[jira] [Comment Edited] (CASSANDRA-8557) Default install from tarball is a bit puzzling

["Tanaka (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/CASSANDRA-8557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898906#comment-16898906 ] 

Tanaka edited comment on CASSANDRA-8557 at 8/2/19 1:55 PM:
-----------------------------------------------------------

 
{quote}1. The default installation doesn’t allow remote connections
{quote} * There is no mention of setting up remote access on the installation page

 * Follow this guide: [Setting up Cassandra for remote access · GitHub|https://gist.github.com/andykuszyk/7644f334586e8ce29eaf8b93ec6418c4]
 * Follow this guide to JMX remote access: [Documentation|http://cassandra.apache.org/doc/latest/operating/security.html?highlight=remote%20access]

 
{quote}2. The config file (cassandra.yaml) specifies the use of the AllowAllAuthenticator. This is almost immediately replaced during setup by the PasswordAuthenticator. Why not start there?
{quote} * Cassandra ships with two options included in the default distribution.

 * By default, Cassandra is configured with AllowAllAuthenticator which performs no authentication checks and therefore requires no credentials. It is used to disable authentication completely. Note that authentication is a necessary condition of Cassandra’s permissions subsystem, so if authentication is disabled, effectively so are permissions.
 * The default distribution also includes PasswordAuthenticator, which stores encrypted credentials in a system table. This can be used to enable simple username/password authentication.

 
{quote}3. The config file (cassandra.yaml) specifies the use of the AllowAllAuthorizer. This is almost immediately replaced during setup by the CassandraAuthorizer. Why not start there?
{quote} * Cassandra ships with two options included in the default distribution.

 * By default, Cassandra is configured with AllowAllAuthorizer which performs no checking and so effectively grants all permissions to all roles. This must be used if AllowAllAuthenticator is the configured authenticator.
 * The default distribution also includes CassandraAuthorizer, which does implement full permissions management functionality and stores its data in Cassandra system tables.


was (Author: tanakarm):
{quote}1. The default installation doesn’t allow remote connections
{quote} * There is no mention of setting up remote access on the installation page
 * Follow this guide: [Setting up Cassandra for remote access · GitHub|https://gist.github.com/andykuszyk/7644f334586e8ce29eaf8b93ec6418c4]
 * Follow this guide to JMX remote access: [Documentation|http://cassandra.apache.org/doc/latest/operating/security.html?highlight=remote%20access]

 
{quote}2. The config file (cassandra.yaml) specifies the use of the AllowAllAuthenticator. This is almost immediately replaced during setup by the PasswordAuthenticator. Why not start there?
{quote} * Cassandra ships with two options included in the default distribution.
 * By default, Cassandra is configured with AllowAllAuthenticator which performs no authentication checks and therefore requires no credentials. It is used to disable authentication completely. Note that authentication is a necessary condition of Cassandra’s permissions subsystem, so if authentication is disabled, effectively so are permissions.
 * The default distribution also includes PasswordAuthenticator, which stores encrypted credentials in a system table. This can be used to enable simple username/password authentication.

 
{quote}3. The config file (cassandra.yaml) specifies the use of the AllowAllAuthorizer. This is almost immediately replaced during setup by the CassandraAuthorizer. Why not start there?
{quote} * Cassandra ships with two options included in the default distribution.
 * By default, Cassandra is configured with AllowAllAuthorizer which performs no checking and so effectively grants all permissions to all roles. This must be used if AllowAllAuthenticator is the configured authenticator.
 * The default distribution also includes CassandraAuthorizer, which does implement full permissions management functionality and stores its data in Cassandra system tables.

> Default install from tarball is a bit puzzling
> ----------------------------------------------
>
>                 Key: CASSANDRA-8557
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8557
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Legacy/Tools, Local/Config
>         Environment: Tested with Crunchbang Waldorf built on Debian 7 Wheezy.
> Java version:
> {noformat}
> $ java -version
> java version "1.8.0_25"
> Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
> Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
> {noformat}
> Python version:
> {noformat}
> $ python --version
> Python 2.7.3
> {noformat}
> I suspect this applies to all *nix tarball installs.
>            Reporter: Chris E
>            Assignee: Tanaka
>            Priority: Low
>              Labels: documentation, easyfix
>
> The default tarball installation of Apache Cassandra is kind of confusing for a newcomer.
> There are several different points of confusion:
> 1. The default installation doesn't allow remote connections.
> 2. The config file (cassandra.yaml) specifies the use of the AllowAllAuthenticator. This is almost immmediately replaced during setup by the PasswordAuthenticator. Why not start there?
> 3. The config file (cassandra.yaml) specifies the use of the AllowAllAuthorizer. This is almost immediately replaced during setup by the CassandraAuthorizer. Why not start there?
> 4. Why does cassandra-cli exist? It even tells the user "This is being deprecated." It's confusing figuring out whether to use cqlsh or cassandra-cli.
> 5. Running the cassandra script creates a background job that keeps running--if you control-c the script, the process continues running.
> 6. The config file (cassandra.yaml) has rpc_interface and rpc_address, and the docs there don't spell out that that address is *also* required for using remote logins from cqlsh.
> 7. On a freshly-created VM, the localhost flag to rpc_address doesn't appear to work (though this may be due to a misconfiguration of the VM). It seems to need the assigned IP address of the VM to get it accepting external connections.
> 8. The config file (cassandra.yaml) has the request_scheduler using NoScheduler--which is fine, but the docs are unclear as to whether or not this means that client requests won't be scheduled (at all).



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org