Hi, Just a feedback from my scenario, it all went well, no downtime. In my case, I had authentication enabled from the beginning, just needed to change the authorizer.
Felipe Esteves Tecnologia felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com> Tel.: (21) 3504-7162 ramal 57162 Skype: felipe2esteves 2016-06-08 9:05 GMT-03:00 <sean_r_dur...@homedepot.com>: > Which Cassandra version? Most of my authentication-from-non-authentication > experience is from Cassandra 1.1 – 2.0. After that, I just enable from the > beginning. > > > > Sean Durity – Lead Cassandra Admin > > Big DATA Team > > MTC 2250 > > For support, create a JIRA > <https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf> > > > > *From:* Jai Bheemsen Rao Dhanwada [mailto:jaibheem...@gmail.com] > *Sent:* Tuesday, June 07, 2016 8:31 PM > *To:* user@cassandra.apache.org > *Subject:* Re: Change authorization from AllowAllAuthorizer to > CassandraAuthorizer > > > > Hello Sean, > > > Recently I tried to enable Authentication on a existing cluster, I have > see the below behaviour. (Clients already have the credentials and 3 node > C* cluster) > > > > cluster 1 - Enabled Authentication on node1 by adding iptable rules (so > that client will not communicate to this node) and I was able to connect to > cql with default user and create the required users. > > > > cluster 2- Enabled Authentication on node1 by adding iptable rules but the > default user was not created and below are the logs. > > > > WARN [NonPeriodicTasks:1] 2016-06-07 20:59:17,898 > PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user > setup: some nodes were not ready > > WARN [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 - Skipped > default superuser setup: some nodes were not ready > > > > Any idea why the behaviour is not consistent across the two clusters? > > > > P.S: In both the cases the *system_auth *keyspace was created when the > first node was updated. > > > > On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves < > felipe.este...@b2wdigital.com> wrote: > > Thank you, Sean! > > > *Felipe Esteves* > > Tecnologia > > felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com> > > Tel.: (21) 3504-7162 ramal 57162 > > Skype: felipe2esteves > > > > 2016-06-07 14:20 GMT-03:00 <sean_r_dur...@homedepot.com>: > > I answered a similar question here: > > https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y > > > > > > Sean Durity – Lead Cassandra Admin > > > > *From:* Felipe Esteves [mailto:felipe.este...@b2wdigital.com] > *Sent:* Tuesday, June 07, 2016 12:07 PM > *To:* user@cassandra.apache.org > *Subject:* Change authorization from AllowAllAuthorizer to > CassandraAuthorizer > > > > Hi guys, > > > > I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer > and have to change it, so I can implement permissions in different users. > > As I've checked in the docs, seems like a simple change, > from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml. > > However, I'm a litte concerned about the performance of the cluster while > I'm restarting all the nodes. Is it possible to have any downtime (access > errors, maybe), as all the data was created with AllowAllAuthorizer? > > -- > > *Felipe Esteves* > > Tecnologia > > felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com> > > Tel.: (21) 3504-7162 ramal 57162 > > > > > ------------------------------ > > > The information in this Internet Email is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this Email > by anyone else is unauthorized. If you are not the intended recipient, any > disclosure, copying, distribution or any action taken or omitted to be > taken in reliance on it, is prohibited and may be unlawful. When addressed > to our clients any opinions or advice contained in this Email are subject > to the terms and conditions expressed in any applicable governing The Home > Depot terms of business or client engagement letter. The Home Depot > disclaims all responsibility and liability for the accuracy and content of > this attachment and for any damages or losses arising from any > inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other > items of a destructive nature, which may be contained in this attachment > and shall not be liable for direct, indirect, consequential or special > damages in connection with this e-mail message or its attachment. > > > > > > > > ------------------------------ > > The information in this Internet Email is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this Email > by anyone else is unauthorized. If you are not the intended recipient, any > disclosure, copying, distribution or any action taken or omitted to be > taken in reliance on it, is prohibited and may be unlawful. When addressed > to our clients any opinions or advice contained in this Email are subject > to the terms and conditions expressed in any applicable governing The Home > Depot terms of business or client engagement letter. The Home Depot > disclaims all responsibility and liability for the accuracy and content of > this attachment and for any damages or losses arising from any > inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other > items of a destructive nature, which may be contained in this attachment > and shall not be liable for direct, indirect, consequential or special > damages in connection with this e-mail message or its attachment. > --
