Skip to content

New app, Riak Admin API, evolution of Riak Control#35

Open
hmmr wants to merge 4 commits into
OpenRiak:openriak-4.0from
TI-Tokyo:tiot/openriak-4.0/external-riak-admin-api
Open

New app, Riak Admin API, evolution of Riak Control#35
hmmr wants to merge 4 commits into
OpenRiak:openriak-4.0from
TI-Tokyo:tiot/openriak-4.0/external-riak-admin-api

Conversation

@hmmr

@hmmr hmmr commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR introduces riak_admin_api, a new app that exposes a well-defined API over HTTP to enable external control and management of riak clusters.

The difference from the previous attempt (OpenRiak/riak_kv#125) is in that:

  • the API is formally defined, with the intention for it to be usable from scripts as well as from a reference Riak Control app;
  • entities meant to use this API (users, groups, permissions) are separate from those managed by the standard riak security subsystem;
  • a set of CLI commands is implemented to assist in the initial setup (creation of the first user).

Related PRs: OpenRiak/riak_kv#152, OpenRiak/riak_test#28, OpenRiak/riak_core#47.

Andriy Zavada added 3 commits May 7, 2026 15:56
riak-deadmanshand, to facilitate full riak restart from wm_cluster code
3967d79 
This standalone script is intended to be started separately, possibly
from a systemd unit-file. It will check, every 3 sec, for presence
of a file named RESTART_RIAK in /run/riak, and execute
`riak stop; riak start` if that file exists.

The idea is to enable a full restart of riak initiated by an operator
action taken remotely in riak_control (i.e., over http), in a situation
when `riak restart` is insufficient (importantly, restarting riak this way
will not cause cuttlefish to read and process riak.conf and
advanced.config).

This idea becomes especially useful in combination with remote editing
and pushing advanced.config and riak.conf, implemented in riak_control,
allowing operators entirely remotely to configure riak nodes and do
a rolling restart subsequently, all without a need to have ssh and
root access to riak boxes.
welcome new app riak_admin_api
63a6203
drop mochiweb, webmachine from relx release applist, too
ec59aee
@hmmr hmmr mentioned this pull request Jun 1, 2026
Open
@martinsumner

martinsumner commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

If the permissions check depends on action - then action should be in the request line (e.g. URL, method, query parameter), and not the body. That way a) the flow of the functions in the riak_api_web_handler behaviour is as expected, but b) anyone who wishes to use HTTP infrastructure to add controls (e.g. Web Application Firewalls) can also apply appropriate rules via standard configuration.

This would align with the KV API - where the activity (and the Bucket) can be determined from the URI so controls can be applied via standard proxy filter rules.

@hmmr

hmmr commented Jun 1, 2026

Copy link
Copy Markdown
Contributor Author

If the permissions check depends on action - then action should be in the request line (e.g. URL, method, query parameter), and not the body.

I agree. I'll have it as a query parameter.

This was referenced Jun 2, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hmmr @martinsumner