Get Started

Changing Passwords in a Cassandra Cluster

by the Hossted team
02.08.2024

Problem:

The client needed to change the passwords of all users in the Cassandra cluster. It was specifically inquired about the necessity of changing the default password for the “cassandra” superuser and requested a step-by-step guide, along with precautions to prevent any impact on the application.

Process:

The expert provided a detailed response with the standard procedure for changing the password of the “cassandra” superuser:

  1. Login: Access any node in the Cassandra cluster using the “cassandra” superuser account.
  2. Configuration File: Open the cassandra.yaml configuration file in the /etc/cassandra directory.
  3. Authentication Check: Ensure the line authenticator: org.apache.cassandra.auth.PasswordAuthenticator is uncommented.
  4. Save and Restart: Save the changes and restart the Cassandra service using sudo service cassandra restart.
  5. Change Password: Log in to the Cassandra shell using cqlsh and execute ALTER USER cassandra WITH PASSWORD 'new_password'; to change the password.
  6. Verification: Verify the new password by logging in to the Cassandra shell again.

Additionally, several precautions were recommended:

  • Application Updates: Ensure all applications using the “cassandra” superuser account were updated with the new password.
  • Automated Scripts: Update any automated scripts or tools using the “cassandra” superuser account with the new password.
  • Monitoring: Monitor the Cassandra cluster for any issues or errors post-change.

Solution:

Following the live session with the client, several critical points for the password change process in their 3-node cluster setup were discussed and confirmed:

  • Password Change Steps: Reiterated the steps to change the password and necessary precautions.
  • Authenticator Parameter: Verified that the authenticator parameter needed to be set correctly.
  • Multidc Replication: Since the production environment used multidc replication, changing the password on one node should propagate across all data centers.
  • Route Password: Confirmed the master user password needed to be changed.
  • System Users: No changes were necessary for system users.
  • Application Users: Application user passwords needed updating, requiring coordination with the application team.
  • Key Spaces: Testing in lower environments was required before applying changes in production.
  • Alter Table Statement: Needed an ALTER TABLE statement to update passwords for both the superuser and application users.
  • Authentication Logging: If the superuser password was forgotten, authentication logging had to be disabled temporarily.

Conclusion:

The process of changing passwords in a Cassandra cluster required careful planning and execution to ensure system integrity and application continuity. By following a structured approach and adhering to recommended precautions, the client successfully updated the passwords for the Cassandra superuser and application users.

Related articles
OSSpediaCase Studies
Data Management and Analytics 21 Feb 2024 Harnessing the Power of Cassandra: The Open-Source Database Every Business Should Consider Database APA