[
https://issues.apache.org/jira/browse/CASSANDRA-11381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15251385#comment-15251385
]
Joel Knighton commented on CASSANDRA-11381:
-------------------------------------------
Thanks for the patches [~michaelsembwever] and apologies for the delay again.
This is at the top of my queue now, so I can work on getting this in quickly.
I can confirm that this is a genuine issue - a few thoughts on the patches:
* Is there a reason that we only setup auth in {{StorageService.initServer}} if
the saved tokens aren't empty? This doesn't handle the case when a node starts
with join_ring false on its first boot (a coordinator-only node). This can be
reproduced with a small variant of your dtest in which we do not start node3 in
the initial preparation. Some experimentation on my end suggests this would be
fine.
* On a similar note, is there a reason we can't just move auth setup slightly
earlier in {{StorageService.initServer()}}? If we moved it before the check of
the join_ring property, we could do without the idempotency parts of the
patches. Again, this looks workable in my experimentation.
* Was there any method by which you arrived at the 300 second timeouts for the
cql connection on the dtests? This really drags the test on in failing cases,
and I was able to reduce it to 30 seconds without any false negatives.
* Tests handling the coordinator-only case and using JMX to join the node to
the ring would be great. I think a minimal parameterized test could handle
these all these permutations.
> Node running with join_ring=false and authentication can not serve requests
> ---------------------------------------------------------------------------
>
> Key: CASSANDRA-11381
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11381
> Project: Cassandra
> Issue Type: Bug
> Reporter: mck
> Assignee: mck
> Fix For: 2.1.x, 2.2.x, 3.0.x, 3.x
>
> Attachments: 11381-2.0.txt, 11381-2.1.txt, 11381-2.2.txt,
> 11381-3.0.txt, 11381-trunk.txt, dtest-11381-trunk.txt
>
>
> Starting up a node with {{-Dcassandra.join_ring=false}} in a cluster that has
> authentication configured, eg PasswordAuthenticator, won't be able to serve
> requests. This is because {{Auth.setup()}} never gets called during the
> startup.
> Without {{Auth.setup()}} having been called in {{StorageService}} clients
> connecting to the node fail with the node throwing
> {noformat}
> java.lang.NullPointerException
> at
> org.apache.cassandra.auth.PasswordAuthenticator.authenticate(PasswordAuthenticator.java:119)
> at
> org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:1471)
> at
> org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3505)
> at
> org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3489)
> at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
> at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
> at com.thinkaurelius.thrift.Message.invoke(Message.java:314)
> at
> com.thinkaurelius.thrift.Message$Invocation.execute(Message.java:90)
> at
> com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:695)
> at
> com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:689)
> at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
> The exception thrown from the
> [code|https://github.com/apache/cassandra/blob/cassandra-2.0.16/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java#L119]
> {code}
> ResultMessage.Rows rows =
> authenticateStatement.execute(QueryState.forInternalCalls(), new
> QueryOptions(consistencyForUser(username),
>
> Lists.newArrayList(ByteBufferUtil.bytes(username))));
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
