Multi-tenancy, and authentication and authorization
Hi all, I am an Apache committer (Apache Synapse ESB, WS All) and working for an organization that develops open-source products. We are interesting in using the Cassandra in our products. We need multi-tenancy support as well as a pluggable authentication and authorization architecture in the Cassandra. We would like to contribute to the Cassandra in our capacity. I have two concerns and am extremely grateful for your help on resolving those. *Multi-tenancy* I noticed that you are implementing multi-tenancy [1]. Could you please guess that how long it would take to finish to the remaining work? I would like to contribute to that. However, I am a newbie to the Cassandra. Therefore, I do not know how much time it may take to do such a contribution. Would it be possible to support multi-tenancy (work around) with existing implementation? Two vague ideas: (1) qualified keyspaces (by the tenet domain) (2) multiple Cassandra storage configurations in a single node (one per tenant). For both options, the resource hierarchy would be /cassandra/ //keyspaces//... *Authentication and Authorization * I believe it would be able to plug a custom authentication and authorization implementation through IAuthenticator and IAuthority. I am extremely grateful for your feedback for clearing up my vague ideas and also about the best possible ways to achieve my requirements. Thanks, Indika [1] http://wiki.apache.org/cassandra/MultiTenant
Re: Multi-tenancy, and authentication and authorization
Thank very much Brandon for your reply. I would like to investigate more on this. I will ask for your suggestions as needed. Thanks, Indika On Thu, Jan 6, 2011 at 11:44 PM, Brandon Williams wrote: > On Thu, Jan 6, 2011 at 11:39 AM, indika kumara wrote: > > > *Multi-tenancy* > > > > I noticed that you are implementing multi-tenancy [1]. Could you please > > guess that how long it would take to finish to the remaining work? I > would > > like to contribute to that. However, I am a newbie to the Cassandra. > > Therefore, I do not know how much time it may take to do such a > > contribution. > > > > I think it's safe to say that effort is now dead. Everyone who cared about > it has changed employers. > > Would it be possible to support multi-tenancy (work around) with existing > > implementation? > > > Yes, doing it in the application layer is the only thing that makes sense > to > me right now. Having a few hundred memtables isn't reasonable. > > -Brandon >
Re: Multi-tenancy, and authentication and authorization
Hi Brandon, I would like you feedback on my two ideas for implementing mufti tenancy with the existing implementation. Would those be possible to implement? Thanks, Indika >>>>> Two vague ideas: (1) qualified keyspaces (by the tenet domain) (2) multiple Cassandra storage configurations in a single node (one per tenant). For both options, the resource hierarchy would be /cassandra/ //keyspaces// On Thu, Jan 6, 2011 at 11:44 PM, Brandon Williams wrote: > On Thu, Jan 6, 2011 at 11:39 AM, indika kumara wrote: > > > *Multi-tenancy* > > > > I noticed that you are implementing multi-tenancy [1]. Could you please > > guess that how long it would take to finish to the remaining work? I > would > > like to contribute to that. However, I am a newbie to the Cassandra. > > Therefore, I do not know how much time it may take to do such a > > contribution. > > > > I think it's safe to say that effort is now dead. Everyone who cared about > it has changed employers. > > Would it be possible to support multi-tenancy (work around) with existing > > implementation? > > > Yes, doing it in the application layer is the only thing that makes sense > to > me right now. Having a few hundred memtables isn't reasonable. > > -Brandon >
Re: Multi-tenancy, and authentication and authorization
Thank you very much Brandon! On Fri, Jan 7, 2011 at 12:40 AM, Brandon Williams wrote: > On Thu, Jan 6, 2011 at 12:33 PM, indika kumara >wrote: > > > Hi Brandon, > > > > I would like you feedback on my two ideas for implementing mufti tenancy > > with the existing implementation. Would those be possible to implement? > > > > Thanks, > > > > Indika > > > > >>>>> Two vague ideas: (1) qualified keyspaces (by the tenet domain) (2) > > multiple Cassandra storage configurations in a single node (one per > > tenant). > > For both options, the resource hierarchy would be /cassandra/ > > //keyspaces// > > > > (1) has the problem of multiple memtables (a large amount just isn't viable > right now.) (2) more or less has the same problem, but in JVM instances. > > I would suggest a) not trying to offer cassandra itself, and instead build > a > service that uses cassandra under the hood, and b) splitting up tenants in > this layer. > > -Brandon >
