Sunday 29 March 2015

Need to reset Cassandra superuser password?

If you find yourself in the unfortunate situation where you have forgotten the cassandra superuser password, here's how to reset it (procedure tested using cassandra 2.0 with cql 3.1):

1. Stop panicking ;)

2. Turn off authorisation and authentication :

edit cassandra.yaml and set the following:

authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer

bounce cassandra

service cassandra restart

3. Fire up the cli

cqlsh

At this point you need to identify you superusers. If you were a good girl/boy, you would have set up a fresh superuser and dumped the default cassandra user.

list users;

 name      | super
-----------+-------
 cassandra | False
 myadmin |  True

As you can see, I've taken super privs away from the default superuser cassandra and created my own called myadmin as per the recommendations of the docs.

Now, depending on how many nodes and data centers you have, the system_auth keyspace is likely to be replicated on other nodes and specifically the credentials column family. You need to manually update this table to get back into shape, as this saves you the hassle of having to visit all nodes in your cluster and reset authentication as above.

Type in the following:

update system_auth.credentials set salted_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='myadmin'  ;

4. Revert the cassandra.yaml:

authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer

and restart

service cassandra restart

5. Now you can log in with:

cqlsh -u myadmin -p cassandra

Once logged, reset your password to something less obvious.