Authorization for a Multi-Cloud System

Image
This is a project design I am currently working on to consume SPIFFE(Secure Production Identity Framework For Everyone) bootstrapped trust and identification to provide authorization in a dynamically scaling, heterogeneous system, inspired by Mr. Prabath Siriwardena from WSO2 and under the supervision of Prof. Gihan Dias from University of Moratuwa. An enterprise system running across multiple clouds, as in the hybrid cloud, is an obvious example that will be benefitted from this. The objective is to open doors for the SPIFFE standard based systems to co-exist with rest of the systems with minimal effort, without compromising on security aspects while having an authorization solution based on SPIFFE.
What is SPIFFE? In brief, it is a trust bootstrapping and identification framework, submitted as a standard and accepted by CNCF(Cloud Native Computing Foundation)[1]. As of now, this standard has two main implementations as SPIRE and Istio[2], a platform that supports service mesh archit…

Running Cassandra in a Multi-node Cluster

This post gathers the steps I followed in setting up an Apache Cassandra cluster in multi-node. I have referred Cassandra wiki and Datastax documentation in setting up my cluster. The following procedure is expressed in details, sharing my experience in setting up the cluster.
  1. Setting up first node
  2. Adding other nodes
  3. Monitoring the cluster - nodetool, jConsole, Cassandra GUI

I used Cassandra 1.1.0 and Cassandra GUI - cassandra-gui-0.8.0-beta1 version(As older release had problems in showing data) in Ubuntu OS.

Setting up first node

Open cassandra.yaml which is in 'apache-cassandra-1.1.0/conf'.
Change listen_address: localhost -->  listen_address: <node IP address>
         rpc_address: localhost -->  rpc_address: <node IP address>
- seeds: "127.0.0.1" --> - seeds: "node IP address"
The listen address defines where the other nodes in the cluster should connect. So in a multi-node cluster it should to changed to it's identical address of Ethernet interface. 
The rpc address defines where the node is listening to clients. So it can be same as node IP address or set it to wildcard 0.0.0.0 if we want to listen Thrift clients on all available interfaces.
The seeds act as the communication points. When a new node joins the cluster it contact the seeds and get the information about the ring and basics of other nodes. So in multi-node, it needs to be changed to a routable address  as above which makes this node a seed.

Note: In multi-node cluster, it is better to have multiple seeds. Though it doesn't mean to have a single point of failure in using one node as a seed, it will make delays in spreading status message around the ring.  A list of nodes to be act as seeds can be defined as follows,

- seeds: "<ip1>,<ip2>,<ip3>"

For the moment let's go forward with previous configuration with single seed. Now we can simply start Cassandra on this node, which will run perfect without the rest of the nodes. Let's imagine our cluster need increased performance and more data is feeding to the system. So it's the time to add another node to the cluster.

Adding other nodes


Simply copy the Apache Cassandra folder of first node to each of these. Now replace the listen_address: <node IP address> and rpc_address: <node IP address> as relevant for each node. (No need to touch seeds section) When we start each node now it will join the ring, using the seeds as hubs of the gossip network. In the logs it will show up the information related to other nodes in the cluster as it can see.


Monitoring the cluster

Nodetool - This is shipped with Apache Cassandra. We can run it being inside Cassandra folder with bin/nodetool . With the ring command of nodetool we can check some information of the ring as follows.

bin/nodetool -host <node IP address> ring


It has lot more useful functionalities which can be referred at site.

jConsole - We can use this to monitor usage of memory, thread behavior etc. It is so helpful to analyse the cluster in detail and to fine tune the performance. This guide also carries good information on using jConsole if you are not familiar with it already.


Cassandra GUI - This is to satisfy the need to visualize the data inside the cluster. With this we can see the content distributed across the cluster at one place.


Comments

  1. This is really an interesting topic. Congratulations to the writer. I'm sure a lot of readers having fun reading your post. Hoping to read more post from you in the future. Thank you and God bless!


    Rica
    www.imarksweb.org

    ReplyDelete

Post a Comment

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

How to send an HTML email in Java (Using Google SMTP Server)

How to convert WSDL to Java