Re: Multi-tenancy, and authentication and authorization
Hi Stu, I highly appreciate your help. First, I would like to get familiar with the Cassandra, especially the current work on mult-tenancy and security. Is there any resource other than the wiki that can be used to learn about the internals of the Cassandra. I would appreciate your suggestions on proper ways to implement mult-tenancy. I would like to contact you and others through email in due course. I am looking forward to contribute to the Cassandra Thanks, Indika On Fri, Jan 7, 2011 at 11:22 AM, Stu Hood wrote: > > (1) has the problem of multiple memtables (a large amount just isn't > viable > There are some very straightforward solutions to this particular problem: I > wouldn't rule out running with a very large number of > keyspace/columnfamilies given some minor changes. > > As Brandon said, some of the folks that were working on multi-tenancy for > Cassandra are no longer focused on it. But the code that was generated > during our efforts is very much available, and is unlikely to have gone > stale. Would love to talk about this with you. > > Thanks, > Stu > > On Thu, Jan 6, 2011 at 8:08 PM, indika kumara > wrote: > > > Thank you very much Brandon! > > > > On Fri, Jan 7, 2011 at 12:40 AM, Brandon Williams > > wrote: > > > > > On Thu, Jan 6, 2011 at 12:33 PM, indika kumara > > >wrote: > > > > > > > Hi Brandon, > > > > > > > > I would like you feedback on my two ideas for implementing mufti > > tenancy > > > > with the existing implementation. Would those be possible to > > implement? > > > > > > > > Thanks, > > > > > > > > Indika > > > > > > > > >>>>> Two vague ideas: (1) qualified keyspaces (by the tenet domain) > > (2) > > > > multiple Cassandra storage configurations in a single node (one per > > > > tenant). > > > > For both options, the resource hierarchy would be /cassandra/ > > > > //keyspaces// > > > > > > > > > > (1) has the problem of multiple memtables (a large amount just isn't > > viable > > > right now.) (2) more or less has the same problem, but in JVM > instances. > > > > > > I would suggest a) not trying to offer cassandra itself, and instead > > build > > > a > > > service that uses cassandra under the hood, and b) splitting up tenants > > in > > > this layer. > > > > > > -Brandon > > > > > >
Exposing Cassandra as a Web Service
Hi All, What would you think about the idea of exposing the Cassandra as a Web Service so that any web service client can connect to the Cassandra server? This would require embedding a web service engine in the server side, providing WSDL(s) for Cassandra’s services such as management, data access, etc. If this task can be done, it is possible to connect to the Cassandra through different languages, different transports such as TCP, HTTP, JMS, etc. Moreover, the connection between clients and the Cassandra can be secure (WS-Security), and reliable. If this task is worth, I may be able to contribute for implementing it. I am familiar with the Axis2 web service engine [1], and an Apache committer. Your suggestions are welcome! Thanks, Indika [1] http://axis.apache.org/axis2/java/core/
Re: Exposing Cassandra as a Web Service
Gaurav - I thought of enabling a WS-client to call Cassandra server nodes directly. For that, there should be a web-service engine to process the WS-requests in the server-side. A client can be any WS-client that can call a service using the service's WSDL. A client can use different protocol such as TCP, HTTP/S, JMS, etc. Accessing the resources in the Cassandra in a RESTFUL manner may also be possible. Thanks, Indika On Mon, Jan 17, 2011 at 4:04 AM, Gaurav Sharma wrote: > Indika - what use cases do you have in mind for the ws-clients connecting > directly to Cassandra especially since you mention connections from clients > using ws-security? Are you suggesting remote connections over https > directly > to the data-store between non-colocated client and