Unfortunately, I’m not a java dev so I’m not able to create an authenticator…
I don’t like to do that usually but I share with you a gist of the config, it was generated by OpsCenter when it was free, I just updated it for Cassandra >= 3… Maybe you will see something : https://gist.github.com/bistory/ececc0bef7627f39a21e4e8f0c8d841c > Le 18 juil. 2018 à 00:28, Horia Mocioi <horia.moc...@ericsson.com> a écrit : > > Cassandra allows to use custom authenticators so I would create a > CustomPasswordAuthenticator. This would be a copy of the existing > PasswordAuthenticator. I would add several debugging info like: provided > username and password, the output of the checkpw function, what cql statement > is executed etc (any other info that would help me to understand what is > being executed in the authenticator). > From: Thomas Lété <thomas.l...@soprism.com> > Sent: Tuesday, July 17, 2018 5:24:39 PM > To: user@cassandra.apache.org > Subject: Re: System auth empty, how to populate it > > Thanks for your reply, > > - I have not defined role_manager in the config > - I dropped the users table, it was present in the keyspace > - Cassandra then created a record in the roles table, yay ! > > But when I do clash -u cassandra -p cassandra > > => Invalid credentials supplied. > Authentication error on host xxxxxx: Provided username cassandra and/or > password are incorrect > > I already repaired system_auth a few times, nothing help... > >> Le 17 juil. 2018 à 16:47, Sam Tunnicliffe <s...@beobal.com >> <mailto:s...@beobal.com>> a écrit : >> >> The default superuser is only created at startup if 3 conditions are met: >> >> i) The default role manager is configured. In cassandra.yaml, you should see >> "role_manager: CassandraRoleManager". This is also the default value, so >> unless you're explicitly using a custom role manager it should be good. >> ii) The system_auth.users table (legacy, pre-2.2) should not be present. >> Present means present in the schema, not on disk. Unlike most system tables, >> this table is droppable (in fact this is a necessary step in upgrading from >> earlier versions). >> iii) There should be no preexisting roles present in the system_auth.roles >> table. This is verified with a regular query, so you must either use CQL to >> delete existing roles, or remove the data directories and commit logs on >> *all* nodes. >> >> Even if these three conditions are met, but the default user isn't being >> created the manual insert that Horia suggested should work. If >> system_auth.roles table exists and you are able to perform the insert, I'm >> very surprised when you say it's empty after you issue the insert. If you >> check again and it turns out the manual insert is working as expected, you >> need to make sure that the legacy tables have been dropped from schema >> (assuming you upgraded from a pre-3.0 version at some point). If the legacy >> tables are still present, the authenticator will continue to read from them >> and so would be ignoring the new entry in the roles table. (see: >> https://github.com/apache/cassandra/blob/cassandra-3.11.2/NEWS.txt#L619-L640 >> <https://github.com/apache/cassandra/blob/cassandra-3.11.2/NEWS.txt#L619-L640>) >> >> >> >> On 17 July 2018 at 15:18, Thomas Lété <thomas.l...@soprism.com >> <mailto:thomas.l...@soprism.com>> wrote: >> Yes I did that multiple time, always following the same procedure : stop >> Cassandra, on all nodes, remove data, update config then restart nodes one >> by one… >> >> I really don’t understand when I could have done wrong... >> >> > Le 17 juil. 2018 à 16:15, Simon Fontana Oscarsson >> > <simon.fontana.oscars...@ericsson.com >> > <mailto:simon.fontana.oscars...@ericsson.com>> a écrit : >> > >> > This is very strange behavior if Cassandra won't recreate the cassandra >> > user when you delete the folder. >> > So just to make sure, you are stopping Cassandra on all nodes and deleting >> > the data directory? >> > >> > -- >> > SIMON FONTANA OSCARSSON >> > Software Developer >> > >> > Ericsson >> > Ölandsgatan 1 >> > 37133 Karlskrona, Sweden >> > simon.fontana.oscars...@ericsson.com >> > <mailto:simon.fontana.oscars...@ericsson.com> >> > www.ericsson.com <http://www.ericsson.com/> >> > >> > On tis, 2018-07-17 at 16:01 +0200, Thomas Lété wrote: >> >> It’s empty... >> >> >> >>> >> >>> Le 17 juil. 2018 à 15:59, Horia Mocioi <horia.moc...@ericsson.com >> >>> <mailto:horia.moc...@ericsson.com>> a écrit : >> >>> >> >>> Could you also send the output of "select * from system_auth.roles"? >> >>> (you will need to change authenticator to AllowAllAuthenticator and >> >>> authorizer to AllowAllAuthorizer) >> >>> >> >>> On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote: >> >>>> >> >>>> Ok I tried that, nothing better (I already tried dropping the entire >> >>>> system_auth folder that way, same result) >> >>>> >> >>>> When I open the log, I found nothing about « Password » and when I >> >>>> search for « roles », I only find that : >> >>>> >> >>>> DEBUG [main] 2018-07-17 15:37:39,420 >> >>>> CompactionStrategyManager.java:380 - Recreating compaction strategy - >> >>>> disk boundaries are out of date for system_auth.roles. >> >>>> DEBUG [main] 2018-07-17 15:37:39,420 DiskBoundaryManager.java:53 - >> >>>> Refreshing disk boundary cache for system_auth.roles >> >>>> DEBUG [main] 2018-07-17 15:37:39,422 DiskBoundaryManager.java:56 - >> >>>> Updating boundaries from >> >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da >> >>>> ta}], positions=[max(9223372036854775807)], ringVersion=3, >> >>>> directoriesVersion=0} to >> >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da >> >>>> ta}], positions=[max(9223372036854775807)], ringVersion=16, >> >>>> directoriesVersion=0} for system_auth.roles >> >>>> >> >>>> The configuration I use for Auth is the following : >> >>>> >> >>>> authorizer: CassandraAuthorizer >> >>>> permissions_validity_in_ms: 2000 >> >>>> permissions_update_interval_in_ms: 2000 >> >>>> authenticator: PasswordAuthenticator >> >>>> credentials_validity_in_ms: 2000 >> >>>> credentials_update_interval_in_ms: 2000 >> >>>> >> >>>>> >> >>>>> Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson <simon.fontana.os >> >>>>> cars...@ericsson.com <mailto:cars...@ericsson.com>> a écrit : >> >>>>> >> >>>>> Could you try the following steps? >> >>>>> >> >>>>> Stop Cassandra. >> >>>>> Change authenticator in yaml to PasswordAuthenticator if not >> >>>>> already done. >> >>>>> Remove data directory with `rm -rf data/system_auth/roles-*` >> >>>>> Start Cassandra. >> >>>>> Login with `cqlsh -u cassandra -p cassandra` >> >>>>> >> >>>>> Works for me. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org >> <mailto:user-unsubscr...@cassandra.apache.org> >> For additional commands, e-mail: user-h...@cassandra.apache.org >> <mailto:user-h...@cassandra.apache.org>
