cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jai Bheemsen Rao Dhanwada <jaibheem...@gmail.com>
Subject Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer
Date Wed, 08 Jun 2016 18:21:38 GMT
C* version  I am using is 2.1.13

Cluster 1 - Single DC
Cluster 2 - Multi DC

On Wed, Jun 8, 2016 at 7:01 AM, Felipe Esteves <
felipe.esteves@b2wdigital.com> wrote:

> Hi,
>
> Just a feedback from my scenario, it all went well, no downtime. In my
> case, I had authentication enabled from the beginning, just needed to
> change the authorizer.
>
> Felipe Esteves
>
> Tecnologia
>
> felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
> Skype: felipe2esteves
>
> 2016-06-08 9:05 GMT-03:00 <SEAN_R_DURITY@homedepot.com>:
>
>> Which Cassandra version? Most of my
>> authentication-from-non-authentication experience is from Cassandra 1.1 –
>> 2.0. After that, I just enable from the beginning.
>>
>>
>>
>> Sean Durity – Lead Cassandra Admin
>>
>> Big DATA Team
>>
>> MTC 2250
>>
>> For support, create a JIRA
>> <https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf>
>>
>>
>>
>> *From:* Jai Bheemsen Rao Dhanwada [mailto:jaibheemsen@gmail.com]
>> *Sent:* Tuesday, June 07, 2016 8:31 PM
>> *To:* user@cassandra.apache.org
>> *Subject:* Re: Change authorization from AllowAllAuthorizer to
>> CassandraAuthorizer
>>
>>
>>
>> Hello Sean,
>>
>>
>> Recently I tried to enable Authentication on a existing cluster, I have
>> see the below behaviour. (Clients already have the credentials and 3 node
>> C* cluster)
>>
>>
>>
>> cluster 1 - Enabled Authentication on node1 by adding iptable rules (so
>> that client will not communicate to this node) and I was able to connect to
>> cql with default user and create the required users.
>>
>>
>>
>> cluster 2- Enabled Authentication on node1 by adding iptable rules but
>> the default user was not created and below are the logs.
>>
>>
>>
>> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898
>> PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user
>> setup: some nodes were not ready
>>
>> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 -
>> Skipped default superuser setup: some nodes were not ready
>>
>>
>>
>> Any idea why the behaviour is not consistent across the two clusters?
>>
>>
>>
>> P.S: In both the cases the *system_auth *keyspace was created when the
>> first node was updated.
>>
>>
>>
>> On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves <
>> felipe.esteves@b2wdigital.com> wrote:
>>
>> Thank you, Sean!
>>
>>
>> *Felipe Esteves*
>>
>> Tecnologia
>>
>> felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>
>>
>> Tel.: (21) 3504-7162 ramal 57162
>>
>> Skype: felipe2esteves
>>
>>
>>
>> 2016-06-07 14:20 GMT-03:00 <SEAN_R_DURITY@homedepot.com>:
>>
>> I answered a similar question here:
>>
>> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>>
>>
>>
>>
>>
>> Sean Durity – Lead Cassandra Admin
>>
>>
>>
>> *From:* Felipe Esteves [mailto:felipe.esteves@b2wdigital.com]
>> *Sent:* Tuesday, June 07, 2016 12:07 PM
>> *To:* user@cassandra.apache.org
>> *Subject:* Change authorization from AllowAllAuthorizer to
>> CassandraAuthorizer
>>
>>
>>
>> Hi guys,
>>
>>
>>
>> I have a Cassandra 2.1.8 Community cluster running with
>> AllowAllAuthorizer and have to change it, so I can implement permissions in
>> different users.
>>
>> As I've checked in the docs, seems like a simple change,
>> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>>
>> However, I'm a litte concerned about the performance of the cluster while
>> I'm restarting all the nodes. Is it possible to have any downtime (access
>> errors, maybe), as all the data was created with AllowAllAuthorizer?
>>
>> --
>>
>> *Felipe Esteves*
>>
>> Tecnologia
>>
>> felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>
>>
>> Tel.: (21) 3504-7162 ramal 57162
>>
>>
>>
>>
>> ------------------------------
>>
>>
>> The information in this Internet Email is confidential and may be legally
>> privileged. It is intended solely for the addressee. Access to this Email
>> by anyone else is unauthorized. If you are not the intended recipient, any
>> disclosure, copying, distribution or any action taken or omitted to be
>> taken in reliance on it, is prohibited and may be unlawful. When addressed
>> to our clients any opinions or advice contained in this Email are subject
>> to the terms and conditions expressed in any applicable governing The Home
>> Depot terms of business or client engagement letter. The Home Depot
>> disclaims all responsibility and liability for the accuracy and content of
>> this attachment and for any damages or losses arising from any
>> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
>> items of a destructive nature, which may be contained in this attachment
>> and shall not be liable for direct, indirect, consequential or special
>> damages in connection with this e-mail message or its attachment.
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------
>>
>> The information in this Internet Email is confidential and may be legally
>> privileged. It is intended solely for the addressee. Access to this Email
>> by anyone else is unauthorized. If you are not the intended recipient, any
>> disclosure, copying, distribution or any action taken or omitted to be
>> taken in reliance on it, is prohibited and may be unlawful. When addressed
>> to our clients any opinions or advice contained in this Email are subject
>> to the terms and conditions expressed in any applicable governing The Home
>> Depot terms of business or client engagement letter. The Home Depot
>> disclaims all responsibility and liability for the accuracy and content of
>> this attachment and for any damages or losses arising from any
>> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
>> items of a destructive nature, which may be contained in this attachment
>> and shall not be liable for direct, indirect, consequential or special
>> damages in connection with this e-mail message or its attachment.
>>
>
>
>
>

Mime
View raw message