If you find yourself in the unfortunate situation where you have forgotten the cassandra superuser password, here's how to reset it (procedure tested using cassandra 2.0 with cql 3.1):
1. Stop panicking ;)
2. Turn off authorisation and authentication :
edit cassandra.yaml and set the following:
authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer
bounce cassandra
service cassandra restart
3. Fire up the cli
cqlsh
At this point you need to identify you superusers. If you were a good girl/boy, you would have set up a fresh superuser and dumped the default cassandra user.
list users;
name | super
-----------+-------
cassandra | False
myadmin | True
As you can see, I've taken super privs away from the default superuser cassandra and created my own called myadmin as per the recommendations of the docs.
Now, depending on how many nodes and data centers you have, the system_auth keyspace is likely to be replicated on other nodes and specifically the credentials column family. You need to manually update this table to get back into shape, as this saves you the hassle of having to visit all nodes in your cluster and reset authentication as above.
Type in the following:
update system_auth.credentials set salted_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='myadmin' ;
4. Revert the cassandra.yaml:
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
and restart
service cassandra restart
5. Now you can log in with:
cqlsh -u myadmin -p cassandra
Once logged, reset your password to something less obvious.
No comments:
Post a Comment