cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Lété <thomas.l...@soprism.com>
Subject Re: System auth empty, how to populate it
Date Tue, 17 Jul 2018 12:23:05 GMT
Hi,

Thanks I tried that, made a node tool repair system_auth and I get a new error now :

Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Failed
to authenticate to 127.0.0.1: Error from server: code=0100 [Bad credentials] message="Provided
username cassandra and/or password are incorrect"',)})

Maybe it requires other records in the other tables ?

Thanks...

> Le 17 juil. 2018 à 12:00, Horia Mocioi <horia.mocioi@ericsson.com> a écrit :
> 
> Try executing in cqlsh:
> 
> insert into system_auth.roles (role , can_login , is_superuser ,
> salted_hash ) VALUES ( 'cassandra', True, True,
> '$2a$10$qQIh9pXDu0JNA7vQd7KRcO7VXryjbTu8XBQTC.tXcTpJHliH6S1aW');
> 
> The above hash encrypted value is for the default password cassandra
> 
> After doing this you should enable PasswordAuthenticator and restart
> your node. Then try to authenticate in cqlsh.
> 
> I tested this on ccm with cassandra 3.11.2. You should try it also on
> your test systems and not trust a random guy on the web.
> 
> Horia
> 
> On tis, 2018-07-17 at 11:40 +0200, Thomas Lété wrote:
>> Hi Horia,
>> 
>> Thanks for your reply :-)
>> As the keyspace was corrupt, Cassandra didn’t boot… So as we were in
>> a hurry and not needed that keyspace, we dropped the files and put
>> AllowAllAuthorizer.
>> 
>> Now even the roles table is empty.
>> 
>> When I enable PasswordAuthenticator, I’m not able to authenticate,
>> cassandra user doesn’t exist…
>> 
>> Is there a way to insert the default user in the roles table ?
>> 
>> Yes the folder were recreated but without any data in the tables.
>> I didn’t see any error in the logs.
>> 
>> 
>>> 
>>> Le 17 juil. 2018 à 11:26, Horia Mocioi <horia.mocioi@ericsson.com>
>>> a écrit :
>>> 
>>> Hello,
>>> 
>>> Those tables are empty by default, except system_auth.roles table
>>> which
>>> contains one entry(by default): the cassandra user/role.
>>> CassandraRoleManager creates it on startup if it does not exist.
>>> 
>>> Those tables will be populated once you start adding new
>>> users/roles
>>> and use authorization.
>>> 
>>> What do you mean by "I tried removing the system_auth folder from
>>> data
>>> but the keyspace isn’t removed. "? Is the folder deleted? Did you
>>> restart and the folder was recreated or not? Did you get errors
>>> when it
>>> restarted and Cassandra tried to recreate the system_auth keyspace?
>>> 
>>> Regards,
>>> Horia
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On tis, 2018-07-17 at 10:02 +0200, Thomas Lété wrote:
>>>> 
>>>> Hi everyone,
>>>> 
>>>> Due to a crash, we lost the system_auth keyspace. It was not
>>>> important at that time because this was a closed system, not
>>>> communicating outside the structure so we used
>>>> AllowAllAuthorizer.
>>>> Now it is changing and we would like to recover that keyspace
>>>> (re-
>>>> create it from scratch).
>>>> 
>>>> Unfortunately, Cassandra isn’t able to populate the tables, they
>>>> just
>>>> stay empty…
>>>> I tried removing the system_auth folder from data but the
>>>> keyspace
>>>> isn’t removed.
>>>> 
>>>> Do you know a procedure that can be used to re-generate that
>>>> keyspace
>>>> without reinstalling Cassandra from scratch ?
>>>> 
>>>> Thanks for your help :-)
>>>> 
>>>> Thomas
>>>> ---------------------------------------------------------------
>>>> ------
>>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
>>>> For additional commands, e-mail: user-help@cassandra.apache.org
>>>> 
>>> -----------------------------------------------------------------
>>> ----
>>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
>>> For additional commands, e-mail: user-help@cassandra.apache.org
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
>> For additional commands, e-mail: user-help@cassandra.apache.org
>> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: user-help@cassandra.apache.org


Mime
View raw message