[
https://issues.apache.org/jira/browse/CASSANDRA-12525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17675939#comment-17675939
]
Stefan Miklosovic edited comment on CASSANDRA-12525 at 1/12/23 10:44 AM:
-------------------------------------------------------------------------
PR: https://github.com/apache/cassandra/pull/2085/files
j8 pre-commit
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1701/workflows/6adcd572-b3dd-4f9f-af86-4f20f78d36d8
j11 pre-commit
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1701/workflows/314b5982-03a2-464a-ad07-d697261847cd
failing tests in j8 are
https://issues.apache.org/jira/browse/CASSANDRA-17708
https://issues.apache.org/jira/browse/CASSANDRA-17819 (there is ongoing
discussion about possible re-opening of this ticket as it started to fail for
more people lately)
failing testForcedNormalRepairWithOneNodeDown is mentioned here
https://issues.apache.org/jira/browse/CASSANDRA-14752 but it was evaluated as
not-related which is probably the same here, it seems it does not have
dedicated ticket yet, I may create it.
test was run repeatedly too
was (Author: smiklosovic):
PR: https://github.com/apache/cassandra/pull/2085/files
j8 pre-commit
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1701/workflows/6adcd572-b3dd-4f9f-af86-4f20f78d36d8
j11 pre-commit
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1701/workflows/314b5982-03a2-464a-ad07-d697261847cd
failing tests in j8 are
https://issues.apache.org/jira/browse/CASSANDRA-17708
https://issues.apache.org/jira/browse/CASSANDRA-17819 (there is ongoing
discussion about possible re-opening of this ticket as it started to fail for
more people lately)
failing testForcedNormalRepairWithOneNodeDown is mentioned here
https://issues.apache.org/jira/browse/CASSANDRA-14752 but it was evaluated as
not-related which is probably the same here, it seems it does not have it
dedicated ticket yet, I may create it.
test was run repeatedly too
> When adding new nodes to a cluster which has authentication enabled, we end
> up losing cassandra user's current crendentials and they get reverted back to
> default cassandra/cassandra credentials
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-12525
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12525
> Project: Cassandra
> Issue Type: Bug
> Components: Cluster/Schema, Local/Config
> Reporter: Atin Sood
> Assignee: German Eichberger
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 4.x
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> Made the following observation:
> When adding new nodes to an existing C* cluster with authentication enabled
> we end up loosing password information about `cassandra` user.
> Initial Setup
> - Create a 5 node cluster with system_auth having RF=5 and
> NetworkTopologyStrategy
> - Enable PasswordAuthenticator on this cluster and update the password for
> 'cassandra' user to say 'password' via the alter query
> - Make sure you run nodetool repair on all the nodes
> Test case
> - Now go ahead and add 5 more nodes to this cluster.
> - Run nodetool repair on all the 10 nodes now
> - Decommission the original 5 nodes such that only the new 5 nodes are in the
> cluster now
> - Run cqlsh and try to connect to this cluster using old user name and
> password, cassandra/password
> I was unable to connect to the nodes with the original credentials and was
> only able to connect using the default cassandra/cassandra credentials
> From the conversation over IIRC
> `beobal: sood: that definitely shouldn't happen. The new nodes should only
> create the default superuser role if there are 0 roles currently defined
> (including that default one)`
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
