Just to clarify that behaviour. QUORUM only applies to the default superuser, subsequent superusers you create later on are still only queried at LOCAL_ONE. E.g.
protected static ConsistencyLevel consistencyForRole(String role) { if (role.equals(DEFAULT_SUPERUSER_NAME)) return ConsistencyLevel.QUORUM; else return ConsistencyLevel.LOCAL_ONE; } Despite the fact it suggests consistency for a given role... the function actually gets passed the username not the role (role lookup happens after authentication iirc). Best practices would suggest you change the default superuser password to some long random password and throw it away and use other superuser accounts. The Cassandra user is only their to bootstrap auth and nothing else. If your RF for the system auth table is very high it will not make it difficult to login, just to change your password :) On Wed, 6 Sep 2017 at 11:43 Jeff Jirsa <jji...@gmail.com> wrote: > More explicitly - if you have 60 nodes, setting rf=60 will likely make it > very difficult for you to log in as a superuser. > > -- > Jeff Jirsa > > > > On Sep 6, 2017, at 11:40 AM, Jon Haddad <jonathan.had...@gmail.com> > wrote: > > > > I wouldn’t worry about being meticulous about keeping RF = N as the > cluster grows. If you had 60 nodes and your auth data was only on 9 you’d > be completely fine. > > > >> On Sep 6, 2017, at 11:36 AM, Cogumelos Maravilha < > cogumelosmaravi...@sapo.pt> wrote: > >> > >> After insert a new node we should: > >> > >> ALTER KEYSPACE system_auth WITH REPLICATION = { 'class' : ... > >> 'replication_factor' : x }; > >> > >> x = number of nodes in dc > >> > >> The default user and password should work: > >> -u cassandra -p cassandra > >> > >> Cheers. > >> > >>> On 23-08-2017 11:14, kurt greaves wrote: > >>> The cassandra user requires QUORUM consistency to be achieved for > >>> authentication. Normal users only require ONE. I suspect your > >>> system_auth keyspace has an RF of 1, and the node that owns the > >>> cassandra users data is down. > >>> > >>> Steps to recover: > >>> 1. Turn off authentication on all the nodes > >>> 2. Restart the nodes and make sure they are UN > >>> 3. Alter system_auth to have a higher RF than 1 (3 is probably > >>> appropriate) > >>> 4. Turn auth back on and restart > >>> 5. Create a new user and use that from now on. > >>> > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > >> For additional commands, e-mail: user-h...@cassandra.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > > For additional commands, e-mail: user-h...@cassandra.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > For additional commands, e-mail: user-h...@cassandra.apache.org > > -- Ben Bromhead CTO | Instaclustr <https://www.instaclustr.com/> +1 650 284 9692 Managed Cassandra / Spark on AWS, Azure and Softlayer