Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[Jai Bheemsen Rao Dhanwada]

C* version  I am using is 2.1.13

Cluster 1 - Single DC
Cluster 2 - Multi DC

On Wed, Jun 8, 2016 at 7:01 AM, Felipe Esteves <
felipe.este...@b2wdigital.com> wrote:

> Hi,
>
> Just a feedback from my scenario, it all went well, no downtime. In my
> case, I had authentication enabled from the beginning, just needed to
> change the authorizer.
>
> Felipe Esteves
>
> Tecnologia
>
> felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
> Skype: felipe2esteves
>
> 2016-06-08 9:05 GMT-03:00 <sean_r_dur...@homedepot.com>:
>
>> Which Cassandra version? Most of my
>> authentication-from-non-authentication experience is from Cassandra 1.1 –
>> 2.0. After that, I just enable from the beginning.
>>
>>
>>
>> Sean Durity – Lead Cassandra Admin
>>
>> Big DATA Team
>>
>> MTC 2250
>>
>> For support, create a JIRA
>> <https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf>
>>
>>
>>
>> *From:* Jai Bheemsen Rao Dhanwada [mailto:jaibheem...@gmail.com]
>> *Sent:* Tuesday, June 07, 2016 8:31 PM
>> *To:* user@cassandra.apache.org
>> *Subject:* Re: Change authorization from AllowAllAuthorizer to
>> CassandraAuthorizer
>>
>>
>>
>> Hello Sean,
>>
>>
>> Recently I tried to enable Authentication on a existing cluster, I have
>> see the below behaviour. (Clients already have the credentials and 3 node
>> C* cluster)
>>
>>
>>
>> cluster 1 - Enabled Authentication on node1 by adding iptable rules (so
>> that client will not communicate to this node) and I was able to connect to
>> cql with default user and create the required users.
>>
>>
>>
>> cluster 2- Enabled Authentication on node1 by adding iptable rules but
>> the default user was not created and below are the logs.
>>
>>
>>
>> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898
>> PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user
>> setup: some nodes were not ready
>>
>> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 -
>> Skipped default superuser setup: some nodes were not ready
>>
>>
>>
>> Any idea why the behaviour is not consistent across the two clusters?
>>
>>
>>
>> P.S: In both the cases the *system_auth *keyspace was created when the
>> first node was updated.
>>
>>
>>
>> On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves <
>> felipe.este...@b2wdigital.com> wrote:
>>
>> Thank you, Sean!
>>
>>
>> *Felipe Esteves*
>>
>> Tecnologia
>>
>> felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>
>>
>> Tel.: (21) 3504-7162 ramal 57162
>>
>> Skype: felipe2esteves
>>
>>
>>
>> 2016-06-07 14:20 GMT-03:00 <sean_r_dur...@homedepot.com>:
>>
>> I answered a similar question here:
>>
>> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>>
>>
>>
>>
>>
>> Sean Durity – Lead Cassandra Admin
>>
>>
>>
>> *From:* Felipe Esteves [mailto:felipe.este...@b2wdigital.com]
>> *Sent:* Tuesday, June 07, 2016 12:07 PM
>> *To:* user@cassandra.apache.org
>> *Subject:* Change authorization from AllowAllAuthorizer to
>> CassandraAuthorizer
>>
>>
>>
>> Hi guys,
>>
>>
>>
>> I have a Cassandra 2.1.8 Community cluster running with
>> AllowAllAuthorizer and have to change it, so I can implement permissions in
>> different users.
>>
>> As I've checked in the docs, seems like a simple change,
>> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>>
>> However, I'm a litte concerned about the performance of the cluster while
>> I'm restarting all the nodes. Is it possible to have any downtime (access
>> errors, maybe), as all the data was created with AllowAllAuthorizer?
>>
>> --
>>
>> *Felipe Esteves*
>>
>> Tecnologia
>>
>> felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>
>>
>> Tel.: (21) 3504-7162 ramal 57162
>>
>>
>>
>>
>> --
>>
>>
>> The information in this Internet Email is confidential and may be legally
>> privileged. It is intended solely for the addressee. Access to this Email
>> by anyone else is unauthorized. If you are not the intended recipient, any
>> disclosure, copying, distribution

Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[Felipe Esteves]

Hi,

Just a feedback from my scenario, it all went well, no downtime. In my
case, I had authentication enabled from the beginning, just needed to
change the authorizer.

