Skip to content

Commit

Permalink
Implement authentication for the web UI
Browse files Browse the repository at this point in the history
  • Loading branch information
@adejanovski
adejanovski committed Mar 13, 2018
1 parent bf2cef7 commit 2a89b16
Show file tree
Hide file tree
Showing 79 changed files with 1,519 additions and 178 deletions.
2 changes: 2 additions & 0 deletions docs/docs/api/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/backends/cassandra/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/backends/h2/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/backends/index.html
View file
Expand Up @@ -247,6 +247,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/backends/memory/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/backends/postgres/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/community/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/configuration/backend_specific/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/configuration/docker_vars/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/configuration/index.html
View file
Expand Up @@ -247,6 +247,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
79 changes: 53 additions & 26 deletions docs/docs/configuration/reaper_specific/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down Expand Up @@ -283,7 +285,7 @@ <h1 id="reaper-specific-settings">Reaper Specific Settings</h1>

<p>Configuration settings in the <em>cassandra-reaper.yaml</em> that are specific to Reaper</p>

<p></br></p>
<p><br/></p>

<h3 id="autoscheduling"><code>autoScheduling</code></h3>

Expand Down Expand Up @@ -346,7 +348,7 @@ <h4 id="excludedkeyspaces"><code>excludedKeyspaces</code></h4>

<p>The Keyspaces that are to be excluded from the repair schedule.</p>

<p></br></p>
<p><br/></p>

<h3 id="datacenteravailability"><code>datacenterAvailability</code></h3>

Expand All @@ -364,7 +366,7 @@ <h3 id="datacenteravailability"><code>datacenterAvailability</code></h3>

<p><strong>EACH</strong> - requires a minimum of one Reaper instance operating in each datacenter. Each Reaper instance is required to have access via JMX to all nodes only in its local datacenter. When operating in this mode, Reaper can only use Apache Cassandra as its storage. In addition, metrics from nodes in remote datacenters must be collected through the Cassandra storage backend. If any metric is unavailable, the segment will be postponed for later processing.</p>

<p></br></p>
<p><br/></p>

<h3 id="enablecrossorigin"><code>enableCrossOrigin</code></h3>

Expand All @@ -374,7 +376,7 @@ <h3 id="enablecrossorigin"><code>enableCrossOrigin</code></h3>

<p>Optional setting which can be used to enable the CORS headers for running an external GUI application, like <a href="https://github.com/spodkowinski/cassandra-reaper-ui">this project</a>. When enabled it will allow REST requests incoming from other origins than the domain that hosts Reaper.</p>

<p></br></p>
<p><br/></p>

<h3 id="enabledynamicseedlist"><code>enableDynamicSeedList</code></h3>

Expand All @@ -384,7 +386,7 @@ <h3 id="enabledynamicseedlist"><code>enableDynamicSeedList</code></h3>

<p>Allow Reaper to add all nodes in the cluster as contact points when adding a new cluster, instead of just adding the provided node.</p>

<p></br></p>
<p><br/></p>

<h3 id="hangingrepairtimeoutmins"><code>hangingRepairTimeoutMins</code></h3>

Expand All @@ -394,7 +396,7 @@ <h3 id="hangingrepairtimeoutmins"><code>hangingRepairTimeoutMins</code></h3>
the repair segment in question will be cancelled, if possible, and then scheduled for later
repair again within the same repair run process.</p>

<p></br></p>
<p><br/></p>

<h3 id="incrementalrepair"><code>incrementalRepair</code></h3>

Expand All @@ -406,7 +408,7 @@ <h3 id="incrementalrepair"><code>incrementalRepair</code></h3>

<p><em>Note</em>: It is recommended to avoid using incremental repair before Cassandra 4.0 as subtle bugs can lead to overstreaming and cluster instabililty.</p>

<p></br></p>
<p><br/></p>

<h3 id="jmxauth"><code>jmxAuth</code></h3>

Expand All @@ -415,6 +417,8 @@ <h3 id="jmxauth"><code>jmxAuth</code></h3>
<pre><code>jmxAuth:
username: cassandra
password: cassandra

#### `username`
</code></pre>

<h4 id="username"><code>username</code></h4>
Expand All @@ -429,7 +433,27 @@ <h4 id="password"><code>password</code></h4>

