/6/22 11:13, Gerald Henriksen wrote:

On Tue, 5 Apr 2022 12:20:49 +0100, you wrote:


I would strongly recommend keeping Python 3.6 compatibility until
2024-06-30 when the CentOS 7 maintenance updates is stopped.


I would point out that the RHEL 8.* (as seen on Rocky Linux 8.5)
releases come with Python 3.6 and I don't see anything newer in the
EPEL repository for the 8.* series of releases.

Re: Performance Engineering Track at ApacheCon NA?

[Dinesh Joshi]

That’s great to hear. I would also be available to help review submissions.

> On Apr 6, 2022, at 8:14 AM, Sharan Foga  wrote:
> 
> Hi Paulo 
> 
> We have great news - the Performance Engineering track has been accepted so 
> we will be looking to encourage and promote CFP submissions for it. We are 
> also looking for reviewers to help us rate the submissions---if you are still 
> interested in doing that. ;-)
> 
> Thanks
> Sharan
> 
>> On 2022/03/16 15:36:04 Sharan Foga wrote:
>> Hi Paulo
>> 
>> Thanks for the feedback. If we do get the track accepted then we will 
>> definitely be needing help reviewing the submissions - so may take you up on 
>> your offer :-)
>> 
>> Thanks
>> Sharan
>> 
>>> On 2022/03/14 16:32:23 Paulo Motta wrote:
>>> This Apachecon track sounds fun! I hope someone from the Cassandra
>>> community steps up to help on this track.
>>> 
>>> I would be happy to help on reviews but not organize the event per se as I
>>> will likely not attend the event.
>>> 
 Em sex., 11 de mar. de 2022 às 09:26, sharanf  escreveu:
>>> 
 Hi All
 
 The call for tracks for ApacheCon NA is open. There is a suggestion to
 try and run a Performance Engineering track at ApacheCon this year. At
 the end of the message I have included some details including a
 definition of what we mean by it and some reasoning about why it could
 be good to run. We have a list of projects that have something to do
 with performance engineering and if you take a look -  you will see that
 this project is on the list!
 
 So what I need is a some feedback as to whether the community thinks
 that this could be an interesting track topic to run at ApacheCon..and
 more importantly would the community be willing to submit talks for it
 or attend ApacheCon to see it.
 
 Like I say - this is just an idea at this stage. If the Performance
 Engineering track does get approval to be included at ApacheCon  - do we
 have any volunteers willing to help with managing and promoting the
 track on behalf of the project?
 
 Thanks
 Sharan
 
 -
 
 *Performance Engineering*  is the science and practice of engineering
 software with the required performance and scalability characteristics.
 Many Apache projects focus on solving hard Big Data performance and
 scalability challenges, while others provide tools for performance
 engineering - but there are few projects that don’t care about some
 aspect of software performance.
 
 This track will enable Apache projects members to share their
 experiences of performance engineering best practices, tools,
 techniques, and results, from their own communities, with the benefits
 of cross-fertilization between projects. Performance Engineering in the
 wider open source community is pervasive and includes methods and tools
 (including automation and agile approaches) for performance:
 architecting and design, benchmarking, monitoring, tracing, analysis,
 prediction, modeling and simulation, testing and reporting, regression
 testing, and source code analysis and instrumentation techniques.
 
 Performance Engineering also has wider applicability to DevOps, the
 operation of cloud platforms by managed service providers (hence some
 overlap with SRE - Site Reliability Engineering), and customer
 application performance and tuning.  This track would therefore be
 applicable to the wider open source community.
 
 *SUPPORTING DETAILS*
 
 *Google Searches*
 Google “Open source performance engineering” has 4,180,000,000 results
 Google “site:apache.org  performance” has 147,000
 results
 
 *Apache Projects *which may have some interest in, or focus on,
 performance (just the top results):
 JMeter, Cassandra, Storm, Spark, Samza, Pulsar, Kafka, Log4J, SystemML,
 Drill, HTTP Server, Cayenne, ActiveMQ, Impala, Geode, Flink, Ignite,
 Impala, Lucene, TVM, Tika, YuniKorn, Solr, Iceberg, Dubbo, Hudi,
 Accumulo, Xerces, MXNet, Zookeeper
 
 *Incubator projects *which may have some interest in, or focus on,
 performance**(again just top results):
 Crail, Eagle, Nemo, Skywalking, MXnet, HAWQ, Mnemonic, CarbonData,
 Drill, ShenYu, Tephra, Sedona
 
 *References *(randomly selected to show the range of open-source
 performance engineering topics available, rather than the quality of
 articles):
 
  1. Performance Engineering for Apache Spark and Databricks Runtime
 ETHZ, Big Data HS19
 <
 https://archive-systems.ethz.ch/sites/default/files/courses/2019-fall/bigdata/Databricks%20ETHZ%20Big%20Data%20HS19.pdf
> 
  2. Real time insights into LinkedIn's performance using Apache Samza
 <
 

Re: JMX exposing non-standard java classes, to fix requires a breaking change

[David Capwell]

>
> I noticed in DatabaseDescriptor there are setters that are leaking it to
> JMX since cassandra-3.0. I am not sure whether we can just change it to
> IllegalArgumentException which will be then also thrown on startup where
> they were ConfigurationExceptions before


My concern here is maintenance, you can fix it once but it will break
again. I feel we need a more general solution, open to input here!

Looking into our own NodeTool we have two error codes - 1 that catches a
> few java and airlift exceptions and 2 for other errors. My guess is we aim
> to throw only exceptions that will lead to exit code 1, no? I am not sure.


Good point, nodetool is also a client to the JMX, but fully knows our API,
whatever solution we do we need to be careful with nodetool's assumptions.
Looking at org.apache.cassandra.tools.NodeTool#execute it doesn't look like
these errors are JMX related, but nodetool related (airlift is the CLI
parser used in nodetool); but IllegalArgumentException and
IllegalStateException could have been caused from a JMX call
(RuntimeException thrown from Cassandra would result in status = 2)

In many setters we were actually not doing the same checks we do on Startup
> too… I consider this being a bug.


