Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CA8071125C for ; Sat, 5 Apr 2014 06:32:27 +0000 (UTC) Received: (qmail 15396 invoked by uid 500); 5 Apr 2014 06:32:25 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 15362 invoked by uid 500); 5 Apr 2014 06:32:24 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 15354 invoked by uid 99); 5 Apr 2014 06:32:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 05 Apr 2014 06:32:23 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of comptechgeeky@gmail.com designates 74.125.82.170 as permitted sender) Received: from [74.125.82.170] (HELO mail-we0-f170.google.com) (74.125.82.170) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 05 Apr 2014 06:32:19 +0000 Received: by mail-we0-f170.google.com with SMTP id w61so4396172wes.15 for ; Fri, 04 Apr 2014 23:31:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=i72DcceVKCBcGw3D/xOHPsGBl8U8IDSUBBeAFck77tM=; b=n0o5ni+1KIWmtzIFRUabIysN0i/+xisQnG7FbemVq6nSr/pgA8nSON7pa4xOXfe8q+ JO+LCMQULA4PtUEcaCbnbBKz8mwRMbLt8c/5kYiKwzSar1uW9kloZTeqUAkIGZr0pHVJ gWpgTZjbWB/DWXbdJkYt4QuHaN0t8I91dhAbq36JrXPOB7add7MW43zEOdkNCe0m2t7l fHRfK4PhnBfAUJY/e+EVt3ch/OLTzKdC71WgVHqMTaFqn9QmRb/Flho2EN498Xq8E9dx OcaR9tXjesMx/2+TeqrtNx/DhO3AJiYlVf6wYtXNGiJN1cTzhDQUwrHYBTZU0rrNPs4o Pw4Q== X-Received: by 10.194.185.148 with SMTP id fc20mr25635255wjc.27.1396679518424; Fri, 04 Apr 2014 23:31:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.208.200 with HTTP; Fri, 4 Apr 2014 23:31:38 -0700 (PDT) In-Reply-To: References: From: Check Peck Date: Fri, 4 Apr 2014 23:31:38 -0700 Message-ID: Subject: Re: Securing Cassandra database To: user Content-Type: multipart/alternative; boundary=047d7bdcab7c8f939704f645cae6 X-Virus-Checked: Checked by ClamAV on apache.org --047d7bdcab7c8f939704f645cae6 Content-Type: text/plain; charset=ISO-8859-1 Just to add, nobody should be able to read and write into our Cassandra database through any API *or any CQL client as well *only our team should be able to do that. On Fri, Apr 4, 2014 at 11:29 PM, Check Peck wrote: > Thanks Mark. But what about Cassandra database? I don't want anybody to > read and write into our Cassandra database through any API only just our > team should be able to do that. > > We are using CQL based tables so data doesn't get shown on the OPSCENTER. > > In our case, we would like to secure database itself. Is this possible to > do as well anyhow? > > > > > > On Fri, Apr 4, 2014 at 11:24 PM, Mark Reddy wrote: > >> Hi, >> >> If you want to just secure OpsCenter itself take a look here: >> http://www.datastax.com/documentation/opscenter/4.1/opsc/configure/opscAssigningAccessRoles_t.html >> >> >> If you want to enable internal authentication and still allow OpsCenter >> access, you can create an OpsCenter user and once you have auth turned >> within the cluster update the cluster config with the user name and >> password for the OpsCenter user. >> >> Depending on your installation type you will find the cluster config in >> one of the following locations: >> Packaged installs: /etc/opscenter/clusters/.conf >> Binary installs: /conf/clusters/.conf >> Windows installs: Program Files (x86)\DataStax >> Community\opscenter\conf\clusters\.conf >> >> Open the file and update the username and password values under the >> [cassandra] section: >> >> [cassandra] >> username = >> seed_hosts = >> api_port = >> password = >> >> After changing properties in this file, restart OpsCenter for the changes >> to take effect. >> >> >> Mark >> >> >> On Sat, Apr 5, 2014 at 6:54 AM, Check Peck wrote: >> >>> Hi All, >>> >>> We would like to secure our Cassandra database. We don't want anybody to >>> read/write on our Cassandra database leaving our team members only. >>> >>> >>> >>> We are using Cassandra 1.2.9 in Production and we have 36 node Cassandra >>> cluster. 12 in each colo as we have three datacenters. >>> >>> >>> But we would like to have OPSCENTER working as it is working currently. >>> >>> >>> >>> Is this possible to do anyhow? Is there any settings in yaml file which >>> we can enforce? >>> >>> >>> >>> >> >> > --047d7bdcab7c8f939704f645cae6 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Just to add, nobody should be able to read and write into = our Cassandra database through any API or any CQL client as well onl= y our team should be able to do that.
<= br>
On Fri, Apr 4, 2014 at 11:29 PM, Check Peck = <comptechgeeky@gmail.com> wrote:
Thanks Mark. But what about Cassandra database? = I don't want anybody to read and write into our Cassandra database thro= ugh any API only just our team should be able to do that.

We a= re using CQL based tables so data doesn't get shown on the OPSCENTER.
In our case, we would like to secure database itself. Is this pos= sible to do as well anyhow?





On Fri, Apr 4, 2014 a= t 11:24 PM, Mark Reddy <mark.reddy@boxever.com> wrote:<= br>
Hi, 

If you want to just secure OpsCenter itself take a look here: http://www.datastax.com/doc= umentation/opscenter/4.1/opsc/configure/opscAssigningAccessRoles_t.html=


If you want to enable internal authentic= ation and still allow OpsCenter access, you can create an OpsCenter user an= d once you have auth turned within the cluster update the cluster config wi= th the user name and password for the OpsCenter user.

Depending on your installation type you will find = the cluster config in one of the following locations:
Packaged in= stalls: /etc/opscenter/clusters/<cluster_specific>.conf
Binary installs: <install_location>/conf/clusters/<cluster_specifi= c>.conf
Windows installs: Program Files (x86)\DataStax Communi= ty\opscenter\conf\clusters\<cluster_specific>.conf

Open the file and update the username and password values under = the [cassandra] section:

[cassandra]
use= rname =3D 
seed_hosts =3D 
api_port =3D
password =3D 

After changing properties in this file, restart OpsCent= er for the changes to take effect.


Mark


--047d7bdcab7c8f939704f645cae6--