0

All -

When building a Cassandra DB 5.0.4 single node database instance on a VM with RHEL9, I am unable to log in once I enable authentication/authorization. With authentication/authorization disabled, I am unable to add an additional superuser role or any role at all. Despited several adjustments, no error messages have appeared in the log files. I'm rather stumped and would appreciate help and recommendations.

My expectations is that I'm missing or failing to understand something from the docs, but I can't see what it is at this point. Given I haven't seen anybody else reporting it.

Once variables are set up, if I start with authentication/authorization enabled, it fails to log me in with the default cassandra:cassandra combination and the message: "AuthenticationFailed('Remote end requires authentication')"

If I start with authentication off, cqlsh let's me in, but when I try to change cassandra's password it fails and adding an additional super user fails with: "Only superusers can create a role with superuser status"

I have tried starting with authentication off, running "ALTER KEYSPACE system_auth WITH replication = { 'class': 'NetworkTopologyStrategy', 'DC1': 1 };", enabling authentication/authorization, and restarting. This results in the same AuthenticationFailed message.

This is being done via Chef, so each try is on a clean node.

On a fresh install "SELECT * from system_auth.roles;" gives me:

role can_login is_superuser member_of salted_hash
cassandra True True null $2a$10$inuELV6CK.WVoZi8NOQJFOzbZHFz0mRMLPa9hKiLktT68RBl2xKNW

nodetool responds correctly with UN.

In addition, I have:

  • confirmed my quotes were correct, not 'smart quotes'
  • Tried actions with both Network and Simple topologies
  • Tried adding an additional superuser.
  • Downloaded a fresh 5.0.4 and compared checksums - they match.

Outline of the current process.

  1. Install OpenJDK from tar bundle.
  2. Install Cassandra from tar bundle.
  3. Confirm directories/permissions.
  4. Configure, but do not start, Cassandra service.
  5. Configure Cassandra
    1. deploy updated conf/cassandra-env.sh
      1. jmx port, ssl = false, authenticate = false, host = IP.
      2. java performance settings (min/max, dumps, etc.)
    2. deploy updated conf/logback.xml
      1. enabled info logging for org.cisecurity.workbench
    3. backup default cassandra.yaml (will be removed for final cookbook)
    4. deploy conf/cassadra-rackdc.properties
      1. set dc name
      2. set rack name (default)
    5. deploy cassandra.yaml
      1. modified listen address (server IP)
      2. modified rpc address (server IP)
      3. data file directory location
      4. commit log directory location
      5. saved transactions directory location
      6. cluster name
      7. authenticator - AllowAllAuthenticator
      8. authorizer - AllowAllAuthorizer
      9. role manager - CassandraRoleManager
    6. Start Cassandra
    7. Execute sql to update system_auth keyspace to NetworkTopologyStrategy and dc:1 (1 for single node)
    8. (disabled) deploy updated cassandra.yaml
      1. authenticator - PasswordAuthenticator
      2. authorizer - CassandraAuthorizer
Improve this question

1 Answer 1

Reset to default
1

Issue resolved. The actual issue was not in the Cassandra configuration directly. The cqlshrc file in use was incorrect. Updating it to the correct format and content resolved the issue.

The information I based it on did not identify it as to the version and it was not correct for version 5.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.