Replication factor to use for system_auth

When using intrinsic security with Cassandra, what replication factor are you using for system_auth?

The previous docs seem to suggest it should be N, where N is the number of nodes, while the newer ones - we should set it to a number greater than 1. I can see why it makes sense for it to be higher - if a partition occurs and there is no replica in one partition, no one can log on to the system.

However, do all these nodes need it? What are the disadvantages of installing it on all ndoes?


source to share

1 answer

Let me answer this question by posing another:

If (due to some unforeseen event) all your nodes are down, except for one; would you still want to log into (and use) node?

This is why I really make sure my system_auth system space is replicated to all my nodes. You cannot predict node failure and in the interests of keeping your application running, it is safer than sorry.

I don't see any glaring flaws in this. The system keyspace is not very big (mine is 20kb) so it doesn't take up much space. The only possible scenario is if one of the nodes is omitted and the write operation is done to the column family in system_auth (in which case I think the write will be rejected ... depending on your write consistency). System_auth is not a very write-friendly keyword anyway. This way you will be fine as long as you don't plan on doing user maintenance during node crash.

Setting the replication factor system_auth to the number of nodes in the cluster should be fine. At the very least, I would say that you have to make sure it copies all of your datacenters.

If you are still wondering about this part of your question:

The previous docs seem to suggest that it should be N, where n is the number of nodes, while the newer ones - we should set it to a number greater than 1. "

I came across this today in the 2.1 Configuring Authentication documentation :

Increase the replication factor for system_auth system space to N (number of nodes).

Just make sure the guidelines are clear.



All Articles