Agree, if you can bypass our guards via JMX, that sounds like a bug to me


On Wed, Apr 6, 2022 at 8:50 AM Ekaterina Dimitrova 
wrote:

> I would say keep the old ones and add new ones to be compatible in
> addition.
> Now your catch led me to more thinking and I think throwing
> ConfigurationException deserves more attention. I noticed in
> DatabaseDescriptor there are setters that are leaking it to JMX since
> cassandra-3.0. I am not sure whether we can just change it to
> IllegalArgumentException which will be then also thrown on startup where
> they were ConfigurationExceptions before.
> Not sure what is the right course of action here to fix things without
> being considered breaking changes too as I see different people doing
> different things in our codebase.
> Looking into our own NodeTool we have two error codes - 1 that catches a
> few java and airlift exceptions and 2 for other errors. My guess is we aim
> to throw only exceptions that will lead to exit code 1, no? I am not sure.
> GetColumnIndexSize was added in trunk and I see it throws
> ConfigurationException, that was acknowledged in its test. Considering the
> setter was always doing it I guess this was just normal addition but It
> seems to me it is actually a bug… Now I can change it to throw
> IllegalArgumentException. Looking at the code I think different people
> probably have different understanding so I want to align us to ensure we
> don’t break tools by fixing or not stuff…
> In many setters we were actually not doing the same checks we do on
> Startup too… I consider this being a bug.
>
> On Tue, 5 Apr 2022 at 18:21, David Capwell  wrote:
>
>> There are 2 places that expose non-standard java classes, so JMX only
>> works if and only if the JMX client also has Cassandra's jars, else
>> they will fail; the 2 examples are
>>
>> org.apache.cassandra.service.StorageServiceMBean#enableAuditLog throws
>> org.apache.cassandra.exceptions.ConfigurationException, removing that
>> exception does not break binary compatibility, but does break source
>> as javac will say catching it isn't allowed as it doesn't throw.  If
>> you call the method without Cassandra jars the method will work
>> properly until a ConfigurationException is thrown, in which case a
>> ClassNotFoundException will be thrown, hiding the error message.
>>
>>
>> org.apache.cassandra.db.ColumnFamilyStoreMBean#forceCompactionForTokenRange
>> takes a collection of
>> org.apache.cassandra.dht.Range, since
>> this is an operation the only people who could call it are those with
>> the jars in the path.
>>
>> Given that both are not properties and require setting values, jmx get
>> object does not break, so the impact is limited to the callers of each
>> method.
>>
>> We have a few options to address:
>>
>> 1) live with it.  Allow these cases to keep doing what they are doing,
>> but block new cases from popping up
>> 2) live with it, but expose new versions which do not break JMX
>> 3) remove ConfigurationException from
>> StorageServiceMBean#enableAuditLog and accept the source compatibility
>> issue
>> 4) remove or fix ColumnFamilyStoreMBean#forceCompactionForTokenRange
>> 5) #3 and #4
>>
>> What do others think?  In CASSANDRA-17527 I am adding a test to detect
>> these cases and block them, I am also fixing the JMX issues on trunk
>> that were not released, so this thread is only limited to the cases
>> that were actually released
>>
>> Thanks!
>>
>

Re: Dropping Python 3.6 support in 4.1

[Gerald Henriksen]

On Tue, 5 Apr 2022 12:20:49 +0100, you wrote:

>I would strongly recommend keeping Python 3.6 compatibility until 
>2024-06-30 when the CentOS 7 maintenance updates is stopped.

I would point out that the RHEL 8.* (as seen on Rocky Linux 8.5)
releases come with Python 3.6 and I don't see anything newer in the
EPEL repository for the 8.* series of releases.

Re: JMX exposing non-standard java classes, to fix requires a breaking change

[Ekaterina Dimitrova]

I would say keep the old ones and add new ones to be compatible in addition.
Now your catch led me to more thinking and I think throwing
ConfigurationException deserves more attention. I noticed in
DatabaseDescriptor there are setters that are leaking it to JMX since
cassandra-3.0. I am not sure whether we can just change it to
IllegalArgumentException which will be then also thrown on startup where
they were ConfigurationExceptions before.
Not sure what is the right course of action here to fix things without
being considered breaking changes too as I see different people doing
different things in our codebase.
Looking into our own NodeTool we have two error codes - 1 that catches a
few java and airlift exceptions and 2 for other errors. My guess is we aim
to throw only exceptions that will lead to exit code 1, no? I am not sure.
GetColumnIndexSize was added in trunk and I see it throws
ConfigurationException, that was acknowledged in its test. Considering the
setter was always doing it I guess this was just normal addition but It
seems to me it is actually a bug… Now I can change it to throw
IllegalArgumentException. Looking at the code I think different people
probably have different understanding so I want to align us to ensure we
don’t break tools by fixing or not stuff…
In many setters we were actually not doing the same checks we do on Startup
too… I consider this being a bug.

On Tue, 5 Apr 2022 at 18:21, David Capwell  wrote:

> There are 2 places that expose non-standard java classes, so JMX only
> works if and only if the JMX client also has Cassandra's jars, else
> they will fail; the 2 examples are
>
> org.apache.cassandra.service.StorageServiceMBean#enableAuditLog throws
> org.apache.cassandra.exceptions.ConfigurationException, removing that
> exception does not break binary compatibility, but does break source
> as javac will say catching it isn't allowed as it doesn't throw.  If
> you call the method without Cassandra jars the method will work
> properly until a ConfigurationException is thrown, in which case a
> ClassNotFoundException will be thrown, hiding the error message.
>
> org.apache.cassandra.db.ColumnFamilyStoreMBean#forceCompactionForTokenRange
> takes a collection of
> org.apache.cassandra.dht.Range, since
> this is an operation the only people who could call it are those with
> the jars in the path.
>
> Given that both are not properties and require setting values, jmx get
> object does not break, so the impact is limited to the callers of each
> method.
>
> We have a few options to address:
>
> 1) live with it.  Allow these cases to keep doing what they are doing,
> but block new cases from popping up
> 2) live with it, but expose new versions which do not break JMX
> 3) remove ConfigurationException from
> StorageServiceMBean#enableAuditLog and accept the source compatibility
> issue
> 4) remove or fix ColumnFamilyStoreMBean#forceCompactionForTokenRange
> 5) #3 and #4
>
> What do others think?  In CASSANDRA-17527 I am adding a test to detect
> these cases and block them, I am also fixing the JMX issues on trunk
> that were not released, so this thread is only limited to the cases
> that were actually released
>
> Thanks!
>

Re: Podcast Interviews for Feathercast

[Aaron Ploetz]

Sharan,

FWIW - Patrick and I are also working on putting together a Cassandra
podcast in the near future.  Perhaps we could work together?  Drop me a
message at aaron.plo...@datastax.com, and I'd be happy to set up some time
to discuss.

