Thanks for your reply, - I have not defined role_manager in the config - I dropped the users table, it was present in the keyspace - Cassandra then created a record in the roles table, yay !
But when I do clash -u cassandra -p cassandra => Invalid credentials supplied. Authentication error on host xxxxxx: Provided username cassandra and/or password are incorrect I already repaired system_auth a few times, nothing help... > Le 17 juil. 2018 à 16:47, Sam Tunnicliffe <s...@beobal.com> a écrit : > > The default superuser is only created at startup if 3 conditions are met: > > i) The default role manager is configured. In cassandra.yaml, you should see > "role_manager: CassandraRoleManager". This is also the default value, so > unless you're explicitly using a custom role manager it should be good. > ii) The system_auth.users table (legacy, pre-2.2) should not be present. > Present means present in the schema, not on disk. Unlike most system tables, > this table is droppable (in fact this is a necessary step in upgrading from > earlier versions). > iii) There should be no preexisting roles present in the system_auth.roles > table. This is verified with a regular query, so you must either use CQL to > delete existing roles, or remove the data directories and commit logs on > *all* nodes. > > Even if these three conditions are met, but the default user isn't being > created the manual insert that Horia suggested should work. If > system_auth.roles table exists and you are able to perform the insert, I'm > very surprised when you say it's empty after you issue the insert. If you > check again and it turns out the manual insert is working as expected, you > need to make sure that the legacy tables have been dropped from schema > (assuming you upgraded from a pre-3.0 version at some point). If the legacy > tables are still present, the authenticator will continue to read from them > and so would be ignoring the new entry in the roles table. (see: > https://github.com/apache/cassandra/blob/cassandra-3.11.2/NEWS.txt#L619-L640 > <https://github.com/apache/cassandra/blob/cassandra-3.11.2/NEWS.txt#L619-L640>) > > > > On 17 July 2018 at 15:18, Thomas Lété <thomas.l...@soprism.com > <mailto:thomas.l...@soprism.com>> wrote: > Yes I did that multiple time, always following the same procedure : stop > Cassandra, on all nodes, remove data, update config then restart nodes one by > one… > > I really don’t understand when I could have done wrong... > > > Le 17 juil. 2018 à 16:15, Simon Fontana Oscarsson > > <simon.fontana.oscars...@ericsson.com > > <mailto:simon.fontana.oscars...@ericsson.com>> a écrit : > > > > This is very strange behavior if Cassandra won't recreate the cassandra > > user when you delete the folder. > > So just to make sure, you are stopping Cassandra on all nodes and deleting > > the data directory? > > > > -- > > SIMON FONTANA OSCARSSON > > Software Developer > > > > Ericsson > > Ölandsgatan 1 > > 37133 Karlskrona, Sweden > > simon.fontana.oscars...@ericsson.com > > <mailto:simon.fontana.oscars...@ericsson.com> > > www.ericsson.com <http://www.ericsson.com/> > > > > On tis, 2018-07-17 at 16:01 +0200, Thomas Lété wrote: > >> It’s empty... > >> > >>> > >>> Le 17 juil. 2018 à 15:59, Horia Mocioi <horia.moc...@ericsson.com > >>> <mailto:horia.moc...@ericsson.com>> a écrit : > >>> > >>> Could you also send the output of "select * from system_auth.roles"? > >>> (you will need to change authenticator to AllowAllAuthenticator and > >>> authorizer to AllowAllAuthorizer) > >>> > >>> On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote: > >>>> > >>>> Ok I tried that, nothing better (I already tried dropping the entire > >>>> system_auth folder that way, same result) > >>>> > >>>> When I open the log, I found nothing about « Password » and when I > >>>> search for « roles », I only find that : > >>>> > >>>> DEBUG [main] 2018-07-17 15:37:39,420 > >>>> CompactionStrategyManager.java:380 - Recreating compaction strategy - > >>>> disk boundaries are out of date for system_auth.roles. > >>>> DEBUG [main] 2018-07-17 15:37:39,420 DiskBoundaryManager.java:53 - > >>>> Refreshing disk boundary cache for system_auth.roles > >>>> DEBUG [main] 2018-07-17 15:37:39,422 DiskBoundaryManager.java:56 - > >>>> Updating boundaries from > >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da > >>>> ta}], positions=[max(9223372036854775807)], ringVersion=3, > >>>> directoriesVersion=0} to > >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da > >>>> ta}], positions=[max(9223372036854775807)], ringVersion=16, > >>>> directoriesVersion=0} for system_auth.roles > >>>> > >>>> The configuration I use for Auth is the following : > >>>> > >>>> authorizer: CassandraAuthorizer > >>>> permissions_validity_in_ms: 2000 > >>>> permissions_update_interval_in_ms: 2000 > >>>> authenticator: PasswordAuthenticator > >>>> credentials_validity_in_ms: 2000 > >>>> credentials_update_interval_in_ms: 2000 > >>>> > >>>>> > >>>>> Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson <simon.fontana.os > >>>>> cars...@ericsson.com <mailto:cars...@ericsson.com>> a écrit : > >>>>> > >>>>> Could you try the following steps? > >>>>> > >>>>> Stop Cassandra. > >>>>> Change authenticator in yaml to PasswordAuthenticator if not > >>>>> already done. > >>>>> Remove data directory with `rm -rf data/system_auth/roles-*` > >>>>> Start Cassandra. > >>>>> Login with `cqlsh -u cassandra -p cassandra` > >>>>> > >>>>> Works for me. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > <mailto:user-unsubscr...@cassandra.apache.org> > For additional commands, e-mail: user-h...@cassandra.apache.org > <mailto:user-h...@cassandra.apache.org> > >
