timothy at getintheloop.eu
Thu Feb 4 09:49:42 EST 2010
Certainly managing security / ACLs with the front end proxy is far from ideal.
I should have thought that quite a lot of Riak users would like to achieve this kind of setup right? Otherwise there is no real way to segregate your datasets.
On 4 Feb 2010, at 13:00, Sean Cribbs wrote:
> Although it's probably not the best solution, you could definitely add those restrictions in a reverse-proxy, say with Apache or nginx in front of Riak. Require your applications to authenticate with the front end, and then restrict their access accordingly.
> There are definite uses for multiple clusters, but I think having a cluster per customer might not be the best solution, simply for the sake of the duplication of effort. It depends on your application's needs of course. For managing the cluster(s), I definitely recommend looking into a configuration management tool that can ease new deployments (Chef, Puppet, cfengine, etc) and then adding monitoring (monit, god, munin, nagios, etc).
> On 2/4/10 7:33 AM, Timothy Perrett wrote:
>> Hey all,
>> Whilst I appreciate there are "buckets" in Riak, how would one setup a situation where a customer only has access to Bucket A and B, whilst customer2 has access to buckets C, D and E. When I say customer, I really mean there systems, but I guess you get that :-)
>> If this is not possible, I presume different Riak instances are the only way to go to keep that separation? If so, what is the best way of managing all these instances and what would be a memory foot print of such an instance?
>> Cheers, Tim
>> riak-users mailing list
>> riak-users at lists.basho.com
> riak-users mailing list
> riak-users at lists.basho.com
More information about the riak-users