当Cassandra不知道"cassandra"默认用户时，如何重置Cassandra超级用户? [英] How to reset Cassandra superuser, when Cassandra does not know 'cassandra' default user?

问题描述

如何在不更改源代码的情况下重置默认的Cassandra凭据?

How to reset default Cassandra credentials without changing source code?

我已经检查了类似的问题，例如如何重设丢失的邮件Cassandra管理员用户的密码?. 我有Datastax Cassandra 2.0.8的三个节点群集，我正在尝试实现身份验证.我已经在所有节点中设置了cassandra.yaml并重新启动了它们.问题是我仍然无法登录cqlsh.

I have check similar problems like How to reset a lost Cassandra admin user's password?. I have three node cluster of Datastax Cassandra 2.0.8 and I am trying to implement authentication. I have set cassandra.yaml in all nodes and restarted them. Problem is that I still cannot login in to cqlsh.

我还试图在cqlsh中为cassandra用户重置密码(我已为此禁用身份验证):

I have also tried to reset password for cassandra user in cqlsh(I have disabled authentication for that):

update system_auth.credentials set salted_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='cassandra';

在日志中，有关于创建cassandra超级用户的信息.我已经检查了键空间system_auth，它包括凭据，权限和用户.凭证列系列确实包含用户cassandra:

In logs there is Info about creating cassandra superuser. I have checked keyspace system_auth and it includes credentials,permissions and users. And credentials column family does contain user cassandra:

cqlsh> use system_auth;
cqlsh:system_auth> select * from credentials;

 username  | options | salted_hash
-----------+---------+----------------------------------------------------------                                ----
 cassandra |    null | $2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pw                                quu

(1 rows)

但是，当我尝试时:

./cqlsh -u cassandra -p cassandra

出现异常，该用户不存在，但是我没有创建该用户的权限.

I get exception, that user does not exists, but I dont have permissions to create one.

cql.cassandra.ttypes.AuthenticationException: AuthenticationException(why="User cassandra doesn't exist - create it with CREATE USER query first")

推荐答案

我不确定，但是您上面使用的哈希很可能会随每个版本而变化，并且可能特定于特定版本的卡桑德拉.考虑到这一点，您可以(理论上)在VM中安装相同的版本，然后在该计算机的system_auth.credentials中查询cassandra用户的salted_hash.如果不是您上面链接的问题，我永远也不会想尝试过.

I don't know for sure, but there's a good chance that the hash you used above changes with each version, and may be particular to a specific version of Cassandra. With that in-mind, you could (in-theory) install the same version in a VM, and then query that machine's system_auth.credentials for the cassandra user's salted_hash. Had it not been for the question you linked above, I never would have thought to try that.

否则，该下一个选项将起作用.

Otherwise, this next option WILL work.

1. 停止您的Cassandra群集.

2. 在每个节点上，cd向下到您的data目录，并执行:

1. Stop your Cassandra cluster.

2. On each node, cd down to your data directory, and execute:

$ mv system_auth system_auth_20140814

重新启动每个节点.

只要仍将身份验证器(在您的cassandra.yaml中)设置为使用PasswordAuthenticator，Cassandra就会使用默认的Cassandra超级用户重建system_auth密钥空间，您可以将其与cqlsh一起使用以回来.

As long as the authenticator is still set (in your cassandra.yaml) to use the PasswordAuthenticator, Cassandra will rebuild the system_auth keyspace, with the default Cassandra super user, which you can use with cqlsh to get back in.

$ ./cqlsh -u cassandra -p cassandra
Connected to MyCluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 2.1.0-rc5-SNAPSHOT | CQL spec 3.2.0 | Native protocol v3]
Use HELP for help.
cqlsh>

注意:

• 您将必须重新添加所有用户，并重新应用所有用户的权限.
• 除了重命名(c6)目录(mv)，还可以将其删除(c10).
• 您将必须将适当的复制设置重新应用于您的system_auth键空间.默认情况下，system_auth仅具有1的复制因子.

• You will have to re-add all of your users, and re-apply all off their permissions.
• Instead of renaming (mv) the system_auth directory, you could also just delete it (rm).
• You will have to re-apply the appropriate replication settings to your system_auth keyspace. By default, system_auth only has a replication factor of 1.

这篇关于当Cassandra不知道"cassandra"默认用户时，如何重置Cassandra超级用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！