[
https://issues.apache.org/jira/browse/CASSANDRA-14063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kurt Greaves updated CASSANDRA-14063:
-------------------------------------
Status: Awaiting Feedback (was: Open)
> Cassandra will start listening for clients without initialising system_auth
> after a failed bootstrap
> ----------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-14063
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14063
> Project: Cassandra
> Issue Type: Bug
> Components: Auth
> Reporter: Vincent White
> Assignee: Vincent White
> Priority: Minor
>
> This issue is closely related to CASSANDRA-11381. In this case, when a node
> joining the ring fails to complete the bootstrapping process with a streaming
> failure it will still always call
> org.apache.cassandra.service.CassandraDaemon#start and begin listening for
> client connections. If no authentication is configured clients are able to
> connect to the node and query the cluster much like write survey mode. But if
> authentication is enabled then it will cause an NPE because
> org.apache.cassandra.service.StorageService#doAuthSetup is only called after
> successfully completing the bootstrapping process. With the changes made in
> CASSANDRA-11381 we could now simply call doAuthSetup earlier since we don't
> have to worry about calling it multiple times but reading some of the
> concerns related to third party authentication classes, and now that
> "Incremental Bootstrapping" as described in CASSANDRA-8494 and
> CASSANDRA-8943, don't appear to be nearing implementation any time soon I
> would probably prefer that bootstrapping nodes simply didn't start listening
> for clients following a failed bootstrapping attempt.
> I've attached a quick and naive patch that demonstrates my desired behaviour.
> I ended up creating a new variable for this for clarity but I also had a bit
> of trouble finding already existing information that wasn't tied up in more
> complicated or transient processes that I could use to determine this
> particular state. I believe
> org.apache.cassandra.service.StorageService#isAuthSetupComplete would also
> work in this case so we could tie it to that instead. If someone has
> something simpler or knows the correct place I should be querying for this
> state from, I welcome all feedback.
> This [patch|https://github.com/vincewhite/cassandra/commits/system_auth_npe]
> also doesn't really address enabling/disabling thrift/binary via nodetool
> once the node is running. I wasn't sure if we should disallow it completely
> or include a force flag.
> Cheers
> -Vince
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
