Replacing MS with Cassandra Authentication Enabled

Not applicable

We had a question about replacing/adding an Management Server to an environment with Cassandra authentication enabled. In our current planet, we install all components (DS, RMP, MS, etc) without cass authentication. After nodes are installed and running properly, we go back and enable Cassandra authentication and change the default username/password. This involves running the command update-cass-pwd-in-config.sh on the nodes. This process has been working well for us.

We wanted to create a script to replace a bad MS in the event of a failure. The addition would occur in an established environment (orgs, environments, proxies deployed). We tried it out following the steps in the Operations Guide and hit an issue during the installation (apigee-setup.sh). After installation, it appears the ms comes up and attempts to connect to Cassandra. Since Cassandra auth is not configured, we see a lot of errors in the ms startup log.

We wanted to know if there is a way to configure the MS with Cassandra credentials before it starting or an alternative way. Thanks in advance,

Apigee Edge OPDK 4.15.07

0 3 341
3 REPLIES 3

Not applicable

Hi Steven,

The easies way to do this is to install the new MS using silent process. In the response file for that component, add the following variables indicating the user and password for Cassandra:

CASS_USERNAME=

CASS_PASSWORD=

Doing so, will take care of the component installation, passing appropiate values for Cassandra user/password.

@Maudrit - Thanks for the post. Regarding this issue, I’m still hitting a bit of a snag. I actually modified my response file on the Management Server to include the following…

CASS_USERNAME=“<username>"

CASS_PASSWORD="<password>"

The Management Server installation still errors out. The error message I get the error below. This error message makes me think the Management Server is attempting a JMX connection to the DS node. The concern I have with this is that the error message indicates no credentials are being passed, not invalid credentials. Can you confirm the Management Server install supports a Cassandra ring with both JMX and Cassandra Authentication enabled. Also, are there properties files I could verify the response file values are being used?

Error: Unable to connect to XXX.XXX.XXX.XXX

Exception in thread "main" java.lang.SecurityException: Authentication failed! Credentials required at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:211)at com.sun.jmx.remot.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:163)

EndFragment

at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:219)

Steve

I think I found the root cause of my issue. I was digging through the apigee installation scripts and found the location where the error occurs. In the file apigee-enterpise-setup.sh, you are making a call to apigee-cassandra-datastore-setup. Only 2 parameters are passed in (host and file). Username and password are not passed into this call which eventually makes a nodetool ring status command. SInce credentials are not present, the JMX call fails with the error message I provided.

4.15.07.03 apigee-enterprise-setup.sh (Line 257) apigee-cassandra-datastore-setup.sh (Line 97-98, Line 33)