You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Léo FERLIN SUTTON <lf...@mailjet.com.INVALID> on 2019/03/14 10:56:58 UTC
Query failure
Hello !
Recently I have noticed some clients are having errors almost every time
they try to contact my Cassandra cluster.
The error messages vary but there is one constant : *It's not constant* !
Let me show you :
From the client host :
`cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p my_password
cassandra_address 9042`
The CL commands will fail half of the time :
```
cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
AND LOGIN=TRUE;
InvalidRequest: Error from server: code=2200 [Invalid query]
message="org.apache.cassandra.auth.CassandraRoleManager doesn't support
PASSWORD"
cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
AND LOGIN=TRUE;
```
Same with grants :
```
cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
to be logged in and not anonymous to perform this request"
cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
```
Same with `list roles` :
```
cassandra_vault_superuser@cqlsh> list roles;
role | super | login |
options
----------------------------------------------------------+-------+-------+---------
cassandra | True | True
| {}
[...]
cassandra_vault_superuser@cqlsh> list roles;
Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
to be logged in and not anonymous to perform this request"
```
My Cassandra (3.0.18) configuration seems correct :
```
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
role_manager: CassandraRoleManager
```
The system_auth schema seems correct as well :
`CREATE KEYSPACE system_auth WITH replication = {'class':
'NetworkTopologyStrategy', 'my_dc': '3'} AND durable_writes = true;`
I am only having those errors when :
* I am on a non local client.
* Via `cqlsh`
* Or via the vaultproject client (
https://www.vaultproject.io/docs/secrets/databases/cassandra.html) (1 error
occurred: You have to be logged in and not anonymous to perform this
request)
If I am using cqlsh (with authentification) but from a Cassandra node it
works 100% of the time.
Any idas abut what might be going wrong ?
Regards,
Leo
Re: Query failure
Posted by Léo FERLIN SUTTON <lf...@mailjet.com.INVALID>.
I checked and the configuration file matched on all the nodes.
I checked `cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p
my_password nodeXX 9042` with each node and finally one failed.
It had somehow not been restarted since the configuration change. It was
not responsive to `systemctl stop/start/restart cassandra` but once I
finnaly got it to restart my issues disappeared.
Thank you so much for the help !
Regards,
Leo
On Thu, Mar 14, 2019 at 1:38 PM Sam Tunnicliffe <sa...@beobal.com> wrote:
> Hi Leo
>
> my guess would be that your configuration is not consistent across all
> nodes in the cluster. The responses you’re seeing are totally indicative of
> being connected to a node where PasswordAuthenticator is not enabled in
> cassandra.yaml.
>
> Thanks,
> Sam
>
> On 14 Mar 2019, at 10:56, Léo FERLIN SUTTON <lf...@mailjet.com.INVALID>
> wrote:
>
> Hello !
>
> Recently I have noticed some clients are having errors almost every time
> they try to contact my Cassandra cluster.
>
> The error messages vary but there is one constant : *It's not constant* !
> Let me show you :
>
> From the client host :
>
> `cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p my_password
> cassandra_address 9042`
>
> The CL commands will fail half of the time :
>
> ```
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD =
> 'leo4' AND LOGIN=TRUE;
> InvalidRequest: Error from server: code=2200 [Invalid query]
> message="org.apache.cassandra.auth.CassandraRoleManager doesn't support
> PASSWORD"
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD =
> 'leo4' AND LOGIN=TRUE;
> ```
>
> Same with grants :
> ```
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You
> have to be logged in and not anonymous to perform this request"
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> ```
>
> Same with `list roles` :
> ```
> cassandra_vault_superuser@cqlsh> list roles;
>
> role | super | login
> | options
>
> ----------------------------------------------------------+-------+-------+---------
> cassandra | True | True
> | {}
> [...]
>
> cassandra_vault_superuser@cqlsh> list roles;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You
> have to be logged in and not anonymous to perform this request"
> ```
>
> My Cassandra (3.0.18) configuration seems correct :
> ```
> authenticator: PasswordAuthenticator
> authorizer: CassandraAuthorizer
> role_manager: CassandraRoleManager
> ```
>
> The system_auth schema seems correct as well :
> `CREATE KEYSPACE system_auth WITH replication = {'class':
> 'NetworkTopologyStrategy', 'my_dc': '3'} AND durable_writes = true;`
>
>
> I am only having those errors when :
>
> * I am on a non local client.
> * Via `cqlsh`
> * Or via the vaultproject client (
> https://www.vaultproject.io/docs/secrets/databases/cassandra.html) (1
> error occurred: You have to be logged in and not anonymous to perform this
> request)
>
> If I am using cqlsh (with authentification) but from a Cassandra node it
> works 100% of the time.
>
> Any idas abut what might be going wrong ?
>
> Regards,
>
> Leo
>
>
>
Re: Query failure
Posted by Sam Tunnicliffe <sa...@beobal.com>.
Hi Leo
my guess would be that your configuration is not consistent across all nodes in the cluster. The responses you’re seeing are totally indicative of being connected to a node where PasswordAuthenticator is not enabled in cassandra.yaml.
Thanks,
Sam
> On 14 Mar 2019, at 10:56, Léo FERLIN SUTTON <lf...@mailjet.com.INVALID> wrote:
>
> Hello !
>
> Recently I have noticed some clients are having errors almost every time they try to contact my Cassandra cluster.
>
> The error messages vary but there is one constant : It's not constant ! Let me show you :
>
> From the client host :
>
> `cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p my_password cassandra_address 9042`
>
> The CL commands will fail half of the time :
>
> ```
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4' AND LOGIN=TRUE;
> InvalidRequest: Error from server: code=2200 [Invalid query] message="org.apache.cassandra.auth.CassandraRoleManager doesn't support PASSWORD"
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4' AND LOGIN=TRUE;
> ```
>
> Same with grants :
> ```
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You have to be logged in and not anonymous to perform this request"
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> ```
>
> Same with `list roles` :
> ```
> cassandra_vault_superuser@cqlsh> list roles;
>
> role | super | login | options
> ----------------------------------------------------------+-------+-------+---------
> cassandra | True | True | {}
> [...]
>
> cassandra_vault_superuser@cqlsh> list roles;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You have to be logged in and not anonymous to perform this request"
> ```
>
> My Cassandra (3.0.18) configuration seems correct :
> ```
> authenticator: PasswordAuthenticator
> authorizer: CassandraAuthorizer
> role_manager: CassandraRoleManager
> ```
>
> The system_auth schema seems correct as well :
> `CREATE KEYSPACE system_auth WITH replication = {'class': 'NetworkTopologyStrategy', 'my_dc': '3'} AND durable_writes = true;`
>
>
> I am only having those errors when :
>
> * I am on a non local client.
> * Via `cqlsh`
> * Or via the vaultproject client (https://www.vaultproject.io/docs/secrets/databases/cassandra.html <https://www.vaultproject.io/docs/secrets/databases/cassandra.html>) (1 error occurred: You have to be logged in and not anonymous to perform this request)
>
> If I am using cqlsh (with authentification) but from a Cassandra node it works 100% of the time.
>
> Any idas abut what might be going wrong ?
>
> Regards,
>
> Leo
>