Enable Cassandra PasswordAuthenticator at up time -
i have cassandra cluster (datastax open source) , there no authentication configured (i.e., using allowallauthenticator), , want utilize passwordauthenticator. official document says should follow these steps:
enable passwordauthenticator in cassandra.yaml,
restart cassandra node, create system_auth keyspace,
change system_auth replication factor,
create new user , password
however, big problem me because cluster used in production cannot have downtime. between step 2 , 4 no user has been configured yet, if client supplies username , password, request still rejected, not ideal.
i looked datastax enterprise doc, , has transitionalauthenticator class, create system_auth keyspace without rejecting requests. wonder if class can ported open source version? or if there other ways around problem? thanks
update cassandra version i'm using:
cqlsh 4.1.1 | cassandra 2.0.9 | cql spec 3.1.1 | thrift protocol 19.39.0
you should able execute steps 2-4 1 node , have 0 downtime, assuming proper client configuration, replication, , cluster capacity. then, it's rolling restart of remaining nodes.
clients should setup credentials ahead of time, , start using them nodes nodes authorizers come online (this behavior depend on driver -- seek out first).
you might able manually generate schema , info steps 3-4 before engaging cassandraauthenticator, shouldn't necessary.
what concerns downtime?
cassandra cassandra-2.0 datastax-enterprise datastax cassandra-cli
No comments:
Post a Comment