server nodes? The client > in such a scenario will also likely have the server-side business logic. > right - is that what you have in mind? > > Currently, there's already an excellent java client library Hector ( > https://github.com/rantav/hector) and a Thrift API (allows cross-language > rpc kind of like a web-service mediator/engine). So, there are good > client-integration options with 'almost' minimal external lib dependencies. > Especially with java, imho, additional binary dependencies that result in > the jar-hell phenomenon is quite irksome for most users. Axis has a few lib > dependencies of its own, too. > > -gshx > > On Sun, Jan 16, 2011 at 11:50 AM, indika kumara wrote: > > > Hi All, > > > > What would you think about the idea of exposing the Cassandra as a Web > > Service so that any web service client can connect to the Cassandra > server? > > > > This would require embedding a web service engine in the server side, > > providing WSDL(s) for Cassandra’s services such as management, data > access, > > etc. > > > > If this task can be done, it is possible to connect to the Cassandra > > through > > different languages, different transports such as TCP, HTTP, JMS, etc. > > Moreover, the connection between clients and the Cassandra can be secure > > (WS-Security), and reliable. > > > > If this task is worth, I may be able to contribute for implementing it. I > > am > > familiar with the Axis2 web service engine [1], and an Apache committer. > > > > Your suggestions are welcome! > > > > Thanks, > > > > Indika > > > > [1] http://axis.apache.org/axis2/java/core/ > > >
Re: Multi-tenancy, and authentication and authorization
Hi Stu, In our app, we would like to offer cassandra 'as-is' to tenants. It that case, each tenant should be able to create Keyspaces as needed. Based on the authorization, I expect to implement it. In my view, the implementation options are as follows. 1) The name of a keyspace would be 'the actual keyspace name' + 'tenant ID' 2) The name of a keyspace would not be changed, but the name of a column family would be the 'the actual column family name' + 'tenant ID'. It is needed to keep a separate mapping for keyspace vs tenants. 3) The name of a keypace or a column family would not be changed, but the name of a column would be 'the actual column name' + 'tenant ID'. It is needed to keep separate mappings for keyspace vs tenants and column family vs tenants Could you please give your opinions on the above three options? if there are any issue regarding above approaches and if those issues can be solved, I would love to contribute on that. Thanks, Indika On Fri, Jan 7, 2011 at 11:22 AM, Stu Hood wrote: > > (1) has the problem of multiple memtables (a large amount just isn't > viable > There are some very straightforward solutions to this particular problem: I > wouldn't rule out running with a very large number of > keyspace/columnfamilies given some minor changes. > > As Brandon said, some of the folks that were working on multi-tenancy for > Cassandra are no longer focused on it. But the code that was generated > during our efforts is very much available, and is unlikely to have gone > stale. Would love to talk about this with you. > > Thanks, > Stu > > On Thu, Jan 6, 2011 at 8:08 PM, indika kumara > wrote: > > > Thank you very much Brandon! > > > > On Fri, Jan 7, 2011 at 12:40 AM, Brandon Williams > > wrote: > > > > > On Thu, Jan 6, 2011 at 12:33 PM, indika kumara > > >wrote: > > > > > > > Hi Brandon, > > > > > > > > I would like you feedback on my two ideas for implementing mufti > > tenancy > > > > with the existing implementation. Would those be possible to > > implement? > > > > > > > > Thanks, > > > > > > > > Indika > > > > > > > > >>>>> Two vague ideas: (1) qualified keyspaces (by the tenet domain) > > (2) > > > > multiple Cassandra storage configurations in a single node (one per > > > > tenant). > > > > For both options, the resource hierarchy would be /cassandra/ > > > > //keyspaces// > > > > > > > > > > (1) has the problem of multiple memtables (a large amount just isn't > > viable > > > right now.) (2) more or less has the same problem, but in JVM > instances. > > > > > > I would suggest a) not trying to offer cassandra itself, and instead > > build > > > a > > > service that uses cassandra under the hood, and b) splitting up tenants > > in > > > this layer. > > > > > > -Brandon > > > > > >
