cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Lété <thomas.l...@soprism.com>
Subject Re: System auth empty, how to populate it
Date Tue, 17 Jul 2018 14:01:14 GMT
It’s empty...

> Le 17 juil. 2018 à 15:59, Horia Mocioi <horia.mocioi@ericsson.com> a écrit :
> 
> Could you also send the output of "select * from system_auth.roles"?
> (you will need to change authenticator to AllowAllAuthenticator and
> authorizer to AllowAllAuthorizer) 
> 
> On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote:
>> Ok I tried that, nothing better (I already tried dropping the entire
>> system_auth folder that way, same result)
>> 
>> When I open the log, I found nothing about « Password » and when I
>> search for « roles », I only find that :
>> 
>> DEBUG [main] 2018-07-17 15:37:39,420
>> CompactionStrategyManager.java:380 - Recreating compaction strategy -
>> disk boundaries are out of date for system_auth.roles.
>> DEBUG [main] 2018-07-17 15:37:39,420 DiskBoundaryManager.java:53 -
>> Refreshing disk boundary cache for system_auth.roles
>> DEBUG [main] 2018-07-17 15:37:39,422 DiskBoundaryManager.java:56 -
>> Updating boundaries from
>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da
>> ta}], positions=[max(9223372036854775807)], ringVersion=3,
>> directoriesVersion=0} to
>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da
>> ta}], positions=[max(9223372036854775807)], ringVersion=16,
>> directoriesVersion=0} for system_auth.roles
>> 
>> The configuration I use for Auth is the following :
>> 
>> authorizer: CassandraAuthorizer
>> permissions_validity_in_ms: 2000
>> permissions_update_interval_in_ms: 2000
>> authenticator: PasswordAuthenticator
>> credentials_validity_in_ms: 2000
>> credentials_update_interval_in_ms: 2000
>> 
>>> Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson <simon.fontana.os
>>> carsson@ericsson.com> a écrit :
>>> 
>>> Could you try the following steps?
>>> 
>>> Stop Cassandra.
>>> Change authenticator in yaml to PasswordAuthenticator if not
>>> already done.
>>> Remove data directory with `rm -rf data/system_auth/roles-*`
>>> Start Cassandra.
>>> Login with `cqlsh -u cassandra -p cassandra`
>>> 
>>> Works for me.
>>> 
>>> -- 
>>> SIMON FONTANA OSCARSSON
>>> Software Developer
>>> 
>>> Ericsson
>>> Ölandsgatan 1
>>> 37133 Karlskrona, Sweden
>>> simon.fontana.oscarsson@ericsson.com
>>> www.ericsson.com
>>> 
>>> On tis, 2018-07-17 at 14:37 +0200, Thomas Lété wrote:
>>>> The latest : 3.11.2, the same as yours :(
>>>> 
>>>>> 
>>>>> Le 17 juil. 2018 à 14:36, Horia Mocioi <horia.mocioi@ericsson.c
>>>>> om> a écrit :
>>>>> 
>>>>> What Cassandra version do you use?
>>>>> 
>>>>> On tis, 2018-07-17 at 14:23 +0200, Thomas Lété wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> Thanks I tried that, made a node tool repair system_auth and
>>>>>> I get a
>>>>>> new error now :
>>>>>> 
>>>>>> Connection error: ('Unable to connect to any servers',
>>>>>> {'127.0.0.1':
>>>>>> AuthenticationFailed('Failed to authenticate to 127.0.0.1:
>>>>>> Error from
>>>>>> server: code=0100 [Bad credentials] message="Provided
>>>>>> username
>>>>>> cassandra and/or password are incorrect"',)})
>>>>>> 
>>>>>> Maybe it requires other records in the other tables ?
>>>>>> 
>>>>>> Thanks...
>>>>>> 
>>>>>>> 
>>>>>>> Le 17 juil. 2018 à 12:00, Horia Mocioi <horia.mocioi@ericss
>>>>>>> on.com>
>>>>>>> a écrit :
>>>>>>> 
>>>>>>> Try executing in cqlsh:
>>>>>>> 
>>>>>>> insert into system_auth.roles (role , can_login ,
>>>>>>> is_superuser ,
>>>>>>> salted_hash ) VALUES ( 'cassandra', True, True,
>>>>>>> '$2a$10$qQIh9pXDu0JNA7vQd7KRcO7VXryjbTu8XBQTC.tXcTpJHliH6S1
>>>>>>> aW');
>>>>>>> 
>>>>>>> The above hash encrypted value is for the default password
>>>>>>> cassandra
>>>>>>> 
>>>>>>> After doing this you should enable PasswordAuthenticator
>>>>>>> and
>>>>>>> restart
>>>>>>> your node. Then try to authenticate in cqlsh.
>>>>>>> 
>>>>>>> I tested this on ccm with cassandra 3.11.2. You should try
>>>>>>> it also
>>>>>>> on
>>>>>>> your test systems and not trust a random guy on the web.
>>>>>>> 
>>>>>>> Horia
>>>>>>> 
>>>>>>> On tis, 2018-07-17 at 11:40 +0200, Thomas Lété wrote:
>>>>>>>> 
>>>>>>>> Hi Horia,
>>>>>>>> 
>>>>>>>> Thanks for your reply :-)
>>>>>>>> As the keyspace was corrupt, Cassandra didn’t boot… So
as
>>>>>>>> we were
>>>>>>>> in
>>>>>>>> a hurry and not needed that keyspace, we dropped the
>>>>>>>> files and
>>>>>>>> put
>>>>>>>> AllowAllAuthorizer.
