replication users

[Nathan Stott <nr...@gmail.com>]

 Are there any special considerations when replicating the _users
database as opposed to normal databases?  Is this a good way to share
users between servers that should share users and trust one another?

Re: replication users

[J Chris Anderson <jc...@apache.org>]

On Aug 20, 2010, at 7:14 AM, zecat wrote:

> Hi everyone,
> 
> I'm very interested to get any information on this topic too, and in security replication in general.
> I plan to deploy several couchdb instance, and I plan to implement different users and roles to use on this cloud.
> I think, I don't understand very well the user/role and replication mechanism. I tried different configuration.
> As far as I understand, the _users databases can be replicated, but not the user and role assigned on another database.

Yes, this is true. Replicating the _users database is totally fine (note that the replicator must have admin privileges on the target database, or else on the currently logged in user's document will be replicated.)

> Example :
> - I created a tesdb on couchdb1
> - I applied a security setting (with Futon ) to define some admins and readers names/roles ,
> - I defined a replica of  testb on couchdb2
> - I launched a replication job between couchdb1/testdb and couchdb2/testdb.
> But it seems there is no security replicated from couchdb1/testdb to couchdb2/testdb.
> 

The security configuration object is not replicated. This is by design, as one replica may be on an end-user machine, and another on shared cloud instance, necessitating different rules.

> Is it normal ? Does it could be a great security feature to assist replication of the security setting for a replication database in a cloud ?
> 
> Maybe I'm completly wrong on this subject ?
> 
> Other question about multiple couchdb instance and replication :
> When (for perf, or LB, or HA purpose) you need more than 2 couchdb replica of the same database, what is supposed to be the more efficent architecture ?
> - Something in ring style : A>B>C>A
> - Same with a dual reverse replication scheme ? A>B>C>A,   A>C>B>A
> - Or a grap cluster style A>B, A>C, B>A, C>A
> - Or a n^2 dual replica with every possible peer db ? A>B, A>C, B>A, B>C, C>A, C>B
> 
> I'd appreciate any comment on this !
> 
> Thanks,
> 
> Thierry.
> 
> 
> 
> Le 19/08/2010 16:21, Nathan Stott a écrit :
>>  Are there any special considerations when replicating the _users
>> database as opposed to normal databases?  Is this a good way to share
>> users between servers that should share users and trust one another?
>>   

Re: replication users

[zecat <co...@lechat.org>]

Hi everyone,

I'm very interested to get any information on this topic too, and in 
security replication in general.
I plan to deploy several couchdb instance, and I plan to implement 
different users and roles to use on this cloud.
I think, I don't understand very well the user/role and replication 
mechanism. I tried different configuration.
As far as I understand, the _users databases can be replicated, but not 
the user and role assigned on another database.
Example :
- I created a tesdb on couchdb1
- I applied a security setting (with Futon ) to define some admins and 
readers names/roles ,
- I defined a replica of  testb on couchdb2
- I launched a replication job between couchdb1/testdb and couchdb2/testdb.
But it seems there is no security replicated from couchdb1/testdb to 
couchdb2/testdb.

Is it normal ? Does it could be a great security feature to assist 
replication of the security setting for a replication database in a cloud ?

Maybe I'm completly wrong on this subject ?

Other question about multiple couchdb instance and replication :
When (for perf, or LB, or HA purpose) you need more than 2 couchdb 
replica of the same database, what is supposed to be the more efficent 
architecture ?
- Something in ring style : A>B>C>A
- Same with a dual reverse replication scheme ? A>B>C>A,   A>C>B>A
- Or a grap cluster style A>B, A>C, B>A, C>A
- Or a n^2 dual replica with every possible peer db ? A>B, A>C, B>A, 
B>C, C>A, C>B

I'd appreciate any comment on this !

Thanks,

Thierry.



Le 19/08/2010 16:21, Nathan Stott a écrit :
>   Are there any special considerations when replicating the _users
> database as opposed to normal databases?  Is this a good way to share
> users between servers that should share users and trust one another?
>