cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felipe Esteves <felipe.este...@b2wdigital.com>
Subject Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer
Date Wed, 08 Jun 2016 14:01:39 GMT
Hi,

Just a feedback from my scenario, it all went well, no downtime. In my
case, I had authentication enabled from the beginning, just needed to
change the authorizer.

Felipe Esteves

Tecnologia

felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>

Tel.: (21) 3504-7162 ramal 57162

Skype: felipe2esteves

2016-06-08 9:05 GMT-03:00 <SEAN_R_DURITY@homedepot.com>:

> Which Cassandra version? Most of my authentication-from-non-authentication
> experience is from Cassandra 1.1 – 2.0. After that, I just enable from the
> beginning.
>
>
>
> Sean Durity – Lead Cassandra Admin
>
> Big DATA Team
>
> MTC 2250
>
> For support, create a JIRA
> <https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf>
>
>
>
> *From:* Jai Bheemsen Rao Dhanwada [mailto:jaibheemsen@gmail.com]
> *Sent:* Tuesday, June 07, 2016 8:31 PM
> *To:* user@cassandra.apache.org
> *Subject:* Re: Change authorization from AllowAllAuthorizer to
> CassandraAuthorizer
>
>
>
> Hello Sean,
>
>
> Recently I tried to enable Authentication on a existing cluster, I have
> see the below behaviour. (Clients already have the credentials and 3 node
> C* cluster)
>
>
>
> cluster 1 - Enabled Authentication on node1 by adding iptable rules (so
> that client will not communicate to this node) and I was able to connect to
> cql with default user and create the required users.
>
>
>
> cluster 2- Enabled Authentication on node1 by adding iptable rules but the
> default user was not created and below are the logs.
>
>
>
> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898
> PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user
> setup: some nodes were not ready
>
> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 - Skipped
> default superuser setup: some nodes were not ready
>
>
>
> Any idea why the behaviour is not consistent across the two clusters?
>
>
>
> P.S: In both the cases the *system_auth *keyspace was created when the
> first node was updated.
>
>
>
> On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves <
> felipe.esteves@b2wdigital.com> wrote:
>
> Thank you, Sean!
>
>
> *Felipe Esteves*
>
> Tecnologia
>
> felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
> Skype: felipe2esteves
>
>
>
> 2016-06-07 14:20 GMT-03:00 <SEAN_R_DURITY@homedepot.com>:
>
> I answered a similar question here:
>
> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>
>
>
>
>
> Sean Durity – Lead Cassandra Admin
>
>
>
> *From:* Felipe Esteves [mailto:felipe.esteves@b2wdigital.com]
> *Sent:* Tuesday, June 07, 2016 12:07 PM
> *To:* user@cassandra.apache.org
> *Subject:* Change authorization from AllowAllAuthorizer to
> CassandraAuthorizer
>
>
>
> Hi guys,
>
>
>
> I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer
> and have to change it, so I can implement permissions in different users.
>
> As I've checked in the docs, seems like a simple change,
> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>
> However, I'm a litte concerned about the performance of the cluster while
> I'm restarting all the nodes. Is it possible to have any downtime (access
> errors, maybe), as all the data was created with AllowAllAuthorizer?
>
> --
>
> *Felipe Esteves*
>
> Tecnologia
>
> felipe.esteves@b2wdigital.com <seu.email@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
>
>
>
> ------------------------------
>
>
> The information in this Internet Email is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this Email
> by anyone else is unauthorized. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. When addressed
> to our clients any opinions or advice contained in this Email are subject
> to the terms and conditions expressed in any applicable governing The Home
> Depot terms of business or client engagement letter. The Home Depot
> disclaims all responsibility and liability for the accuracy and content of
> this attachment and for any damages or losses arising from any
> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
> items of a destructive nature, which may be contained in this attachment
> and shall not be liable for direct, indirect, consequential or special
> damages in connection with this e-mail message or its attachment.
>
>
>
>
>
>
>
> ------------------------------
>
> The information in this Internet Email is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this Email
> by anyone else is unauthorized. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. When addressed
> to our clients any opinions or advice contained in this Email are subject
> to the terms and conditions expressed in any applicable governing The Home
> Depot terms of business or client engagement letter. The Home Depot
> disclaims all responsibility and liability for the accuracy and content of
> this attachment and for any damages or losses arising from any
> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
> items of a destructive nature, which may be contained in this attachment
> and shall not be liable for direct, indirect, consequential or special
> damages in connection with this e-mail message or its attachment.
>

-- 


Mime
View raw message