Thanks,

Aaron


On Wed, Apr 6, 2022 at 10:07 AM Sharan Foga  wrote:

> Hi All
>
> A quick update - I am working with someone on a potential first Cassandra
> related podcast. We are just looking at the questions and interview format
> etc to see how that could work.
>
> Thanks
> Sharan
>
> On 2022/04/02 11:43:32 Mick Semb Wever wrote:
> > >
> > >
> > > For those who are not familiar with FeatherCast
> > >  -  its the ASF's podcast channel
> that
> > > we generally use to help promote projects.
> > >
> > > Looking through the list of published content I see that there are a
> few
> > > interviews about Cassandra <
> https://feathercast.apache.org/?s=cassandra>
> > > but they are a few years old - so if anyone is interested in being
> > > interviewed then please let me know and we can set something up.
> > >
> > >
> >
> > This is an awesome opportunity. I recommend any and all committers to
> take
> > advantage of it.
> >
> > Chris / Melissa, when we do an 'inside cassandra … interview' for the
> > website, we should offer the contributor the opportunity to follow it up
> > with one of these podcasts.
> >
>

Re: Performance Engineering Track at ApacheCon NA?

[Sharan Foga]

Hi Paulo 

We have great news - the Performance Engineering track has been accepted so we 
will be looking to encourage and promote CFP submissions for it. We are also 
looking for reviewers to help us rate the submissions---if you are still 
interested in doing that. ;-)

Thanks
Sharan

On 2022/03/16 15:36:04 Sharan Foga wrote:
> Hi Paulo
> 
> Thanks for the feedback. If we do get the track accepted then we will 
> definitely be needing help reviewing the submissions - so may take you up on 
> your offer :-)
> 
> Thanks
> Sharan
> 
> On 2022/03/14 16:32:23 Paulo Motta wrote:
> > This Apachecon track sounds fun! I hope someone from the Cassandra
> > community steps up to help on this track.
> > 
> > I would be happy to help on reviews but not organize the event per se as I
> > will likely not attend the event.
> > 
> > Em sex., 11 de mar. de 2022 às 09:26, sharanf  escreveu:
> > 
> > > Hi All
> > >
> > > The call for tracks for ApacheCon NA is open. There is a suggestion to
> > > try and run a Performance Engineering track at ApacheCon this year. At
> > > the end of the message I have included some details including a
> > > definition of what we mean by it and some reasoning about why it could
> > > be good to run. We have a list of projects that have something to do
> > > with performance engineering and if you take a look -  you will see that
> > > this project is on the list!
> > >
> > > So what I need is a some feedback as to whether the community thinks
> > > that this could be an interesting track topic to run at ApacheCon..and
> > > more importantly would the community be willing to submit talks for it
> > > or attend ApacheCon to see it.
> > >
> > > Like I say - this is just an idea at this stage. If the Performance
> > > Engineering track does get approval to be included at ApacheCon  - do we
> > > have any volunteers willing to help with managing and promoting the
> > > track on behalf of the project?
> > >
> > > Thanks
> > > Sharan
> > >
> > > -
> > >
> > > *Performance Engineering*  is the science and practice of engineering
> > > software with the required performance and scalability characteristics.
> > > Many Apache projects focus on solving hard Big Data performance and
> > > scalability challenges, while others provide tools for performance
> > > engineering - but there are few projects that don’t care about some
> > > aspect of software performance.
> > >
> > > This track will enable Apache projects members to share their
> > > experiences of performance engineering best practices, tools,
> > > techniques, and results, from their own communities, with the benefits
> > > of cross-fertilization between projects. Performance Engineering in the
> > > wider open source community is pervasive and includes methods and tools
> > > (including automation and agile approaches) for performance:
> > > architecting and design, benchmarking, monitoring, tracing, analysis,
> > > prediction, modeling and simulation, testing and reporting, regression
> > > testing, and source code analysis and instrumentation techniques.
> > >
> > > Performance Engineering also has wider applicability to DevOps, the
> > > operation of cloud platforms by managed service providers (hence some
> > > overlap with SRE - Site Reliability Engineering), and customer
> > > application performance and tuning.  This track would therefore be
> > > applicable to the wider open source community.
> > >
> > > *SUPPORTING DETAILS*
> > >
> > > *Google Searches*
> > > Google “Open source performance engineering” has 4,180,000,000 results
> > > Google “site:apache.org  performance” has 147,000
> > > results
> > >
> > > *Apache Projects *which may have some interest in, or focus on,
> > > performance (just the top results):
> > > JMeter, Cassandra, Storm, Spark, Samza, Pulsar, Kafka, Log4J, SystemML,
> > > Drill, HTTP Server, Cayenne, ActiveMQ, Impala, Geode, Flink, Ignite,
> > > Impala, Lucene, TVM, Tika, YuniKorn, Solr, Iceberg, Dubbo, Hudi,
> > > Accumulo, Xerces, MXNet, Zookeeper
> > >
> > > *Incubator projects *which may have some interest in, or focus on,
> > > performance**(again just top results):
> > > Crail, Eagle, Nemo, Skywalking, MXnet, HAWQ, Mnemonic, CarbonData,
> > > Drill, ShenYu, Tephra, Sedona
> > >
> > > *References *(randomly selected to show the range of open-source
> > > performance engineering topics available, rather than the quality of
> > > articles):
> > >
> > >   1. Performance Engineering for Apache Spark and Databricks Runtime
> > >  ETHZ, Big Data HS19
> > >  <
> > > https://archive-systems.ethz.ch/sites/default/files/courses/2019-fall/bigdata/Databricks%20ETHZ%20Big%20Data%20HS19.pdf
> > > >
> > >   2. Real time insights into LinkedIn's performance using Apache Samza
> > >  <
> > > https://engineering.linkedin.com/samza/real-time-insights-linkedins-performance-using-apache-samza
> > > >
> > >   3. A day in the life of an open source performance 

Re: Podcast Interviews for Feathercast

[Sharan Foga]

Hi All

A quick update - I am working with someone on a potential first Cassandra 
related podcast. We are just looking at the questions and interview format etc 
to see how that could work.