Felipe Esteves

Tecnologia

felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>

Tel.: (21) 3504-7162 ramal 57162

Skype: felipe2esteves

2016-06-08 9:05 GMT-03:00 <sean_r_dur...@homedepot.com>:

> Which Cassandra version? Most of my authentication-from-non-authentication
> experience is from Cassandra 1.1 – 2.0. After that, I just enable from the
> beginning.
>
>
>
> Sean Durity – Lead Cassandra Admin
>
> Big DATA Team
>
> MTC 2250
>
> For support, create a JIRA
> <https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf>
>
>
>
> *From:* Jai Bheemsen Rao Dhanwada [mailto:jaibheem...@gmail.com]
> *Sent:* Tuesday, June 07, 2016 8:31 PM
> *To:* user@cassandra.apache.org
> *Subject:* Re: Change authorization from AllowAllAuthorizer to
> CassandraAuthorizer
>
>
>
> Hello Sean,
>
>
> Recently I tried to enable Authentication on a existing cluster, I have
> see the below behaviour. (Clients already have the credentials and 3 node
> C* cluster)
>
>
>
> cluster 1 - Enabled Authentication on node1 by adding iptable rules (so
> that client will not communicate to this node) and I was able to connect to
> cql with default user and create the required users.
>
>
>
> cluster 2- Enabled Authentication on node1 by adding iptable rules but the
> default user was not created and below are the logs.
>
>
>
> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898
> PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user
> setup: some nodes were not ready
>
> WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 - Skipped
> default superuser setup: some nodes were not ready
>
>
>
> Any idea why the behaviour is not consistent across the two clusters?
>
>
>
> P.S: In both the cases the *system_auth *keyspace was created when the
> first node was updated.
>
>
>
> On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves <
> felipe.este...@b2wdigital.com> wrote:
>
> Thank you, Sean!
>
>
> *Felipe Esteves*
>
> Tecnologia
>
> felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
> Skype: felipe2esteves
>
>
>
> 2016-06-07 14:20 GMT-03:00 <sean_r_dur...@homedepot.com>:
>
> I answered a similar question here:
>
> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>
>
>
>
>
> Sean Durity – Lead Cassandra Admin
>
>
>
> *From:* Felipe Esteves [mailto:felipe.este...@b2wdigital.com]
> *Sent:* Tuesday, June 07, 2016 12:07 PM
> *To:* user@cassandra.apache.org
> *Subject:* Change authorization from AllowAllAuthorizer to
> CassandraAuthorizer
>
>
>
> Hi guys,
>
>
>
> I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer
> and have to change it, so I can implement permissions in different users.
>
> As I've checked in the docs, seems like a simple change,
> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>
> However, I'm a litte concerned about the performance of the cluster while
> I'm restarting all the nodes. Is it possible to have any downtime (access
> errors, maybe), as all the data was created with AllowAllAuthorizer?
>
> --
>
> *Felipe Esteves*
>
> Tecnologia
>
> felipe.este...@b2wdigital.com <seu.em...@b2wdigital.com>
>
> Tel.: (21) 3504-7162 ramal 57162
>
>
>
>
> --
>
>
> The information in this Internet Email is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this Email
> by anyone else is unauthorized. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. When addressed
> to our clients any opinions or advice contained in this Email are subject
> to the terms and conditions expressed in any applicable governing The Home
> Depot terms of business or client engagement letter. The Home Depot
> disclaims all responsibility and liability for the accuracy and content of
> this attachment and for any damages or losses arising from any
> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
> items of a destructive nature, which may be contained in this attachment
> and shall not be liable for direct, indirect, consequential or special
> damages in connection with this e-mail message or its attachment.
>
>

RE: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[SEAN_R_DURITY]

Which Cassandra version? Most of my authentication-from-non-authentication 
experience is from Cassandra 1.1 – 2.0. After that, I just enable from the 
beginning.

Sean Durity – Lead Cassandra Admin
Big DATA Team
MTC 2250
For support, create a 
JIRA<https://portal.homedepot.com/sites/bigdata/Shared%20Documents/Jira%20Hadoop%20Support%20Workflow.pdf>

From: Jai Bheemsen Rao Dhanwada [mailto:jaibheem...@gmail.com]
Sent: Tuesday, June 07, 2016 8:31 PM
To: user@cassandra.apache.org
Subject: Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

Hello Sean,

Recently I tried to enable Authentication on a existing cluster, I have see the 
below behaviour. (Clients already have the credentials and 3 node C* cluster)

cluster 1 - Enabled Authentication on node1 by adding iptable rules (so that 
client will not communicate to this node) and I was able to connect to cql with 
default user and create the required users.

cluster 2- Enabled Authentication on node1 by adding iptable rules but the 
default user was not created and below are the logs.

WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898 
PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user 
setup: some nodes were not ready
WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 - Skipped 
default superuser setup: some nodes were not ready

Any idea why the behaviour is not consistent across the two clusters?

P.S: In both the cases the system_auth keyspace was created when the first node 
was updated.

On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves 
<felipe.este...@b2wdigital.com<mailto:felipe.este...@b2wdigital.com>> wrote:
Thank you, Sean!