<p>Cassandra JMX password.</p>

<p></br></p>
<p><br/></p>

<h3 id="jmxcredentials"><code>jmxCredentials</code></h3>

<p><em><strong>Since 1.1.0</strong></em><br />
Optional setting to allow Reaper to establish JMX connections to Cassandra clusters with specific credentials per cluster.</p>

<pre><code>jmxCredentials:
clusterProduction1:
username: user1
password: password1
clusterProduction2:
username: user2
password: password2
</code></pre>

<p>This setting can be used in conjunction with the <code>jmxAuth</code> to override the credentials for specific clusters only.<br />
The cluster name must match the one defined in the cassandra.yaml file (in the example above, <code>clusterProduction1</code> and <code>clusterProduction2</code>).</p>

<p>Adding a new cluster with specific credentials requires to add the seed node in the following format : <code>host@cluster</code><br />
To match the example above, it could be something like : <code>10.0.10.5@clusterProduction1</code></p>

<h3 id="jmxconnectiontimeoutinseconds"><code>jmxConnectionTimeoutInSeconds</code></h3>

Expand All @@ -439,7 +463,7 @@ <h3 id="jmxconnectiontimeoutinseconds"><code>jmxConnectionTimeoutInSeconds</code

<p>Controls the timeout for establishing JMX connections. The value should be low enough to avoid stalling simple operations in multi region clusters, but high enough to allow connections under normal conditions.</p>

<p></br></p>
<p><br/></p>

<h3 id="jmxports"><code>jmxPorts</code></h3>

Expand All @@ -453,7 +477,7 @@ <h3 id="jmxports"><code>jmxPorts</code></h3>
127.0.0.3: 7300
</code></pre>

<p></br></p>
<p><br/></p>

<h3 id="localjmxmode"><code>localJmxMode</code></h3>

Expand All @@ -463,7 +487,7 @@ <h3 id="localjmxmode"><code>localJmxMode</code></h3>

<p>Activates the mode where JMX is only accessible from localhost. If set to true, one Reaper instance must be running on each Cassandra node.</p>

<p></br></p>
<p><br/></p>

<h3 id="logging"><code>logging</code></h3>

Expand Down Expand Up @@ -499,7 +523,7 @@ <h4 id="logformat"><code>logFormat</code></h4>

<p>The output format of an entry in the log.</p>

<p></br></p>
<p><br/></p>

<h3 id="metrics"><code>metrics</code></h3>

Expand All @@ -511,15 +535,15 @@ <h3 id="metrics"><code>metrics</code></h3>
- type: &lt;type&gt;
</code></pre>

<p></br></p>
<p><br/></p>

<h3 id="repairintensity"><code>repairIntensity</code></h3>

<p>Type: <em>Float</em> (value between 0.0 and 1.0, but must never be 0.0.)</p>

<p>Repair intensity defines the amount of time to sleep between triggering each repair segment while running a repair run. When intensity is 1.0, it means that Reaper doesn&rsquo;t sleep at all before triggering next segment, and otherwise the sleep time is defined by how much time it took to repair the last segment divided by the intensity value. 0.5 means half of the time is spent sleeping, and half running. Intensity 0.75 means that 25% of the total time is used sleeping and 75% running. This value can also be overwritten per repair run when invoking repairs.</p>

<p></br></p>
<p><br/></p>

<h3 id="repairmanagerschedulingintervalseconds"><code>repairManagerSchedulingIntervalSeconds</code></h3>

Expand All @@ -529,7 +553,7 @@ <h3 id="repairmanagerschedulingintervalseconds"><code>repairManagerSchedulingInt

<p>Controls the pace at which the Repair Manager will schedule processing of the next segment. Reducing this value from its default value of 30s to a lower value can speed up fast repairs by orders of magnitude.</p>

<p></br></p>
<p><br/></p>

<h3 id="repairparallelism"><code>repairParallelism</code></h3>

Expand All @@ -543,7 +567,7 @@ <h3 id="repairparallelism"><code>repairParallelism</code></h3>

<p><strong>DATACENTER_AWARE</strong> - one replica in each DC at the same time, with snapshots. If this value is used in clusters older than 2.0.12, Reaper will fall back into using <strong>SEQUENTIAL</strong> for those clusters.</p>