Thanks
Sharan

On 2022/04/02 11:43:32 Mick Semb Wever wrote:
> >
> >
> > For those who are not familiar with FeatherCast
> >  -  its the ASF's podcast channel that
> > we generally use to help promote projects.
> >
> > Looking through the list of published content I see that there are a few
> > interviews about Cassandra 
> > but they are a few years old - so if anyone is interested in being
> > interviewed then please let me know and we can set something up.
> >
> >
> 
> This is an awesome opportunity. I recommend any and all committers to take
> advantage of it.
> 
> Chris / Melissa, when we do an 'inside cassandra … interview' for the
> website, we should offer the contributor the opportunity to follow it up
> with one of these podcasts.
> 

Re: UDF: adding custom jar to classpath

[Sébastien Rebecchi]

OK, that seems clear now :)
I understood from our conversations
that "enable_user_defined_functions_threads: false" would disable the UDF'
specific class loader but it seems I understood wrongly, so the only way to
use custom packages in UDF is to modify source code.
Many thanks!


Le mer. 6 avr. 2022 à 16:35, bened...@apache.org  a
écrit :

> The property you are setting permits some kinds of privilege escalation,
> but by default classes outside of those pre-defined by the whitelist are
> not permitted. This is imposed here:
> https://github.com/apache/cassandra/blob/210793f943dc522161fd26b6192f38a5c83fa131/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L168
>
>
>
> You will need to modify the source code to e.g. add additional
> allowedPatterns, or perhaps to permit additional patterns to be configured
> at startup.
>
>
>
> *From: *Sébastien Rebecchi 
> *Date: *Wednesday, 6 April 2022 at 15:15
> *To: *dev@cassandra.apache.org ,
> e.dimitr...@gmail.com 
> *Cc: *ble...@apache.org 
> *Subject: *Re: UDF: adding custom jar to classpath
>
> Hi Ekaterina,
>
>
>
> I use 4.0.1.
>
> But as I said I added a jar in classpath (/usr/share/cassandra/lib/ folder
> on every node) and I see that the jar is loaded in the classpath from the
> Cassandra command line. And I have "enable_user_defined_functions: true"
> and "enable_user_defined_functions_threads: false" in cassandra.yaml.
>
> So I don't see what is missing or not done properly.
>
>
>
> Best regards,
>
> Sébastien.
>
>
>
> Le mer. 6 avr. 2022 à 16:03, Ekaterina Dimitrova 
> a écrit :
>
> Hi Sebastian,
>
> Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I
> believe, so if you try them with an earlier version - below message is what
> you would get as they didn’t exist.
>
>
>
> Best regards,
>
> Ekaterina
>
>
>
> On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi 
> wrote:
>
> Hi Benjamin, Hi everybody,
>
>
>
> I found in the documentation that we should add "allow_insecure_udfs:
> true" and optionally "allow_extra_insecure_udfs: true" so that
> "enable_user_defined_functions_threads: false" is really taken into account
> (I understood like that). That would explain why my UDF still does not run
> even with "enable_user_defined_functions_threads: false". Found in
> https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt
>
>
>
> So I tried to add "allow_insecure_udfs: true" and
> "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra
> failed to restart and I got that error in logs "Exception
> (org.apache.cassandra.exceptions.ConfigurationException) encountered during
> startup: Invalid yaml. Please remove properties [allow_insecure_udfs,
> allow_extra_insecure_udfs] from your cassandra.yaml".
>
>
>
> Should I understand that we can activate that 2 extra confs only by
> changing source code? That would be really disappointing :( And if no, then
> how to activate all UDF possibilities from cassandra.yaml please?
>
>
>
> Thanks in advance,
>
>
>
> Sébastien.
>
>
>
>
>
> Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer  a écrit :
>
> Unfortunately, I do not have much time for doing some digging. Sorry for
> that :-(
>
> You should look at JavaBasedUDFunction and  UDFExecutorServic.
>
>
>
> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
> a écrit :
>
> Hi!
>
> Do you have any more ideas for me?
>
> Cordially,
>
> Sébastien.
>
>
>
> Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi 
> a écrit :
>
> Unfortunately, it is not working even with
> "enable_user_defined_functions_threads: false" in cassandra.yaml :/
>
> Is there any way to check the running configuration?
>
>
>
> Le lun. 28 mars 2022 à 15:35, Benjamin Lerer  a écrit :
>
> I do not think that allowing to customize UDF classes whitelist has been
> discussed before. Feel free to open a JIRA ticket :-)
>
> I have some plans to revisit how we securise UDFs as the current threading
> approach has some impact in terms of latency. That can be a good
> opportunity to look into providing more flexibility.
>
>
>
> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi 
> a écrit :
>
> Thanks you very much! I will try that.
>
> As you know, would it be a long-terms solution? Or is there any plan to
> add the possibility to customize UDF classes whitelist?
>
>
>
> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer  a écrit :
>
> Is there a way to customize that default behaviour?
>
>
>
> Looking at JavaBasedUDFunction quickly it seems that the ClassLoader is
> only used when you use the UDFExecutorService to execute your UDFs. You can
> try to disable it using "enable_user_defined_functions_threads: false" and
> see if it works.
>
> Now that also means that you have to ensure that only trusted persons can
> create UDF or UDA as it removes all safety mechanisms.
>
>
>
> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi 
> a écrit :
>
> Hi Benjamin,
>
>
>
> Thanks for the answer.
>
> Is there a way to customize that default behaviour? If no, could you
> indicate where to find this 

Re: UDF: adding custom jar to classpath

[bened...@apache.org]

The property you are setting permits some kinds of privilege escalation, but by 
default classes outside of those pre-defined by the whitelist are not 
permitted. This is imposed here: 
https://github.com/apache/cassandra/blob/210793f943dc522161fd26b6192f38a5c83fa131/src/java/org/apache/cassandra/cql3/functions/UDFunction.java#L168

You will need to modify the source code to e.g. add additional allowedPatterns, 
or perhaps to permit additional patterns to be configured at startup.

From: Sébastien Rebecchi 
Date: Wednesday, 6 April 2022 at 15:15
To: dev@cassandra.apache.org , e.dimitr...@gmail.com 

Cc: ble...@apache.org 
Subject: Re: UDF: adding custom jar to classpath
Hi Ekaterina,

I use 4.0.1.
But as I said I added a jar in classpath (/usr/share/cassandra/lib/ folder on 
every node) and I see that the jar is loaded in the classpath from the 
Cassandra command line. And I have "enable_user_defined_functions: true" and 
"enable_user_defined_functions_threads: false" in cassandra.yaml.
So I don't see what is missing or not done properly.

Best regards,
Sébastien.

