Wondering if Basho doesn't already have cookbooks / recipes for
deploying with Chef... I'm facing the exact same scenario. A Heroku
web app + Riak on EC2. This is the only starting point I've found
http://github.com/damm/ey-cloud-recipes/tree/aeb2941c3e7ad03dba7104bc6530777b90c2d71d/cookbooks/riak
so far.
Nginx seems like the usual choice for proxying to Riak. Is this
http://rigelgroupllc.com/wp/?s=nginx the best practice?
I like the idea of unauthenticated clients bypassing the the web site /
api (where appropriate). It could mean a lighter Heroku bill. However,
one probably wouldn't want to open up all the data. So maybe with a
whitelist (or blacklist) restricting what is ok for the world to GET.
This thread http://riak.markmail.org/thread/fzob4dkfm7ebx65g comes to mind.
Whatever the method for controlling access at the bucket level though, a
modeling question comes to mind... Do you recommend spitting certain
buckets into public and private counterparts? Perhaps the data model
would be the same - with documents going into the public bucket only if
shared. What are the usage implications from an authenticated
application's point of view? Would it be easy to treat both buckets "as
one" when accessing through a client library - Ripple in my case.
Sharing is such a common pattern it could make a really useful mixin.
Of-course it's not always black & white. Sometimes it's both. Some
parts of the document may have to remain private even if its "shared".
So now we are talking about having the same document in both buckets
(public 1:1 private) and a property :whatever, :shareable => true #(for
example). From this mixed scenario pov, maybe it makes sense to have
all the data in the private bucket with the shared properties copied to
the public bucket. So linking & map/reduce would refer to the private
(otherwise solo) bucket without any special cases. Does such a thing
make sense to have in Ripple? Perhaps sharing is a use case for the
upcoming triggers?
Well, a bit of diversion from authentication & ACLs, but I thought an
idea worth sharing in this context.
Orlin
Tyler Smart wrote:
Thank you Sean and Preston!
I will look into client certificate verification as the Riak server
will be on EC/2 but our application server is still Heroku. I saw over
at 37 signals that they had some cookbooks for chef that used ec/2 and
a bunch of others. I am wondering If I can modify their cookbooks to
deploy Riak (maybe the EC-2 one)
Tyler
On Sun, Apr 11, 2010 at 8:04 AM, Sean Cribbs <[email protected]
<mailto:[email protected]>> wrote:
As Preston says, we recommend putting a web-server in front of
your Riak machine when you need authentication. If you're using
SSL to connect, you could also use client certificate
verification. In general, however, it would be easiest to put
your Riak machines and your application machines in the same EC2
security group.
Sean Cribbs <[email protected] <mailto:[email protected]>>
Developer Advocate
Basho Technologies, Inc.
http://basho.com/
On Apr 11, 2010, at 2:33 AM, Preston Marshall wrote:
I haven't seen any authentication in Riak, they might expect you
to to throw a web server or something similar in front of it to
handle authentication. I'm sure Nginx can more than handle the
job of authentication.
On Sun, Apr 11, 2010 at 1:30 AM, Tyler Smart
<[email protected] <mailto:[email protected]>> wrote:
Hi Riak users!
As a newbie, I am wondering what the best way to authenticate
is? Let's say I have a eroku server that will connect to the
riak server over https. How should the Riak node handle
authentication such that only the heroku server can access
the data? Also, if we are deploying onto Amazon, do you guys
have any pre-built chef scripts I could study to get up to
speed with Riak deploys?
Sincerely,
Tyler
_______________________________________________
riak-users mailing list
[email protected] <mailto:[email protected]>
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________
riak-users mailing list
[email protected] <mailto:[email protected]>
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
------------------------------------------------------------------------
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
