On Aug 20, 2010, at 7:14 AM, zecat wrote: > Hi everyone, > > I'm very interested to get any information on this topic too, and in security > replication in general. > I plan to deploy several couchdb instance, and I plan to implement different > users and roles to use on this cloud. > I think, I don't understand very well the user/role and replication > mechanism. I tried different configuration. > As far as I understand, the _users databases can be replicated, but not the > user and role assigned on another database.
Yes, this is true. Replicating the _users database is totally fine (note that the replicator must have admin privileges on the target database, or else on the currently logged in user's document will be replicated.) > Example : > - I created a tesdb on couchdb1 > - I applied a security setting (with Futon ) to define some admins and > readers names/roles , > - I defined a replica of testb on couchdb2 > - I launched a replication job between couchdb1/testdb and couchdb2/testdb. > But it seems there is no security replicated from couchdb1/testdb to > couchdb2/testdb. > The security configuration object is not replicated. This is by design, as one replica may be on an end-user machine, and another on shared cloud instance, necessitating different rules. > Is it normal ? Does it could be a great security feature to assist > replication of the security setting for a replication database in a cloud ? > > Maybe I'm completly wrong on this subject ? > > Other question about multiple couchdb instance and replication : > When (for perf, or LB, or HA purpose) you need more than 2 couchdb replica of > the same database, what is supposed to be the more efficent architecture ? > - Something in ring style : A>B>C>A > - Same with a dual reverse replication scheme ? A>B>C>A, A>C>B>A > - Or a grap cluster style A>B, A>C, B>A, C>A > - Or a n^2 dual replica with every possible peer db ? A>B, A>C, B>A, B>C, > C>A, C>B > > I'd appreciate any comment on this ! > > Thanks, > > Thierry. > > > > Le 19/08/2010 16:21, Nathan Stott a écrit : >> Are there any special considerations when replicating the _users >> database as opposed to normal databases? Is this a good way to share >> users between servers that should share users and trust one another? >>