Re: Exposing Cassandra as a Web Service
Thank you for the information about the TServlet . I would only develop what I suggested if the Cassandra community find that it is worth. BTW, it is possible to write a non blocking HTTP/S transport that offers a significant performance. Even the JMS may be worth. Thanks, Indika On Mon, Jan 17, 2011 at 12:26 PM, Gaurav Sharma wrote: > If you have good stories for such an abstraction, then, it can live atop > thrift and extend Tom White's TServlet which is now a part of thrift: > > http://svn.apache.org/viewvc/thrift/branches/0.6.x/lib/java/src/org/apache/thrift/server/TServlet.java > http://www.lexemetech.com/2007/09/java-servlet-for-thrift.html (brief > explanation) > > Maybe others feel differently but imo, an http ws-client does not have to > be > bundled with Cassandra (data-store). Also, Thrift is really fast by itself. > Please see if you want to plug into TServlet; let me know if you want to > pair up and quickly crank out a simple ws client. > > -gshx > > On Sun, Jan 16, 2011 at 11:18 PM, indika kumara >wrote: > > > Gaurav - I thought of enabling a WS-client to call Cassandra server nodes > > directly. For that, there should be a web-service engine to process the > > WS-requests in the server-side. A client can be any WS-client that can > call > > a service using the service's WSDL. A client can use different protocol > > such > > as TCP, HTTP/S, JMS, etc. Accessing the resources in the Cassandra in a > > RESTFUL manner may also be possible. > > > > Thanks, > > > > Indika > > > > On Mon, Jan 17, 2011 at 4:04 AM, Gaurav Sharma > > wrote: > > > > > Indika - what use cases do you have in mind for the ws-clients > connecting > > > directly to Cassandra especially since you mention connections from > > clients > > > using ws-security? Are you suggesting remote connections over https > > > directly > > > to the data-store between non-colocated client and server nodes? The > > client > > > in such a scenario will also likely have the server-side business > logic. > > > right - is that what you have in mind? > > > > > > Currently, there's already an excellent java client library Hector ( > > > https://github.com/rantav/hector) and a Thrift API (allows > > cross-language > > > rpc kind of like a web-service mediator/engine). So, there are good > > > client-integration options with 'almost' minimal external lib > > dependencies. > > > Especially with java, imho, additional binary dependencies that result > in > > > the jar-hell phenomenon is quite irksome for most users. Axis has a few > > lib > > > dependencies of its own, too. > > > > > > -gshx > > > > > > On Sun, Jan 16, 2011 at 11:50 AM, indika kumara > > wrote: > > > > > > > Hi All, > > > > > > > > What would you think about the idea of exposing the Cassandra as a > Web > > > > Service so that any web service client can connect to the Cassandra > > > server? > > > > > > > > This would require embedding a web service engine in the server side, > > > > providing WSDL(s) for Cassandra’s services such as management, data > > > access, > > > > etc. > > > > > > > > If this task can be done, it is possible to connect to the Cassandra > > > > through > > > > different languages, different transports such as TCP, HTTP, JMS, > etc. > > > > Moreover, the connection between clients and the Cassandra can be > > secure > > > > (WS-Security), and reliable. > > > > > > > > If this task is worth, I may be able to contribute for implementing > it. > > I > > > > am > > > > familiar with the Axis2 web service engine [1], and an Apache > > committer. > > > > > > > > Your suggestions are welcome! > > > > > > > > Thanks, > > > > > > > > Indika > > > > > > > > [1] http://axis.apache.org/axis2/java/core/ > > > > > > > > > >
Re: Exposing Cassandra as a Web Service
