Node running with join_ring=false and authentication can not serve requests
patch by Mick Semb Wever; reviewed by Joel Knighton for CASSANDRA-11381 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/f49579df Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/f49579df Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/f49579df Branch: refs/heads/cassandra-3.11 Commit: f49579df38121f88107531307437b447a7438cda Parents: 5807eca Author: mck <m...@apache.org> Authored: Fri Mar 18 14:22:32 2016 +1100 Committer: mck <m...@thelastpickle.com> Committed: Tue Jun 13 13:57:17 2017 +1000 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../apache/cassandra/auth/CassandraRoleManager.java | 4 ++++ .../apache/cassandra/service/StorageService.java | 16 +++++++++++----- 3 files changed, 16 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/f49579df/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index d00ddcb..56890c9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.10 + * Nodes started with join_ring=False should be able to serve requests when authentication is enabled (CASSANDRA-11381) * cqlsh COPY FROM: increment error count only for failures, not for attempts (CASSANDRA-13209) * nodetool upgradesstables should upgrade system tables (CASSANDRA-13119) * Avoid starting gossiper in RemoveTest (CASSANDRA-13407) http://git-wip-us.apache.org/repos/asf/cassandra/blob/f49579df/src/java/org/apache/cassandra/auth/CassandraRoleManager.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/CassandraRoleManager.java b/src/java/org/apache/cassandra/auth/CassandraRoleManager.java index 87aca21..bfd0483 100644 --- a/src/java/org/apache/cassandra/auth/CassandraRoleManager.java +++ b/src/java/org/apache/cassandra/auth/CassandraRoleManager.java @@ -40,6 +40,7 @@ import org.apache.cassandra.db.marshal.UTF8Type; import org.apache.cassandra.exceptions.*; import org.apache.cassandra.net.MessagingService; import org.apache.cassandra.service.QueryState; +import org.apache.cassandra.service.StorageService; import org.apache.cassandra.transport.messages.ResultMessage; import org.apache.cassandra.utils.ByteBufferUtil; import org.mindrot.jbcrypt.BCrypt; @@ -344,6 +345,9 @@ public class CassandraRoleManager implements IRoleManager */ private static void setupDefaultRole() { + if (StorageService.instance.getTokenMetadata().sortedTokens().isEmpty()) + throw new IllegalStateException("CassandraRoleManager skipped default role setup: no known tokens in ring"); + try { if (!hasExistingRoles()) http://git-wip-us.apache.org/repos/asf/cassandra/blob/f49579df/src/java/org/apache/cassandra/service/StorageService.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/StorageService.java b/src/java/org/apache/cassandra/service/StorageService.java index 65f536b..9d2d7bb 100644 --- a/src/java/org/apache/cassandra/service/StorageService.java +++ b/src/java/org/apache/cassandra/service/StorageService.java @@ -191,6 +191,8 @@ public class StorageService extends NotificationBroadcasterSupport implements IE private final StreamStateStore streamStateStore = new StreamStateStore(); + private final AtomicBoolean doneAuthSetup = new AtomicBoolean(false); + /** This method updates the local token on disk */ public void setTokens(Collection<Token> tokens) { @@ -657,6 +659,7 @@ public class StorageService extends NotificationBroadcasterSupport implements IE states.add(Pair.create(ApplicationState.STATUS, valueFactory.hibernate(true))); Gossiper.instance.addLocalApplicationStates(states); } + doAuthSetup(); logger.info("Not joining ring as requested. Use JMX (StorageService->joinRing()) to initiate ring joining"); } } @@ -974,12 +977,15 @@ public class StorageService extends NotificationBroadcasterSupport implements IE private void doAuthSetup() { - maybeAddOrUpdateKeyspace(AuthKeyspace.definition()); + if (!doneAuthSetup.getAndSet(true)) + { + maybeAddOrUpdateKeyspace(AuthKeyspace.definition()); - DatabaseDescriptor.getRoleManager().setup(); - DatabaseDescriptor.getAuthenticator().setup(); - DatabaseDescriptor.getAuthorizer().setup(); - MigrationManager.instance.register(new AuthMigrationListener()); + DatabaseDescriptor.getRoleManager().setup(); + DatabaseDescriptor.getAuthenticator().setup(); + DatabaseDescriptor.getAuthorizer().setup(); + MigrationManager.instance.register(new AuthMigrationListener()); + } } private void maybeAddKeyspace(KSMetaData ksm) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
