堆栈内存溢出
  简体   繁体   English

在启动时间启用Cassandra PasswordAuthenticator

[英]Enable Cassandra PasswordAuthenticator at up time

 原文  2014-10-21 16:00:02       cassandra/ cassandra-2.0/ datastax-enterprise/ datastax/ cassandra-cli

问题描述

I have a Cassandra cluster (Datastax open source) and currently there is no authentication configured (ie, it is using AllowAllAuthenticator), and I want to use PasswordAuthenticator. 我有一个Cassandra集群(Datastax开源),当前没有配置身份验证(即它正在使用AllowAllAuthenticator),并且我想使用PasswordAuthenticator。 The official document says that I should follow these steps: 官方文件说我应该遵循以下步骤:

  1. enable PasswordAuthenticator in cassandra.yaml, 在cassandra.yaml中启用PasswordAuthenticator,

  2. restart the Cassandra node, which will create the system_auth keyspace, 重新启动Cassandra节点,这将创建system_auth密钥空间,

  3. change the system_auth replication factor, 更改system_auth复制因子,

  4. create new user and password 创建新的用户名和密码

However, this is a big problem to me because the cluster is used in production so we cannot have any downtime. 但是,这对我来说是个大问题,因为该集群用于生产中,因此我们不会有任何停机时间。 Between step 2 and 4 no user has been configured yet, so even if the client supplies username and password, the request would still be rejected, which is not ideal. 在第2步和第4步之间,尚未配置任何用户,因此即使客户端提供了用户名和密码,该请求仍将被拒绝,这是不理想的。

I looked into the Datastax Enterprise doc , and it has a TransitionalAuthenticator class, which would create the system_auth keyspace but without rejecting requests. 我查看了Datastax Enterprise文档 ,它具有TransitionalAuthenticator类,该类将创建system_auth密钥空间,但不会拒绝请求。 I wonder if this class can be ported to the open source version? 我想知道是否可以将此类移植到开源版本吗? Or if there are other ways around this problem? 还是有其他解决此问题的方法? Thanks 谢谢

Update This is the Cassandra version I'm using: 更新这是我正在使用的Cassandra版本: 

cqlsh 4.1.1 | Cassandra 2.0.9 | CQL spec 3.1.1 | Thrift protocol 19.39.0

1 个解决方案

解决方案1
 1 已采纳  2014-10-22 16:58:28

You should be able to execute steps 2-4 with just one node and have zero downtime, assuming proper client configuration, replication, and cluster capacity. 假设正确的客户端配置,复制和群集容量,您应该只用一个节点就可以执行步骤2-4,停机时间为零。 Then, it's just a rolling restart of the remaining nodes. 然后,这只是其余节点的滚动重启。

Clients should be setup with credentials ahead of time, and they will start using them as nodes as nodes with authorizers come online (this behavior could depend on driver -- try it out first). 客户端应提前设置凭据,并且随着具有授权者的节点联机,它们将开始将其用作节点(此行为可能取决于驱动程序-请首先试用)。

You might be able to manually generate the schema and data for steps 3-4 before engaging the CassandraAuthenticator, but that shouldn't be necessary. 在使用CassandraAuthenticator之前,您也许可以为步骤3-4手动生成模式和数据,但这不是必须的。

What are your concerns about downtime? 您对停机时间有何担忧?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Cassandra PasswordAuthenticator 导致超时 - Cassandra PasswordAuthenticator causing timeout 访问在 Java 中使用“PasswordAuthenticator”的 Cassandra 数据库 - Accesing Cassandra Database which uses 'PasswordAuthenticator' in Java Cassandra连接超时,由PasswordAuthenticator引起 - Cassandra connection timed out causing by PasswordAuthenticator 使用hector PasswordAuthenticator问题连接到cassandra - connecting to cassandra using hector PasswordAuthenticator issue 在Cassandra.yaml中设置身份验证器:PasswordAuthenticator之后,Cassandra CQL Shell无法运行 - After setting authenticator: PasswordAuthenticator in Cassandra.yaml, Cassandra CQL Shell does not run Cassandra 2.0群集的PasswordAuthenticator无法初始化默认用户:“某些节点尚未准备就绪” - Cassandra 2.0 cluster's PasswordAuthenticator fails to init default user: “some nodes were not ready” 启用一次Cassandra身份验证和授权检查并永久缓存 - Enable one time Cassandra Authentication and Authorization check and cache it forever Cassandra客户端端口启用 - Cassandra client port enable 在Cassandra Docker中启用Thrift - Enable Thrift in Cassandra Docker 在Cassandra上如何启用LDAP身份验证 - On Cassandra how to enable LDAP authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM