啟用一次Cassandra身份驗證和授權檢查並永久緩存
[英]Enable one time Cassandra Authentication and Authorization check and cache it forever
問題描述
我在單節點Cassandra設置中使用了身份驗證和授權,但是在Cassandra服務器日志中經常出現以下錯誤,
ERROR [SharedPool-Worker-71] 2018-06-01 10:40:36,661 ErrorMessage.java:338 - Unexpected exception during request
java.lang.RuntimeException: org.apache.cassandra.exceptions.ReadTimeoutException: Operation timed out - received only 1 responses.
at org.apache.cassandra.auth.CassandraRoleManager.getRole(CassandraRoleManager.java:489) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.CassandraRoleManager.getRoles(CassandraRoleManager.java:269) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.RolesCache.getRoles(RolesCache.java:66) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.Roles.hasSuperuserStatus(Roles.java:51) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.AuthenticatedUser.isSuper(AuthenticatedUser.java:71) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.CassandraAuthorizer.authorize(CassandraAuthorizer.java:76) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.PermissionsCache.getPermissions(PermissionsCache.java:68) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.AuthenticatedUser.getPermissions(AuthenticatedUser.java:104) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ClientState.authorize(ClientState.java:412) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ClientState.checkPermissionOnResourceChain(ClientState.java:345) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ClientState.ensureHasPermission(ClientState.java:322) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ClientState.hasAccess(ClientState.java:309) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ClientState.hasColumnFamilyAccess(ClientState.java:293) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.statements.SelectStatement.checkAccess(SelectStatement.java:198) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.QueryProcessor.processStatement(QueryProcessor.java:203) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.QueryProcessor.processPrepared(QueryProcessor.java:487) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.QueryProcessor.processPrepared(QueryProcessor.java:464) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.transport.messages.ExecuteMessage.execute(ExecuteMessage.java:130) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.transport.Message$Dispatcher.channelRead0(Message.java:507) [apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.transport.Message$Dispatcher.channelRead0(Message.java:401) [apache-cassandra-3.0.8.jar:3.0.8]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105) [netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) [netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.AbstractChannelHandlerContext.access$700(AbstractChannelHandlerContext.java:32) [netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.AbstractChannelHandlerContext$8.run(AbstractChannelHandlerContext.java:324) [netty-all-4.0.23.Final.jar:4.0.23.Final]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_91]
at org.apache.cassandra.concurrent.AbstractLocalAwareExecutorService$FutureTask.run(AbstractLocalAwareExecutorService.java:164) [apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.concurrent.SEPWorker.run(SEPWorker.java:105) [apache-cassandra-3.0.8.jar:3.0.8]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: org.apache.cassandra.exceptions.ReadTimeoutException: Operation timed out - received only 1 responses.
at org.apache.cassandra.service.ReadCallback.awaitResults(ReadCallback.java:132) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.ReadCallback.get(ReadCallback.java:137) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.AbstractReadExecutor.get(AbstractReadExecutor.java:145) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.StorageProxy$SinglePartitionReadLifecycle.awaitResultsAndRetryOnDigestMismatch(StorageProxy.java:1715) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.StorageProxy.fetchRows(StorageProxy.java:1664) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.StorageProxy.readRegular(StorageProxy.java:1605) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.service.StorageProxy.read(StorageProxy.java:1524) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.db.SinglePartitionReadCommand$Group.execute(SinglePartitionReadCommand.java:954) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.statements.SelectStatement.execute(SelectStatement.java:263) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.cql3.statements.SelectStatement.execute(SelectStatement.java:224) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.CassandraRoleManager.getRoleFromTable(CassandraRoleManager.java:497) ~[apache-cassandra-3.0.8.jar:3.0.8]
at org.apache.cassandra.auth.CassandraRoleManager.getRole(CassandraRoleManager.java:485) ~[apache-cassandra-3.0.8.jar:3.0.8]
... 27 common frames omitted
因此,考慮到這一點,我嘗試根據URL中觀察到的以下設置啟用一次Cassandra身份驗證和授權檢查並將其永久緩存 ,
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
role_manager: CassandraRoleManager
roles_validity_in_ms: 0
permissions_validity_in_ms: 0
但是我仍然經常在服務器日志中看到以上錯誤,是否還需要添加此配置: credentials_validity_in_ms: 0有效性_ credentials_validity_in_ms: 0還是我丟失了某些內容?
1 個解決方案
解決方案1
2 已采納 2018-06-01 13:15:48
此消息實際上表明您的設置有問題-機器超載或類似錯誤。
建議不要完全禁用這些設置(更改密碼或更改角色將需要重新啟動節點),而建議執行以下操作:
- 將
roles_validity_in_ms,permissions_validity_in_ms和credentials_validity_in_msroles_validity_in_ms設置為相當高的值,例如month; - 配置
roles_update_interval_in_ms,credentials_update_interval_in_ms&permissions_update_interval_in_ms一些值,像一分鍾
如果您有大量的用戶和表,那么調整permissions_cache_max_entries也很有意義。
如何在Kubernetes部署文件中啟用Cassandra密碼身份驗證
[英]How to enable Cassandra Password Authentication in Kubernetes deployment file
如何檢查是否在Cassandra中從上次修改值(UPDATE -INSERT)
[英]how to check if a value is modified from the last time (UPDATE -INSERT) in Cassandra
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.