You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by Who Dadddy <qw...@gmail.com> on 2021/03/15 17:00:15 UTC

Restore of system_auth data to new cluster

Hi Everyone,

I need to nuke a cluster and want to restore  the system_auth details from a backup - is this possible? Never restored system_auth before and thought there was some salt on the encrypted passwords?

Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
For additional commands, e-mail: user-help@cassandra.apache.org

Re: Restore of system_auth data to new cluster

Posted by Who Dadddy <qw...@gmail.com>.

Thanks - appreciate the tips!

> On 15 Mar 2021, at 22:42, Kane Wilson <k...@raft.so> wrote:
> 
> Keep in mind that you'll need the same tokens for each node for your restore to work if RF < #Nodes. There is an easy way to work around this though by setting RF=# of nodes on the system_auth keyspace (and do a repair of it) before you take the backup, then restore system_auth to every node. If you can't do that then either keep the tokens the same (by setting initial_token on each node to one of the previous nodes tokens), or simply copying all nodes system_auth backups to every single node when you restore.
> 
> raft.so <https://raft.so/> - Cassandra consulting, support, and managed services
> 
> 
> On Tue, Mar 16, 2021 at 4:32 AM Bowen Song <bo...@bso.ng.invalid> wrote:
> It's safe to restore the system_auth keyspace. The salted_hash in the 
> system_auth.roles table stores the bcrypt salted hashed passwords. The 
> data in this column actually contains both the salt and the hash.
> 
> 
> On 15/03/2021 17:00, Who Dadddy wrote:
> > Hi Everyone,
> >
> > I need to nuke a cluster and want to restore  the system_auth details from a backup - is this possible? Never restored system_auth before and thought there was some salt on the encrypted passwords?
> >
> > Thanks
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org <ma...@cassandra.apache.org>
> > For additional commands, e-mail: user-help@cassandra.apache.org <ma...@cassandra.apache.org>
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org <ma...@cassandra.apache.org>
> For additional commands, e-mail: user-help@cassandra.apache.org <ma...@cassandra.apache.org>
>

Re: Restore of system_auth data to new cluster

Posted by Kane Wilson <k...@raft.so>.

Keep in mind that you'll need the same tokens for each node for your
restore to work if RF < #Nodes. There is an easy way to work around this
though by setting RF=# of nodes on the system_auth keyspace (and do a
repair of it) before you take the backup, then restore system_auth to every
node. If you can't do that then either keep the tokens the same (by setting
initial_token on each node to one of the previous nodes tokens), or simply
copying all nodes system_auth backups to every single node when you restore.

raft.so - Cassandra consulting, support, and managed services

On Tue, Mar 16, 2021 at 4:32 AM Bowen Song <bo...@bso.ng.invalid> wrote:

> It's safe to restore the system_auth keyspace. The salted_hash in the
> system_auth.roles table stores the bcrypt salted hashed passwords. The
> data in this column actually contains both the salt and the hash.
>
>
> On 15/03/2021 17:00, Who Dadddy wrote:
> > Hi Everyone,
> >
> > I need to nuke a cluster and want to restore  the system_auth details
> from a backup - is this possible? Never restored system_auth before and
> thought there was some salt on the encrypted passwords?
> >
> > Thanks
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> > For additional commands, e-mail: user-help@cassandra.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: user-help@cassandra.apache.org
>
>

Re: Restore of system_auth data to new cluster

Posted by Bowen Song <bo...@bso.ng.INVALID>.

It's safe to restore the system_auth keyspace. The salted_hash in the 
system_auth.roles table stores the bcrypt salted hashed passwords. The 
data in this column actually contains both the salt and the hash.


On 15/03/2021 17:00, Who Dadddy wrote:
> Hi Everyone,
>
> I need to nuke a cluster and want to restore  the system_auth details from a backup - is this possible? Never restored system_auth before and thought there was some salt on the encrypted passwords?
>
> Thanks
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: user-help@cassandra.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.org
For additional commands, e-mail: user-help@cassandra.apache.org