Le mer. 6 avr. 2022 à 16:03, Ekaterina Dimitrova 
mailto:e.dimitr...@gmail.com>> a écrit :
Hi Sebastian,
Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I 
believe, so if you try them with an earlier version - below message is what you 
would get as they didn’t exist.

Best regards,
Ekaterina

On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi 
mailto:srebec...@kameleoon.com>> wrote:
Hi Benjamin, Hi everybody,

I found in the documentation that we should add "allow_insecure_udfs: true" and 
optionally "allow_extra_insecure_udfs: true" so that 
"enable_user_defined_functions_threads: false" is really taken into account (I 
understood like that). That would explain why my UDF still does not run even 
with "enable_user_defined_functions_threads: false". Found in 
https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt

So I tried to add "allow_insecure_udfs: true" and "allow_extra_insecure_udfs: 
true" in cassandra.yaml, but then Cassandra failed to restart and I got that 
error in logs "Exception 
(org.apache.cassandra.exceptions.ConfigurationException) encountered during 
startup: Invalid yaml. Please remove properties [allow_insecure_udfs, 
allow_extra_insecure_udfs] from your cassandra.yaml".

Should I understand that we can activate that 2 extra confs only by changing 
source code? That would be really disappointing :( And if no, then how to 
activate all UDF possibilities from cassandra.yaml please?

Thanks in advance,

Sébastien.


Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer 
mailto:ble...@apache.org>> a écrit :
Unfortunately, I do not have much time for doing some digging. Sorry for that 
:-(
You should look at JavaBasedUDFunction and  UDFExecutorServic.

Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
mailto:srebec...@kameleoon.com>> a écrit :
Hi!
Do you have any more ideas for me?
Cordially,
Sébastien.

Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi 
mailto:srebec...@kameleoon.com>> a écrit :
Unfortunately, it is not working even with 
"enable_user_defined_functions_threads: false" in cassandra.yaml :/
Is there any way to check the running configuration?

Le lun. 28 mars 2022 à 15:35, Benjamin Lerer 
mailto:ble...@apache.org>> a écrit :
I do not think that allowing to customize UDF classes whitelist has been 
discussed before. Feel free to open a JIRA ticket :-)
I have some plans to revisit how we securise UDFs as the current threading 
approach has some impact in terms of latency. That can be a good opportunity to 
look into providing more flexibility.

Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi 
mailto:srebec...@kameleoon.com>> a écrit :
Thanks you very much! I will try that.
As you know, would it be a long-terms solution? Or is there any plan to add the 
possibility to customize UDF classes whitelist?

Le lun. 28 mars 2022 à 14:31, Benjamin Lerer 
mailto:ble...@apache.org>> a écrit :
Is there a way to customize that default behaviour?

Looking at JavaBasedUDFunction quickly it seems that the ClassLoader is only 
used when you use the UDFExecutorService to execute your UDFs. You can try to 
disable it using "enable_user_defined_functions_threads: false" and see if it 
works.
Now that also means that you have to ensure that only trusted persons can 
create UDF or UDA as it removes all safety mechanisms.

Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi 
mailto:srebec...@kameleoon.com>> a écrit :
Hi Benjamin,

Thanks for the answer.
Is there a way to customize that default behaviour? If no, could you indicate 
where to find this class loader in the github of Cassandra please?

Le lun. 28 mars 2022 à 12:40, Benjamin Lerer 
mailto:ble...@apache.org>> a écrit :
Hi Sébastien,

Cassandra uses a special classloader for UDFs that limit which classes can be 
used.
You cannot rely on non-JDK classes for UDFs and some of the JDK packages like 
the IO package for example cannot be used.
The goal is simply to 

Re: UDF: adding custom jar to classpath

[Sébastien Rebecchi]

Hi Ekaterina,

I use 4.0.1.
But as I said I added a jar in classpath (/usr/share/cassandra/lib/ folder
on every node) and I see that the jar is loaded in the classpath from the
Cassandra command line. And I have "enable_user_defined_functions: true"
and "enable_user_defined_functions_threads: false" in cassandra.yaml.
So I don't see what is missing or not done properly.

Best regards,
Sébastien.

Le mer. 6 avr. 2022 à 16:03, Ekaterina Dimitrova  a
écrit :

> Hi Sebastian,
> Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I
> believe, so if you try them with an earlier version - below message is what
> you would get as they didn’t exist.
>
> Best regards,
> Ekaterina
>
> On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi 
> wrote:
>
>> Hi Benjamin, Hi everybody,
>>
>> I found in the documentation that we should add "allow_insecure_udfs:
>> true" and optionally "allow_extra_insecure_udfs: true" so that
>> "enable_user_defined_functions_threads: false" is really taken into account
>> (I understood like that). That would explain why my UDF still does not run
>> even with "enable_user_defined_functions_threads: false". Found in
>> https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt
>>
>> So I tried to add "allow_insecure_udfs: true" and
>> "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra
>> failed to restart and I got that error in logs "Exception
>> (org.apache.cassandra.exceptions.ConfigurationException) encountered during
>> startup: Invalid yaml. Please remove properties [allow_insecure_udfs,
>> allow_extra_insecure_udfs] from your cassandra.yaml".
>>
>> Should I understand that we can activate that 2 extra confs only by
>> changing source code? That would be really disappointing :( And if no, then
>> how to activate all UDF possibilities from cassandra.yaml please?
>>
>> Thanks in advance,
>>
>> Sébastien.
>>
>>
>> Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer  a écrit :
>>
>>> Unfortunately, I do not have much time for doing some digging. Sorry for
>>> that :-(
>>> You should look at JavaBasedUDFunction and  UDFExecutorServic.
>>>
>>> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
>>> a écrit :
>>>
 Hi!
 Do you have any more ideas for me?
 Cordially,
 Sébastien.

 Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi <
 srebec...@kameleoon.com> a écrit :

> Unfortunately, it is not working even with
> "enable_user_defined_functions_threads: false" in cassandra.yaml :/
> Is there any way to check the running configuration?
>
> Le lun. 28 mars 2022 à 15:35, Benjamin Lerer  a
> écrit :
>
>> I do not think that allowing to customize UDF classes whitelist has
>> been discussed before. Feel free to open a JIRA ticket :-)
>> I have some plans to revisit how we securise UDFs as the current
>> threading approach has some impact in terms of latency. That can be a 
>> good
>> opportunity to look into providing more flexibility.
>>
>> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <
>> srebec...@kameleoon.com> a écrit :
>>
>>> Thanks you very much! I will try that.
>>> As you know, would it be a long-terms solution? Or is there any plan
>>> to add the possibility to customize UDF classes whitelist?
>>>
>>> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer  a
>>> écrit :
>>>
 Is there a way to customize that default behaviour?