Hi Gary, Thank you very much for the information. BTW, It seems that your transport code is not in the Cassandra's trunk. Is it going add that code into the trunk? BTW, do you think what I suggested would be worth? If so, I would like to implement it. Thanks, Indika On Mon, Jan 17, 2011 at 7:05 PM, Gary Dusbabek wrote: > It wouldn't be hard to do. Cassandra is structured in such a way that > it is pretty easy to wrap a transport around a few classes that handle > most of the client interaction. Last September I created a > RESTful-like version of Cassandra in just a few hours. I haven't > maintained the branch, but you can find the results of the work here: > https://github.com/gdusbabek/cassandra > > Gary > > On Sun, Jan 16, 2011 at 10:50, indika kumara wrote: > > Hi All, > > > > What would you think about the idea of exposing the Cassandra as a Web > > Service so that any web service client can connect to the Cassandra > server? > > > > This would require embedding a web service engine in the server side, > > providing WSDL(s) for Cassandra’s services such as management, data > access, > > etc. > > > > If this task can be done, it is possible to connect to the Cassandra > through > > different languages, different transports such as TCP, HTTP, JMS, etc. > > Moreover, the connection between clients and the Cassandra can be secure > > (WS-Security), and reliable. > > > > If this task is worth, I may be able to contribute for implementing it. I > am > > familiar with the Axis2 web service engine [1], and an Apache committer. > > > > Your suggestions are welcome! > > > > Thanks, > > > > Indika > > > > [1] http://axis.apache.org/axis2/java/core/ > > >
Re: Exposing Cassandra as a Web Service
Thanks Gary A HTTP transport based on NIO [1] may offer a considerable performance. I may implement it locally and compare the performance. Indika [1] http://hc.apache.org/httpcomponents-core-ga/httpcore-nio/index.html On Mon, Jan 17, 2011 at 8:01 PM, Gary Dusbabek wrote: > No, it's not in trunk. I created the branch as a proof-of-concept > only. I can see the utility of a RESTful interface, but I doubt > you'll be able to achieve performance comparable to thrift. > > Gary > > On Mon, Jan 17, 2011 at 07:23, indika kumara > wrote: > > Hi Gary, > > > > Thank you very much for the information. BTW, It seems that your > transport > > code is not in the Cassandra's trunk. Is it going add that code into the > > trunk? BTW, do you think what I suggested would be worth? If so, I would > > like to implement it. > > > > Thanks, > > > > Indika > > > > On Mon, Jan 17, 2011 at 7:05 PM, Gary Dusbabek > wrote: > >> > >> It wouldn't be hard to do. Cassandra is structured in such a way that > >> it is pretty easy to wrap a transport around a few classes that handle > >> most of the client interaction. Last September I created a > >> RESTful-like version of Cassandra in just a few hours. I haven't > >> maintained the branch, but you can find the results of the work here: > >> https://github.com/gdusbabek/cassandra > >> > >> Gary > >> > >> On Sun, Jan 16, 2011 at 10:50, indika kumara wrote: > >> > Hi All, > >> > > >> > What would you think about the idea of exposing the Cassandra as a Web > >> > Service so that any web service client can connect to the Cassandra > >> > server? > >> > > >> > This would require embedding a web service engine in the server side, > >> > providing WSDL(s) for Cassandra’s services such as management, data > >> > access, > >> > etc. > >> > > >> > If this task can be done, it is possible to connect to the Cassandra > >> > through > >> > different languages, different transports such as TCP, HTTP, JMS, etc. > >> > Moreover, the connection between clients and the Cassandra can be > secure > >> > (WS-Security), and reliable. > >> > > >> > If this task is worth, I may be able to contribute for implementing > it. > >> > I am > >> > familiar with the Axis2 web service engine [1], and an Apache > committer. > >> > > >> > Your suggestions are welcome! > >> > > >> > Thanks, > >> > > >> > Indika > >> > > >> > [1] http://axis.apache.org/axis2/java/core/ > >> > > > > > >
Test Case Failure on Windows
Hi All, I am experience with test case failure due to the following error (a Windows file deletion issue). Any solution? Failed to delete C:\Project\cassandra\build\test\cassandra\commitlog\CommitLog-1296382997375.log" type="java.io.IOException">java.io.IOException: Failed to delete C:\Project\cassandra\build\test\cassandra\commitlog\CommitLog-1296382997375.log at org.apache.cassandra.io.util.FileUtils.deleteWithConfirm(FileUtils.java:51) at org.apache.cassandra.io.util.FileUtils.deleteRecursive(FileUtils.java:211) at org.apache.cassandra.io.util.FileUtils.deleteRecursive(FileUtils.java:207) at org.apache.cassandra.CleanupHelper.cleanup(CleanupHelper.java:55) at org.apache.cassandra.CleanupHelper.cleanupAndLeaveDirs(CleanupHelper.java:41) Thanks, Indika
