How can I set up a superuser account on Cassandra with homebrew build?

Question

I have installed cassandra with homebrew and am trying to create a superuser admin account. when I type sudo cqlsh -u cassandra -p cassandra I get this error:

Python Cassandra driver not installed, or not on PYTHONPATH.
You might try "pip install cassandra-driver".
Python: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
Module load path: ['/usr/local/Cellar/cassandra/2.1.2/bin', '/Library/Python/2.7/site-packages/cql-1.4.0-py2.7.egg', '/Library/Python/2.7/site-packages/thrift-0.9.2-py2.7-macosx-10.10-intel.egg', '/Library/Python/2.7/site-packages/ccm-2.0.2-py2.7.egg', '/Library/Python/2.7/site-packages/tailer-0.3-py2.7.egg', '/Library/Python/2.7/site-packages', '/Library/Python/2.7/site-packages/psutil-2.2.0-py2.7-macosx-10.10-intel.egg', '/Library/Python/2.7/site-packages/pip-6.0.6-py2.7.egg', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python27.zip', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-darwin', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac/lib-scriptpackages', '/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-old', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-dynload', '/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/PyObjC', '/Library/Python/2.7/site-packages']

Error: No module named cassandra

when I do it without sudo, I am allowed into cqlsh with the default login. Problem is that when I type CREATE USER admn WITH PASSWORD 'pw' SUPERUSER;, this gets returned:

code=2100 [Unauthorized] message="Only superusers are allowed to perform CREATE USER queries"

When I saw this I was like, no prob, and got into my cassandra.yaml file, located in /usr/local/etc/cassandra and changed authenticator: AllowAllAuthenticator to authenticator: PasswordAuthenticator. I saved the file went back to the cqlsh and tried again. Same result. Can somebody please tell me what to do to set up new users?

Answer 1

You are on the right track. The default superuser account is username 'cassandra' password 'cassandra' and you are appropriately configuring the authenticator.

What's missing is that after changing the cassandra.yaml file, you need to restart cassandra in order for the Authenticator change to take effect. Note that you should also change the authorizer to 'CassandraAuthorizer'.

If you have a multi-node cluster, you should make this change on all nodes and you should also increase the replication factor on the system_auth keyspace in order to allow auth to continue working after the node owning the data goes down.

Answer 2

I was facing the issue to create a new user, after connecting cassandra node from cqlsh as cqlsh -u cassandra -p cassandra.

Solution worked out to me is:

1. Edit the cassandra.yaml and replaced the authenticator and authorizer values as below.

//authenticator: AllowAllAuthenticator

authenticator: PasswordAuthenticator

//authorizer: AllowAllAuthorizer

authorizer: CassandraAuthorizer

2. Re start the cassandra node

3. connect from cqlsh with cassandra/cassandra credentials

4.Watched out a system.log(tail -f system.log), you should see following message.

INFO [NonPeriodicTasks:1] 2015-04-23 11:02:03,973 PasswordAuthenticator.java:215 - PasswordAuthenticator created default user 'cassandra'

INFO [NonPeriodicTasks:1] 2015-04-23 11:02:03,987 Auth.java:277 - Created default superuser 'cassandra'

5. Before to this I didn't have "system_auth" key space, after this change now am able to see "system_auth" key space and "credentials" table.