>>>>>>>> 
>>>>>>>> Now even the roles table is empty.
>>>>>>>> 
>>>>>>>> When I enable PasswordAuthenticator, I’m not able to
>>>>>>>> authenticate,
>>>>>>>> cassandra user doesn’t exist…
>>>>>>>> 
>>>>>>>> Is there a way to insert the default user in the roles
>>>>>>>> table ?
>>>>>>>> 
>>>>>>>> Yes the folder were recreated but without any data in the
>>>>>>>> tables.
>>>>>>>> I didn’t see any error in the logs.
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Le 17 juil. 2018 à 11:26, Horia Mocioi <horia.mocioi@er
>>>>>>>>> icsson.c
>>>>>>>>> om>
>>>>>>>>> a écrit :
>>>>>>>>> 
>>>>>>>>> Hello,
>>>>>>>>> 
>>>>>>>>> Those tables are empty by default, except
>>>>>>>>> system_auth.roles
>>>>>>>>> table
>>>>>>>>> which
>>>>>>>>> contains one entry(by default): the cassandra
>>>>>>>>> user/role.
>>>>>>>>> CassandraRoleManager creates it on startup if it does
>>>>>>>>> not
>>>>>>>>> exist.
>>>>>>>>> 
>>>>>>>>> Those tables will be populated once you start adding
>>>>>>>>> new
>>>>>>>>> users/roles
>>>>>>>>> and use authorization.
>>>>>>>>> 
>>>>>>>>> What do you mean by "I tried removing the system_auth
>>>>>>>>> folder
>>>>>>>>> from
>>>>>>>>> data
>>>>>>>>> but the keyspace isn’t removed. "? Is the folder
>>>>>>>>> deleted? Did
>>>>>>>>> you
>>>>>>>>> restart and the folder was recreated or not? Did you
>>>>>>>>> get errors
>>>>>>>>> when it
>>>>>>>>> restarted and Cassandra tried to recreate the
>>>>>>>>> system_auth
>>>>>>>>> keyspace?
>>>>>>>>> 
>>>>>>>>> Regards,
>>>>>>>>> Horia
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> On tis, 2018-07-17 at 10:02 +0200, Thomas Lété wrote:
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> Hi everyone,
>>>>>>>>>> 
>>>>>>>>>> Due to a crash, we lost the system_auth keyspace.
It
>>>>>>>>>> was not
>>>>>>>>>> important at that time because this was a closed
>>>>>>>>>> system, not
>>>>>>>>>> communicating outside the structure so we used
>>>>>>>>>> AllowAllAuthorizer.
>>>>>>>>>> Now it is changing and we would like to recover that
>>>>>>>>>> keyspace
>>>>>>>>>> (re-
>>>>>>>>>> create it from scratch).
>>>>>>>>>> 
>>>>>>>>>> Unfortunately, Cassandra isn’t able to populate
the
>>>>>>>>>> tables,
>>>>>>>>>> they
>>>>>>>>>> just
>>>>>>>>>> stay empty…
>>>>>>>>>> I tried removing the system_auth folder from data
but
>>>>>>>>>> the
>>>>>>>>>> keyspace
>>>>>>>>>> isn’t removed.
>>>>>>>>>> 
>>>>>>>>>> Do you know a procedure that can be used to re-
>>>>>>>>>> generate that
>>>>>>>>>> keyspace
>>>>>>>>>> without reinstalling Cassandra from scratch ?
>>>>>>>>>> 
>>>>>>>>>> Thanks for your help :-)
>>>>>>>>>> 
>>>>>>>>>> Thomas
>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>> --------
>>>>>>>>>> ----
>>>>>>>>>> ------
>>>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.ap
>>>>>>>>>> ache.org
>>>>>>>>>> For additional commands, e-mail: user-help@cassandra.
>>>>>>>>>> apache.o
>>>>>>>>>> rg
>>>>>>>>>> 
>>>>>>>>> -----------------------------------------------------
>>>>>>>>> --------
>>>>>>>>> ----
>>>>>>>>> ----
>>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apac
>>>>>>>>> he.org
>>>>>>>>> For additional commands, e-mail: user-help@cassandra.ap
>>>>>>>>> ache.org
>>>>>>>> -------------------------------------------------------
>>>>>>>> --------
>>>>>>>> ------
>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache
>>>>>>>> .org
>>>>>>>> For additional commands, e-mail: user-help@cassandra.apac
>>>>>>>> he.org
>>>>>>>> 
>>>>>>> ---------------------------------------------------------
>>>>>>> --------
>>>>>>> ----
>>>>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.o
>>>>>>> rg
>>>>>>> For additional commands, e-mail: user-help@cassandra.apache
>>>>>>> .org
>>>>> -------------------------------------------------------------
>>>>> --------
>>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
>>>>> For additional commands, e-mail: user-help@cassandra.apache.org
>>>> ---------------------------------------------------------------
>>>> ------
>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
>>>> For additional commands, e-mail: user-help@cassandra.apache.org
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: user-help@cassandra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
For additional commands, e-mail: user-help@cassandra.apache.org


Mime
View raw message