Felipe Esteves

Tecnologia

felipe.este...@b2wdigital.com<mailto:seu.em...@b2wdigital.com>

Tel.: (21) 3504-7162 ramal 57162

Skype: felipe2esteves

2016-06-07 14:20 GMT-03:00 
<sean_r_dur...@homedepot.com<mailto:sean_r_dur...@homedepot.com>>:
I answered a similar question here:
https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y


Sean Durity – Lead Cassandra Admin

From: Felipe Esteves 
[mailto:felipe.este...@b2wdigital.com<mailto:felipe.este...@b2wdigital.com>]
Sent: Tuesday, June 07, 2016 12:07 PM
To: user@cassandra.apache.org<mailto:user@cassandra.apache.org>
Subject: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

Hi guys,

I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer and 
have to change it, so I can implement permissions in different users.
As I've checked in the docs, seems like a simple change, from 
AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
However, I'm a litte concerned about the performance of the cluster while I'm 
restarting all the nodes. Is it possible to have any downtime (access errors, 
maybe), as all the data was created with AllowAllAuthorizer?
--

Felipe Esteves

Tecnologia

felipe.este...@b2wdigital.com<mailto:seu.em...@b2wdigital.com>

Tel.: (21) 3504-7162 ramal 57162




The information in this Internet Email is confidential and may be legally 
privileged. It is intended solely for the addressee. Access to this Email by 
anyone else is unauthorized. If you are not the intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on it, is prohibited and may be unlawful. When addressed to our 
clients any opinions or advice contained in this Email are subject to the terms 
and conditions expressed in any applicable governing The Home Depot terms of 
business or client engagement letter. The Home Depot disclaims all 
responsibility and liability for the accuracy and content of this attachment 
and for any damages or losses arising from any inaccuracies, errors, viruses, 
e.g., worms, trojan horses, etc., or other items of a destructive nature, which 
may be contained in this attachment and shall not be liable for direct, 
indirect, consequential or special damages in connection with this e-mail 
message or its attachment.






The information in this Internet Email is confidential and may be legally 
privileged. It is intended solely for the addressee. Access to this Email by 
anyone else is unauthorized. If you are not the intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on it, is prohibited and may be unlawful. When addressed to our 
clients any opinions or advice contained in this Email are subject to the terms 
and conditions expressed in any applicable governing The Home Depot terms of 
business or client engagement letter. The Home Depot disclaims all 
responsibility and liability for the accuracy and content of this attachment 
and for any damages or losses arising from any inaccuracies, errors, viruses, 
e.g., worms, trojan horses, etc., or other items of a destructive nature, which 
may be contained in this at

Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[Jai Bheemsen Rao Dhanwada]

Hello Sean,

Recently I tried to enable Authentication on a existing cluster, I have see
the below behaviour. (Clients already have the credentials and 3 node C*
cluster)

cluster 1 - Enabled Authentication on node1 by adding iptable rules (so
that client will not communicate to this node) and I was able to connect to
cql with default user and create the required users.

cluster 2- Enabled Authentication on node1 by adding iptable rules but the
default user was not created and below are the logs.

WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:17,898
PasswordAuthenticator.java:230 - PasswordAuthenticator skipped default user
setup: some nodes were not ready
WARN  [NonPeriodicTasks:1] 2016-06-07 20:59:28,007 Auth.java:241 - Skipped
default superuser setup: some nodes were not ready

Any idea why the behaviour is not consistent across the two clusters?

P.S: In both the cases the *system_auth *keyspace was created when the
first node was updated.

On Tue, Jun 7, 2016 at 11:19 AM, Felipe Esteves <
felipe.este...@b2wdigital.com> wrote:

> Thank you, Sean!
>
> Felipe Esteves
>
> Tecnologia
>
> felipe.este...@b2wdigital.com 
>
> Tel.: (21) 3504-7162 ramal 57162
>
> Skype: felipe2esteves
>
> 2016-06-07 14:20 GMT-03:00 :
>
>> I answered a similar question here:
>>
>> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>>
>>
>>
>>
>>
>> Sean Durity – Lead Cassandra Admin
>>
>>
>>
>> *From:* Felipe Esteves [mailto:felipe.este...@b2wdigital.com]
>> *Sent:* Tuesday, June 07, 2016 12:07 PM
>> *To:* user@cassandra.apache.org
>> *Subject:* Change authorization from AllowAllAuthorizer to
>> CassandraAuthorizer
>>
>>
>>
>> Hi guys,
>>
>>
>>
>> I have a Cassandra 2.1.8 Community cluster running with
>> AllowAllAuthorizer and have to change it, so I can implement permissions in
>> different users.
>>
>> As I've checked in the docs, seems like a simple change,
>> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>>
>> However, I'm a litte concerned about the performance of the cluster while
>> I'm restarting all the nodes. Is it possible to have any downtime (access
>> errors, maybe), as all the data was created with AllowAllAuthorizer?
>>
>> --
>>
>> *Felipe Esteves*
>>
>> Tecnologia
>>
>> felipe.este...@b2wdigital.com 
>>
>> Tel.: (21) 3504-7162 ramal 57162
>>
>>
>>
>> --
>>
>> The information in this Internet Email is confidential and may be legally
>> privileged. It is intended solely for the addressee. Access to this Email
>> by anyone else is unauthorized. If you are not the intended recipient, any
>> disclosure, copying, distribution or any action taken or omitted to be
>> taken in reliance on it, is prohibited and may be unlawful. When addressed
>> to our clients any opinions or advice contained in this Email are subject
>> to the terms and conditions expressed in any applicable governing The Home
>> Depot terms of business or client engagement letter. The Home Depot
>> disclaims all responsibility and liability for the accuracy and content of
>> this attachment and for any damages or losses arising from any
>> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
>> items of a destructive nature, which may be contained in this attachment
>> and shall not be liable for direct, indirect, consequential or special
>> damages in connection with this e-mail message or its attachment.
>>
>
>
>
>

