[
https://issues.apache.org/jira/browse/CASSANDRA-11381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15257906#comment-15257906
]
mck commented on CASSANDRA-11381:
---------------------------------
{quote} - Is there a reason that we only setup auth in
StorageService.initServer if the saved tokens aren't empty? This doesn't handle
the case when a node starts with join_ring false on its first boot (a
coordinator-only node). This can be reproduced with a small variant of your
dtest in which we do not start node3 in the initial preparation. Some
experimentation on my end suggests this would be fine.{quote}
Good point. Will fix. There's a similar fault in the trunk patch in regards to
{{isSurveyMode}}.
{quote} - On a similar note, is there a reason we can't just move auth setup
slightly earlier in StorageService.initServer()? If we moved it before the
check of the join_ring property, we could do without the idempotency parts of
the patches. Again, this looks workable in my experimentation.{quote}
That did seem like the cleaner solution. But my understanding on the auth model
and setup isn't solid, so my intention here was to offer the less-risk patch. I
still suspect this is smart approach against the non-trunk patches.
I'll take a look at moving the auth setup to an earlier place in just the trunk
patch, ok? It seems to make sense to move the call in {{prepareToJoin()}}.
{quote} - Was there any method by which you arrived at the 300 second timeouts
for the cql connection on the dtests? This really drags the test on in failing
cases, and I was able to reduce it to 30 seconds without any false
negatives.{quote}
No. Just playing it safe for my dual-core thinkpad. (I did have to bump it up
once).
{quote} - Tests handling the coordinator-only case and using JMX to join the
node to the ring would be great. I think a minimal parameterized test could
handle these all these permutations.{quote}
I'll take a look.
> Node running with join_ring=false and authentication can not serve requests
> ---------------------------------------------------------------------------
>
> Key: CASSANDRA-11381
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11381
> Project: Cassandra
> Issue Type: Bug
> Reporter: mck
> Assignee: mck
> Fix For: 2.1.x, 2.2.x, 3.0.x, 3.x
>
> Attachments: 11381-2.0.txt, 11381-2.1.txt, 11381-2.2.txt,
> 11381-3.0.txt, 11381-trunk.txt, dtest-11381-trunk.txt
>
>
> Starting up a node with {{-Dcassandra.join_ring=false}} in a cluster that has
> authentication configured, eg PasswordAuthenticator, won't be able to serve
> requests. This is because {{Auth.setup()}} never gets called during the
> startup.
> Without {{Auth.setup()}} having been called in {{StorageService}} clients
> connecting to the node fail with the node throwing
> {noformat}
> java.lang.NullPointerException
> at
> org.apache.cassandra.auth.PasswordAuthenticator.authenticate(PasswordAuthenticator.java:119)
> at
> org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:1471)
> at
> org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3505)
> at
> org.apache.cassandra.thrift.Cassandra$Processor$login.getResult(Cassandra.java:3489)
> at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
> at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
> at com.thinkaurelius.thrift.Message.invoke(Message.java:314)
> at
> com.thinkaurelius.thrift.Message$Invocation.execute(Message.java:90)
> at
> com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:695)
> at
> com.thinkaurelius.thrift.TDisruptorServer$InvocationHandler.onEvent(TDisruptorServer.java:689)
> at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
> The exception thrown from the
> [code|https://github.com/apache/cassandra/blob/cassandra-2.0.16/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java#L119]
> {code}
> ResultMessage.Rows rows =
> authenticateStatement.execute(QueryState.forInternalCalls(), new
> QueryOptions(consistencyForUser(username),
>
> Lists.newArrayList(ByteBufferUtil.bytes(username))));
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
