Running a Startup on AWS? Get Funding With AWS JumpStart. Click Here to Learn More

2021 Fillmore Street #1128

}

24/7 solutions

Remove the User Cassandra from DataStaxApache Cassandra Installations

Whenever you’re installing a new DataStaxApache Cassandra cluster, you need to remember to remove the user cassandra. We’ve seen this at a couple of customer installations now. If you do not change the user cassandra or at least alter the roles for the user cassandra. then you’re liable to see all sort of nasty repercussions. […]

Whenever you’re installing a new DataStaxApache Cassandra cluster, you need to remember to remove the user cassandra.
We’ve seen this at a couple of customer installations now. If you do not change the user cassandra or at least alter the roles for the user cassandra. then you’re liable to see all sort of nasty repercussions. The cassandra user uses  a consistency level of QUORUM when querying keyspaces like ‘system_auth’. Hence, you may see significant performance degradation because each query will need to have confirmation.
In your Cassandra system log files, you’ll most likely see
WARN 2018-12-07 17:20:12,047 ClientState.java:372 - User ‘cassandra’ logged in from /10.0.0.4:48220. It is strongly recommended to create and use another user and grant it superuser capabilities and remove the default one. See http://docs.datastax.com/en/dse/6.0/dse-admin/datastax_enterprise/security/Auth/secCreateRootAccount.html
For security and performance reasons, you will almost always want to remove or alter the cassandra user and create a new super user.
We usually prescribe the following steps to alter the super user and create a new super user.
1. Login with cqlsh.

cqlsh -u cassandra -p cassandra

2. Create a new superuser.

[email protected]> CREATE ROLE [new_superuser] WITH PASSWORD = '[secure_password]' AND SUPERUSER = true AND LOGIN = true;

3. Logout by typing exit at the command prompt.

exit

4. Log back in with your new credentials

cqlsh -u [new_superuser] -p [secure_password]

5. For security purposes, change the cassandra user password

alter user cassandra with password '[new_password]';

6. Remove the super privileges from the cassandra user.

[email protected]> ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false;
[email protected]> REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;

7. Grant all permissions to your super account.

[email protected]> GRANT ALL PERMISSIONS ON ALL KEYSPACES TO [superuser];

DataStax AllCode


Joel Garcia
Joel Garcia

Joel Garcia has been building AllCode since 2015. He’s an innovative, hands-on executive with a proven record of designing, developing, and operating Software-as-a-Service (SaaS), mobile, and desktop solutions. Joel has expertise in HealthTech, VoIP, and cloud-based solutions. Joel has experience scaling multiple start-ups for successful exits to IMS Health and Golden Gate Capital, as well as working at mature, industry-leading software companies. He’s held executive engineering positions in San Francisco at TidalWave, LittleCast, Self Health Network, LiveVox acquired by Golden Gate Capital, and Med-Vantage acquired by IMS Health.

Related Articles

Here’s Why You Should Work with an AWS Partner

Here’s Why You Should Work with an AWS Partner

Amazon Web Services is understandably a difficult platform to adapt to and utilize fully upon first getting started. Some organizations can be selected to become certified partners to indirectly extend services to help build on the Amazon Cloud. Finding a certified company to help build out is undoubtedly the best way to significantly simplify, streamline, and reduce the cost of utilizing AWS.

Amazon Web Services – CodeCatalyst

Amazon Web Services – CodeCatalyst

When a development team is building out an application, it helps to have access to the same resources, have the tools for planning and testing, and to have access to the application all in one place. CodeCatalyst comes with a slew of continuous integration/continuous development (CI/CD) tools and can leverage other AWS services and be connected to other AWS projects on an account. As a collaborative tool, it is easy to introduce new members into the project and to log all activity or all tests from a single dashboard. It’s a complete package of all the tools needed to securely work on every step of an application’s lifecycle.

The Definitive Guide to AWS Pricing

The Definitive Guide to AWS Pricing

Perhaps the biggest issue with AWS that its competitors edge out on is the confusing pricing model. It does promise the capacity to help users save significantly on funds that otherwise by avoiding spending on unnecessary resources, but getting to that point isn’t always clear. We will be covering in greater detail how this works.

Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.