 Looking at JavaBasedUDFunction quickly it seems that the
 ClassLoader is only used when you use the UDFExecutorService to
 execute your UDFs. You can try to disable it using
 "enable_user_defined_functions_threads: false" and see if it works.
 Now that also means that you have to ensure that only trusted
 persons can create UDF or UDA as it removes all safety mechanisms.


 Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <
 srebec...@kameleoon.com> a écrit :

> Hi Benjamin,
>
> Thanks for the answer.
> Is there a way to customize that default behaviour? If no, could
> you indicate where to find this class loader in the github of 
> Cassandra
> please?
>
> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer 
> a écrit :
>
>> Hi Sébastien,
>>
>> Cassandra uses a special classloader for UDFs that limit which
>> classes can be used.
>> You cannot rely on non-JDK classes for UDFs and some of the JDK
>> packages like the IO package for example cannot be used.
>> The goal is simply to ensure that UDFs cannot compromise the
>> server security.
>>
>> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi <
>> srebec...@kameleoon.com> a écrit :
>>
>>> Hello,
>>>
>>> I am trying to create a UDF based on custom methods.

Re: UDF: adding custom jar to classpath

[Ekaterina Dimitrova]

Hi Sebastian,
Do you use the latest 4.0.3 version? Those options were added in 4.0.2 I
believe, so if you try them with an earlier version - below message is what
you would get as they didn’t exist.

Best regards,
Ekaterina

On Wed, 6 Apr 2022 at 9:53, Sébastien Rebecchi 
wrote:

> Hi Benjamin, Hi everybody,
>
> I found in the documentation that we should add "allow_insecure_udfs:
> true" and optionally "allow_extra_insecure_udfs: true" so that
> "enable_user_defined_functions_threads: false" is really taken into account
> (I understood like that). That would explain why my UDF still does not run
> even with "enable_user_defined_functions_threads: false". Found in
> https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt
>
> So I tried to add "allow_insecure_udfs: true" and
> "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra
> failed to restart and I got that error in logs "Exception
> (org.apache.cassandra.exceptions.ConfigurationException) encountered during
> startup: Invalid yaml. Please remove properties [allow_insecure_udfs,
> allow_extra_insecure_udfs] from your cassandra.yaml".
>
> Should I understand that we can activate that 2 extra confs only by
> changing source code? That would be really disappointing :( And if no, then
> how to activate all UDF possibilities from cassandra.yaml please?
>
> Thanks in advance,
>
> Sébastien.
>
>
> Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer  a écrit :
>
>> Unfortunately, I do not have much time for doing some digging. Sorry for
>> that :-(
>> You should look at JavaBasedUDFunction and  UDFExecutorServic.
>>
>> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
>> a écrit :
>>
>>> Hi!
>>> Do you have any more ideas for me?
>>> Cordially,
>>> Sébastien.
>>>
>>> Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi <
>>> srebec...@kameleoon.com> a écrit :
>>>
 Unfortunately, it is not working even with
 "enable_user_defined_functions_threads: false" in cassandra.yaml :/
 Is there any way to check the running configuration?

 Le lun. 28 mars 2022 à 15:35, Benjamin Lerer  a
 écrit :

> I do not think that allowing to customize UDF classes whitelist has
> been discussed before. Feel free to open a JIRA ticket :-)
> I have some plans to revisit how we securise UDFs as the current
> threading approach has some impact in terms of latency. That can be a good
> opportunity to look into providing more flexibility.
>
> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <
> srebec...@kameleoon.com> a écrit :
>
>> Thanks you very much! I will try that.
>> As you know, would it be a long-terms solution? Or is there any plan
>> to add the possibility to customize UDF classes whitelist?
>>
>> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer  a
>> écrit :
>>
>>> Is there a way to customize that default behaviour?
>>>
>>>
>>> Looking at JavaBasedUDFunction quickly it seems that the
>>> ClassLoader is only used when you use the UDFExecutorService to
>>> execute your UDFs. You can try to disable it using
>>> "enable_user_defined_functions_threads: false" and see if it works.
>>> Now that also means that you have to ensure that only trusted
>>> persons can create UDF or UDA as it removes all safety mechanisms.
>>>
>>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <
>>> srebec...@kameleoon.com> a écrit :
>>>
 Hi Benjamin,

 Thanks for the answer.
 Is there a way to customize that default behaviour? If no, could
 you indicate where to find this class loader in the github of Cassandra
 please?

 Le lun. 28 mars 2022 à 12:40, Benjamin Lerer  a
 écrit :

> Hi Sébastien,
>
> Cassandra uses a special classloader for UDFs that limit which
> classes can be used.
> You cannot rely on non-JDK classes for UDFs and some of the JDK
> packages like the IO package for example cannot be used.
> The goal is simply to ensure that UDFs cannot compromise the
> server security.
>
> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi <
> srebec...@kameleoon.com> a écrit :
>
>> Hello,
>>
>> I am trying to create a UDF based on custom methods.
>> So I set enable_user_defined_functions to true and added a jar in
>> "/usr/share/cassandra/lib/" folder on every node, restarted the 
>> nodes and I
>> can see from the command line that the jar is indeed used (in the 
>> classpath
>> with -cp).
>>
>> But when i create the UDF I got that error:
>>
>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL
>> ON NULL INPUT RETURNS text LANGUAGE java AS 'return
>> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));';

Re: UDF: adding custom jar to classpath

[Sébastien Rebecchi]

Sorry, I found that allow_insecure_udfs and allow_extra_insecure_udfs have
been introduced in 4.0.2 but I run 4.0.1, so that explains the error.
So for 4.0.1 "enable_user_defined_functions_threads: false" should be
enough, no advance on that I still don't know why my UDF does not compile
then

Le mer. 6 avr. 2022 à 15:52, Sébastien Rebecchi  a
écrit :