<p></br></p>
<p><br/></p>

<h3 id="repairrunthreadcount"><code>repairRunThreadCount</code></h3>

Expand All @@ -552,7 +576,7 @@ <h3 id="repairrunthreadcount"><code>repairRunThreadCount</code></h3>
<p>The amount of threads to use for handling the Reaper tasks. Have this big enough not to cause
blocking in cause some thread is waiting for I/O, like calling a Cassandra cluster through JMX.</p>

<p></br></p>
<p><br/></p>

<h3 id="scheduledaysbetween"><code>scheduleDaysBetween</code></h3>

Expand All @@ -562,7 +586,7 @@ <h3 id="scheduledaysbetween"><code>scheduleDaysBetween</code></h3>

<p>Defines the amount of days to wait between scheduling new repairs. The value configured here is the default for new repair schedules, but you can also define it separately for each new schedule. Using value 0 for continuous repairs is also supported.</p>

<p></br></p>
<p><br/></p>

<h3 id="segmentcount"><code>segmentCount</code></h3>

Expand All @@ -572,7 +596,7 @@ <h3 id="segmentcount"><code>segmentCount</code></h3>

<p>Defines the default amount of repair segments to create for newly registered Cassandra repair runs (token rings). When running a repair run by the Reaper, each segment is repaired separately by the Reaper process, until all the segments in a token ring are repaired. The count might be slightly off the defined value, as clusters residing in multiple data centers require additional small token ranges in addition to the expected. This value can be overwritten when executing a repair run via Reaper.</p>

<p></br></p>
<p><br/></p>

<h3 id="server"><code>server</code></h3>

Expand Down Expand Up @@ -606,23 +630,26 @@ <h4 id="bindhost"><code>bindHost</code></h4>

<p>Note that to bind the service to all interfaces use value <strong>0.0.0.0</strong> or leave the value for the setting this blank. A value of <strong>*</strong> is an invalid value for this setting.</p>

<p></br></p>
<p><br/></p>

<h3 id="storagetype"><code>storageType</code></h3>

<p>Type: <em>String</em></p>

<p>The storage type to use in which Reaper will store its control data. The value must be either <strong>cassandra</strong>, <strong>h2</strong>, <strong>memory</strong>, or <strong>postgres</strong>. If the recommended (persistent) storage type <strong>cassandra</strong>, <strong>h2</strong>, or <strong>postgres</strong> is being used, the database client parameters must be specified in the respective <code>cassandra</code>, <code>h2</code>, or <code>postgres</code> section in the configuration file. See the example settings in provided the <em><a href="https://github.com/thelastpickle/cassandra-reaper/tree/master/src/packaging/resource">src/packaging/resources</a></em> directory of the repository.</p>

<p></br></p>

<h3 id="useaddresstranslator"><code>useAddressTranslator</code></h3>
<p><br/></p>

<p>Type: <em>Boolean</em></p>
<h3 id="accesscontrol"><code>accessControl</code></h3>

<p>Default: <em>false</em></p>
<p>Settings to activate and configure authentication for the web UI.
Deleting or commenting that block from the yaml file will turn off authentication.</p>

<p>When running multi region clusters in AWS, turn this setting to <code>true</code> in order to use the EC2MultiRegionAddressTranslator from the Datastax Java Driver. This will allow translating the public address that the nodes broadcast to the private IP address that is used to expose JMX.</p>
<pre><code>accessControl:
sessionTimeout: PT10M
shiro:
iniConfigs: [&quot;file:/path/to/shiro.ini&quot;]
</code></pre>

</div>

Expand Down
2 changes: 2 additions & 0 deletions docs/docs/download/building/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/download/docker/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/download/index.html
View file
Expand Up @@ -247,6 +247,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/download/install/index.html
View file
Expand Up @@ -250,6 +250,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/index.html
View file
Expand Up @@ -247,6 +247,8 @@ <h1></h1>

<li><a href="/docs/usage/multi_dc/"> Multi DC </a> </li>

<li><a href="/docs/usage/authentication/"> Activate authentication for the web UI </a> </li>

</ul>

</li>
Expand Down

0 comments on commit 2a89b16

Please sign in to comment.