Ouch, a detail I hadn't learned about yet. Good to know. Dean
From: Jean-Armel Luce <jaluc...@gmail.com<mailto:jaluc...@gmail.com>> Reply-To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>> Date: Monday, March 4, 2013 11:34 AM To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org>> Subject: Re: Consistency level for system_auth keyspace Hi Dean, The new authentication modules currently uses a QUORUM consistency level when checking the user. That is the reason why it doesn't work in version 1.2.2. I thing that using LOCAL_QUORUM or ONE CL instead of QUORUM should solve this problem. But I didn't see any option in 1.2.2. Regards. Jean Armel 2013/3/4 Hiller, Dean <dean.hil...@nrel.gov<mailto:dean.hil...@nrel.gov>> I thought there was already a LOCAL_QUOROM option so things continue to work when you get data center split. There was also TWO I think as well which allowed 4 nodes(2 in each data center) so you can continue to write when data center splits. Dean From: Jean-Armel Luce <jaluc...@gmail.com<mailto:jaluc...@gmail.com><mailto:jaluc...@gmail.com<mailto:jaluc...@gmail.com>>> Reply-To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>> Date: Monday, March 4, 2013 9:12 AM To: "user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>" <user@cassandra.apache.org<mailto:user@cassandra.apache.org><mailto:user@cassandra.apache.org<mailto:user@cassandra.apache.org>>> Subject: Re: Consistency level for system_auth keyspace Hi Aaron, I have open a ticket in Jira : https://issues.apache.org/jira/browse/CASSANDRA-5310 Reading the user using the QUORUM consistency level means that in case of network outage, you are unable to open a connection, and all your data become unavailable. Regards. Jean Armel 2013/3/4 aaron morton <aa...@thelastpickle.com<mailto:aa...@thelastpickle.com><mailto:aa...@thelastpickle.com<mailto:aa...@thelastpickle.com>>> In this case, it means that if there is a network split between the 2 datacenters, it is impossible to get the quorum, and all connections will be rejected. Yes. Is there a reason why Cassandra uses the Quorum consistency level ? I would guess to ensure there is a single, cluster wide, set of permissions. Using LOCAL or one could result in some requests that are rejected being allowed on other nodes. Cheers ----------------- Aaron Morton Freelance Cassandra Developer New Zealand @aaronmorton http://www.thelastpickle.com On 1/03/2013, at 6:40 AM, Jean-Armel Luce <jaluc...@gmail.com<mailto:jaluc...@gmail.com><mailto:jaluc...@gmail.com<mailto:jaluc...@gmail.com>>> wrote: Hi, I am using Cassandra 1.2.2. There are 16 nodes in my cluster in 2 datacenters (8 nodes in each datacenter). I am using NetworkTopologyStrategy. For information, I set a RF = 6 (3 replicas in each datacenter) With 1.2.2, I am using the new authentication backend PasswordAuthenticator with the authorizer CassandraAuthorizer. In the documentation (http://www.datastax.com/docs/1.2/security/security_keyspace_replication#security-keyspace-replication), it is written that for all system_auth-related queries, Cassandra uses the QUORUM consistency level. In this case, it means that if there is a network split between the 2 datacenters, it is impossible to get the quorum, and all connections will be rejected. Is there a reason why Cassandra uses the Quorum consistency level ? Maybe a local_quorum conssitency level (or a one consistency level) could do the job ? Regards Jean Armel