> Hi Benjamin, Hi everybody,
>
> I found in the documentation that we should add "allow_insecure_udfs:
> true" and optionally "allow_extra_insecure_udfs: true" so that
> "enable_user_defined_functions_threads: false" is really taken into account
> (I understood like that). That would explain why my UDF still does not run
> even with "enable_user_defined_functions_threads: false". Found in
> https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt
>
> So I tried to add "allow_insecure_udfs: true" and
> "allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra
> failed to restart and I got that error in logs "Exception
> (org.apache.cassandra.exceptions.ConfigurationException) encountered during
> startup: Invalid yaml. Please remove properties [allow_insecure_udfs,
> allow_extra_insecure_udfs] from your cassandra.yaml".
>
> Should I understand that we can activate that 2 extra confs only by
> changing source code? That would be really disappointing :( And if no, then
> how to activate all UDF possibilities from cassandra.yaml please?
>
> Thanks in advance,
>
> Sébastien.
>
>
> Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer  a écrit :
>
>> Unfortunately, I do not have much time for doing some digging. Sorry for
>> that :-(
>> You should look at JavaBasedUDFunction and  UDFExecutorServic.
>>
>> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
>> a écrit :
>>
>>> Hi!
>>> Do you have any more ideas for me?
>>> Cordially,
>>> Sébastien.
>>>
>>> Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi <
>>> srebec...@kameleoon.com> a écrit :
>>>
 Unfortunately, it is not working even with
 "enable_user_defined_functions_threads: false" in cassandra.yaml :/
 Is there any way to check the running configuration?

 Le lun. 28 mars 2022 à 15:35, Benjamin Lerer  a
 écrit :

> I do not think that allowing to customize UDF classes whitelist has
> been discussed before. Feel free to open a JIRA ticket :-)
> I have some plans to revisit how we securise UDFs as the current
> threading approach has some impact in terms of latency. That can be a good
> opportunity to look into providing more flexibility.
>
> Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <
> srebec...@kameleoon.com> a écrit :
>
>> Thanks you very much! I will try that.
>> As you know, would it be a long-terms solution? Or is there any plan
>> to add the possibility to customize UDF classes whitelist?
>>
>> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer  a
>> écrit :
>>
>>> Is there a way to customize that default behaviour?
>>>
>>>
>>> Looking at JavaBasedUDFunction quickly it seems that the
>>> ClassLoader is only used when you use the UDFExecutorService to
>>> execute your UDFs. You can try to disable it using
>>> "enable_user_defined_functions_threads: false" and see if it works.
>>> Now that also means that you have to ensure that only trusted
>>> persons can create UDF or UDA as it removes all safety mechanisms.
>>>
>>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <
>>> srebec...@kameleoon.com> a écrit :
>>>
 Hi Benjamin,

 Thanks for the answer.
 Is there a way to customize that default behaviour? If no, could
 you indicate where to find this class loader in the github of Cassandra
 please?

 Le lun. 28 mars 2022 à 12:40, Benjamin Lerer  a
 écrit :

> Hi Sébastien,
>
> Cassandra uses a special classloader for UDFs that limit which
> classes can be used.
> You cannot rely on non-JDK classes for UDFs and some of the JDK
> packages like the IO package for example cannot be used.
> The goal is simply to ensure that UDFs cannot compromise the
> server security.
>
> Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi <
> srebec...@kameleoon.com> a écrit :
>
>> Hello,
>>
>> I am trying to create a UDF based on custom methods.
>> So I set enable_user_defined_functions to true and added a jar in
>> "/usr/share/cassandra/lib/" folder on every node, restarted the 
>> nodes and I
>> can see from the command line that the jar is indeed used (in the 
>> classpath
>> with -cp).
>>
>> But when i create the UDF I got that error:
>>
>> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL
>> ON NULL INPUT RETURNS text LANGUAGE java AS 'return
>> 

Re: UDF: adding custom jar to classpath

[Sébastien Rebecchi]

Hi Benjamin, Hi everybody,

I found in the documentation that we should add "allow_insecure_udfs: true"
and optionally "allow_extra_insecure_udfs: true" so that
"enable_user_defined_functions_threads: false" is really taken into account
(I understood like that). That would explain why my UDF still does not run
even with "enable_user_defined_functions_threads: false". Found in
https://github.com/apache/cassandra/blob/cassandra-4.0/NEWS.txt

So I tried to add "allow_insecure_udfs: true" and
"allow_extra_insecure_udfs: true" in cassandra.yaml, but then Cassandra
failed to restart and I got that error in logs "Exception
(org.apache.cassandra.exceptions.ConfigurationException) encountered during
startup: Invalid yaml. Please remove properties [allow_insecure_udfs,
allow_extra_insecure_udfs] from your cassandra.yaml".

Should I understand that we can activate that 2 extra confs only by
changing source code? That would be really disappointing :( And if no, then
how to activate all UDF possibilities from cassandra.yaml please?

Thanks in advance,

Sébastien.


Le mar. 5 avr. 2022 à 10:36, Benjamin Lerer  a écrit :

> Unfortunately, I do not have much time for doing some digging. Sorry for
> that :-(
> You should look at JavaBasedUDFunction and  UDFExecutorServic.
>
> Le lun. 4 avr. 2022 à 17:25, Sébastien Rebecchi 
> a écrit :
>
>> Hi!
>> Do you have any more ideas for me?
>> Cordially,
>> Sébastien.
>>
>> Le lun. 28 mars 2022 à 16:39, Sébastien Rebecchi 
>> a écrit :
>>
>>> Unfortunately, it is not working even with
>>> "enable_user_defined_functions_threads: false" in cassandra.yaml :/
>>> Is there any way to check the running configuration?
>>>
>>> Le lun. 28 mars 2022 à 15:35, Benjamin Lerer  a
>>> écrit :
>>>
 I do not think that allowing to customize UDF classes whitelist has
 been discussed before. Feel free to open a JIRA ticket :-)
 I have some plans to revisit how we securise UDFs as the current
 threading approach has some impact in terms of latency. That can be a good
 opportunity to look into providing more flexibility.

 Le lun. 28 mars 2022 à 15:00, Sébastien Rebecchi <
 srebec...@kameleoon.com> a écrit :

> Thanks you very much! I will try that.
> As you know, would it be a long-terms solution? Or is there any plan
> to add the possibility to customize UDF classes whitelist?
>
> Le lun. 28 mars 2022 à 14:31, Benjamin Lerer  a
> écrit :
>
>> Is there a way to customize that default behaviour?
>>
>>
>> Looking at JavaBasedUDFunction quickly it seems that the ClassLoader
>> is only used when you use the UDFExecutorService to execute your
>> UDFs. You can try to disable it using
>> "enable_user_defined_functions_threads: false" and see if it works.
>> Now that also means that you have to ensure that only trusted persons
>> can create UDF or UDA as it removes all safety mechanisms.
>>
>> Le lun. 28 mars 2022 à 13:23, Sébastien Rebecchi <
>> srebec...@kameleoon.com> a écrit :
>>
>>> Hi Benjamin,
>>>
>>> Thanks for the answer.
>>> Is there a way to customize that default behaviour? If no, could you
>>> indicate where to find this class loader in the github of Cassandra 
>>> please?
>>>
>>> Le lun. 28 mars 2022 à 12:40, Benjamin Lerer  a
>>> écrit :
>>>
 Hi Sébastien,

 Cassandra uses a special classloader for UDFs that limit which
 classes can be used.
 You cannot rely on non-JDK classes for UDFs and some of the JDK
 packages like the IO package for example cannot be used.
 The goal is simply to ensure that UDFs cannot compromise the server
 security.

