The default superuser is only created at startup if 3 conditions are met: i) The default role manager is configured. In cassandra.yaml, you should see "role_manager: CassandraRoleManager". This is also the default value, so unless you're explicitly using a custom role manager it should be good. ii) The system_auth.users table (legacy, pre-2.2) should not be present. Present means present in the schema, not on disk. Unlike most system tables, this table is droppable (in fact this is a necessary step in upgrading from earlier versions). iii) There should be no preexisting roles present in the system_auth.roles table. This is verified with a regular query, so you must either use CQL to delete existing roles, or remove the data directories and commit logs on *all* nodes.
Even if these three conditions are met, but the default user isn't being created the manual insert that Horia suggested should work. If system_auth.roles table exists and you are able to perform the insert, I'm very surprised when you say it's empty after you issue the insert. If you check again and it turns out the manual insert is working as expected, you need to make sure that the legacy tables have been dropped from schema (assuming you upgraded from a pre-3.0 version at some point). If the legacy tables are still present, the authenticator will continue to read from them and so would be ignoring the new entry in the roles table. (see: https://github.com/apache/cassandra/blob/cassandra-3.11.2/NEWS.txt#L619-L640 ) On 17 July 2018 at 15:18, Thomas Lété <thomas.l...@soprism.com> wrote: > Yes I did that multiple time, always following the same procedure : stop > Cassandra, on all nodes, remove data, update config then restart nodes one > by one… > > I really don’t understand when I could have done wrong... > > > Le 17 juil. 2018 à 16:15, Simon Fontana Oscarsson < > simon.fontana.oscars...@ericsson.com> a écrit : > > > > This is very strange behavior if Cassandra won't recreate the cassandra > user when you delete the folder. > > So just to make sure, you are stopping Cassandra on all nodes and > deleting the data directory? > > > > -- > > SIMON FONTANA OSCARSSON > > Software Developer > > > > Ericsson > > Ölandsgatan 1 > > 37133 Karlskrona, Sweden > > simon.fontana.oscars...@ericsson.com > > www.ericsson.com > > > > On tis, 2018-07-17 at 16:01 +0200, Thomas Lété wrote: > >> It’s empty... > >> > >>> > >>> Le 17 juil. 2018 à 15:59, Horia Mocioi <horia.moc...@ericsson.com> a > écrit : > >>> > >>> Could you also send the output of "select * from system_auth.roles"? > >>> (you will need to change authenticator to AllowAllAuthenticator and > >>> authorizer to AllowAllAuthorizer) > >>> > >>> On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote: > >>>> > >>>> Ok I tried that, nothing better (I already tried dropping the entire > >>>> system_auth folder that way, same result) > >>>> > >>>> When I open the log, I found nothing about « Password » and when I > >>>> search for « roles », I only find that : > >>>> > >>>> DEBUG [main] 2018-07-17 15:37:39,420 > >>>> CompactionStrategyManager.java:380 - Recreating compaction strategy - > >>>> disk boundaries are out of date for system_auth.roles. > >>>> DEBUG [main] 2018-07-17 15:37:39,420 DiskBoundaryManager.java:53 - > >>>> Refreshing disk boundary cache for system_auth.roles > >>>> DEBUG [main] 2018-07-17 15:37:39,422 DiskBoundaryManager.java:56 - > >>>> Updating boundaries from > >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da > >>>> ta}], positions=[max(9223372036854775807)], ringVersion=3, > >>>> directoriesVersion=0} to > >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da > >>>> ta}], positions=[max(9223372036854775807)], ringVersion=16, > >>>> directoriesVersion=0} for system_auth.roles > >>>> > >>>> The configuration I use for Auth is the following : > >>>> > >>>> authorizer: CassandraAuthorizer > >>>> permissions_validity_in_ms: 2000 > >>>> permissions_update_interval_in_ms: 2000 > >>>> authenticator: PasswordAuthenticator > >>>> credentials_validity_in_ms: 2000 > >>>> credentials_update_interval_in_ms: 2000 > >>>> > >>>>> > >>>>> Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson <simon.fontana.os > >>>>> cars...@ericsson.com> a écrit : > >>>>> > >>>>> Could you try the following steps? > >>>>> > >>>>> Stop Cassandra. > >>>>> Change authenticator in yaml to PasswordAuthenticator if not > >>>>> already done. > >>>>> Remove data directory with `rm -rf data/system_auth/roles-*` > >>>>> Start Cassandra. > >>>>> Login with `cqlsh -u cassandra -p cassandra` > >>>>> > >>>>> Works for me. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > For additional commands, e-mail: user-h...@cassandra.apache.org > >