Re: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[Felipe Esteves]

Thank you, Sean!

Felipe Esteves

Tecnologia

felipe.este...@b2wdigital.com 

Tel.: (21) 3504-7162 ramal 57162

Skype: felipe2esteves

2016-06-07 14:20 GMT-03:00 :

> I answered a similar question here:
>
> https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y
>
>
>
>
>
> Sean Durity – Lead Cassandra Admin
>
>
>
> *From:* Felipe Esteves [mailto:felipe.este...@b2wdigital.com]
> *Sent:* Tuesday, June 07, 2016 12:07 PM
> *To:* user@cassandra.apache.org
> *Subject:* Change authorization from AllowAllAuthorizer to
> CassandraAuthorizer
>
>
>
> Hi guys,
>
>
>
> I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer
> and have to change it, so I can implement permissions in different users.
>
> As I've checked in the docs, seems like a simple change,
> from AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
>
> However, I'm a litte concerned about the performance of the cluster while
> I'm restarting all the nodes. Is it possible to have any downtime (access
> errors, maybe), as all the data was created with AllowAllAuthorizer?
>
> --
>
> *Felipe Esteves*
>
> Tecnologia
>
> felipe.este...@b2wdigital.com 
>
> Tel.: (21) 3504-7162 ramal 57162
>
>
>
> --
>
> The information in this Internet Email is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this Email
> by anyone else is unauthorized. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. When addressed
> to our clients any opinions or advice contained in this Email are subject
> to the terms and conditions expressed in any applicable governing The Home
> Depot terms of business or client engagement letter. The Home Depot
> disclaims all responsibility and liability for the accuracy and content of
> this attachment and for any damages or losses arising from any
> inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other
> items of a destructive nature, which may be contained in this attachment
> and shall not be liable for direct, indirect, consequential or special
> damages in connection with this e-mail message or its attachment.
>

-- 

RE: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

[SEAN_R_DURITY]

I answered a similar question here:
https://groups.google.com/forum/#!topic/nosql-databases/lLBebUCjD8Y


Sean Durity – Lead Cassandra Admin

From: Felipe Esteves [mailto:felipe.este...@b2wdigital.com]
Sent: Tuesday, June 07, 2016 12:07 PM
To: user@cassandra.apache.org
Subject: Change authorization from AllowAllAuthorizer to CassandraAuthorizer

Hi guys,

I have a Cassandra 2.1.8 Community cluster running with AllowAllAuthorizer and 
have to change it, so I can implement permissions in different users.
As I've checked in the docs, seems like a simple change, from 
AllowAllAuthorizer to CassandraAuthorizer in cassandra.yaml.
However, I'm a litte concerned about the performance of the cluster while I'm 
restarting all the nodes. Is it possible to have any downtime (access errors, 
maybe), as all the data was created with AllowAllAuthorizer?
--

Felipe Esteves

Tecnologia

felipe.este...@b2wdigital.com

Tel.: (21) 3504-7162 ramal 57162




The information in this Internet Email is confidential and may be legally 
privileged. It is intended solely for the addressee. Access to this Email by 
anyone else is unauthorized. If you are not the intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on it, is prohibited and may be unlawful. When addressed to our 
clients any opinions or advice contained in this Email are subject to the terms 
and conditions expressed in any applicable governing The Home Depot terms of 
business or client engagement letter. The Home Depot disclaims all 
responsibility and liability for the accuracy and content of this attachment 
and for any damages or losses arising from any inaccuracies, errors, viruses, 
e.g., worms, trojan horses, etc., or other items of a destructive nature, which 
may be contained in this attachment and shall not be liable for direct, 
indirect, consequential or special damages in connection with this e-mail 
message or its attachment.