 Le lun. 28 mars 2022 à 11:31, Sébastien Rebecchi <
 srebec...@kameleoon.com> a écrit :

> Hello,
>
> I am trying to create a UDF based on custom methods.
> So I set enable_user_defined_functions to true and added a jar in
> "/usr/share/cassandra/lib/" folder on every node, restarted the nodes 
> and I
> can see from the command line that the jar is indeed used (in the 
> classpath
> with -cp).
>
> But when i create the UDF I got that error:
>
> CREATE OR REPLACE FUNCTION blobToJson (input blob) RETURNS NULL ON
> NULL INPUT RETURNS text LANGUAGE java AS 'return
> com.kameleoon.visit.Visit.writeToJson(com.kameleoon.visit.Visit.readFromByteBuffer(input));';
> InvalidRequest: Error from server: code=2200 [Invalid query]
> message="Java source compilation failed:
> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type
> Line 1: com.kameleoon.visit.Visit cannot be resolved to a type
>
> Of course the class com.kameleoon.visit.Visit does exist in the
> jar and the jar has read rights to every user (chmod 444). So I can 
> not

Re: PLEASE READ ME! IMPORTANT!

[Ekaterina Dimitrova]

Thank you Stefan.
“  Other than that, I do not remember I have touched /
worked with any other mentioned parameter she elaborated on between
4.0 and 4.1 so I can not comment on that.”

Not sure what do you mean here as the parameters which are affected are all
duration, data rate and data storage. It’s not about post-4.0 new
parameters only. Some of those migrated to the new types which will
prohibit negatives, etc (no matter if you use old or new yaml) in the new
release are probably there since the beginning of Cassandra.

On Tue, 5 Apr 2022 at 18:05, Stefan Miklosovic <
stefan.mikloso...@instaclustr.com> wrote:

> I have checked with Ekaterina, we are ok with what she asked us to
> take a look at. Other than that, I do not remember I have touched /
> worked with any other mentioned parameter she elaborated on between
> 4.0 and 4.1 so I can not comment on that.
>
> On Tue, 5 Apr 2022 at 23:24, Ekaterina Dimitrova 
> wrote:
> >
> > ATTENTION PLEASE Below email will be long but I believe you will agree
> it deserves attention for good reasons. Thank you in advance for your time
> and consideration!
> >
> >
> > Hi everyone,
> >
> > I am working on the last batch of config parameters to be transferred to
> the new types after CASSANDRA-15234 landed.
> >
> > This led to a few questions and concerns and here I am to raise
> awareness and one more time to confirm things for the community to ensure
> there is no regression when 4.1 is out.
> >
> > As the main decisions were taken and implemented two years ago before
> even 4.0 beta, I would like to ensure that everyone here is aware that in
> CASSANDRA-15234 we have backward compatibility to transfer the old format
> (only values, no opportunity to change unit) to the new format (value +
> unit) but it falls back to the new types at the end. This is not a feature
> with a flag to be disabled. We migrated the parameters to the new types in
> Config class and in cassandra.yaml. Also, we explicitly say we don’t
> support negative values (old and new yaml config) which was not the case
> before. We never advertised the usage of negative values but we also did
> not prohibit that which we do now as one more improvement in
> CASSANDRA-15234. I will add an explicit note in NEWS.txt to be sure no one
> was expecting to keep on using negative values with the old yaml if they
> were doing it for some unknown reason, old/new - we prohibit on trunk
> negative values except special cases.
> >
> > As part of the documentation I mentioned the Converter class which
> serves to do these conversions between old value and new value - load the
> old value to the new Config types. There are special cases which I want to
> highlight in case someone knows of any behavior not caught by our CI that
> might be changed or broken because of those changes(better safe than sorry):
> >
> > The new types DataRateSpec, DurationSpec and DataRateSpec accept only
> non-negative values (this will affect both old and new config). Thus as
> part of the converters we have the following special cases:
> >
> > - MILLIS_DOUBLE_DURATION for commitlog_sync_group_window_in_ms or now
> already commitlog_sync_group_window which covers that this was double and
> even if we think this was a bug as it is casted later to int here[1],
> someone might have been using double and NaN. Disallow less than 0 as we
> already said for all types. With the new config types this parameter is
> stored as long.
> >
> > - MILLIS_CUSTOM_DURATION for permissions_update_interval,
> roles_update_interval and credentials_update_interval. After
> CASSANDRA-17431 those will be updated to - old value of “-1” being
> translated to null. The setters will be doing that too. Anything below -1
> is prohibited and considered a bug (both with old and new config).
> >
> > - we are adding NEGATIVE_SECONDS_DURATION as part of C17431 to handle
> validation_preview_purge_head_start. Anyone using the old yaml and value <0
> will have it translated into 0 seconds. New yaml and format prohibits
> values less than 0 and the smallest unit for this parameter is seconds.
> >
> > - BYTES_CUSTOM_DATA_STORAGE translates “-1” to “null” and prohibits
> anything less than -1 with the old yaml and less than 0 with the new one
> for native_transport_max_concurrent_requests_in_bytes_per_ip and
> native_transport_max_concurrent_requests_in_bytes after C17341. I had also
> separate mail for these two as we have some concerns about them for all C*
> versions.
> >
> > In C17431 I also decided to leave parameters phi_convict_threshold,
> memtable_cleanup_threshold, block_for_peers_timeout_in_secs alone and not
> to migrate them to the new Config types because of various reasons
> explained in the ticket. Please let me know if you have any particular
> suggestions/concerns/thoughts around those.
> >
> > DataRateSpec - it was requested to support mebibytes/s, kibibytes/s,
> bytes/s. This made things complicated internally with two of the parameters
> introduced in 4.0