System_auth keyspace overwritten in Cassandra cluster

Question

I was adding a Node2 to another cassandra Node1 to form a cluster and I lost my user database (which caused authentication problems). I appreciate if someone can help me to understand what happened (to avoid that from happening again the next time I add another node).

Node1 is in DCA and Node2 is in DCB. I configured the yaml config file in the Node2 and brought it up, only to find the firewalls have prevented proper communication between the two.

After fixing the communication problem, I found I have authentication problem and my users do not exist anymore and I should login with default cassandra/cassandra user and pass. The system_auth of Node1 was overwritten by a copy from the new Node2 (which did not have the users, and only default user).

My config includes:

endpoint_snitch: GossipingPropertyFileSnitch
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer

Question: Why the newer system_auth user keyspace replaced the older one?

To fix the issues, I made sure the communication is ok. I decommisioned the new Node2, emptied its data directory and rejoined it. Then I defined the users from scratch (which was replicated to both nodes). Both my own kyspace and te system_auth were altered to have one replica on each server (and data center).

{'class' : 'NetworkTopologyStrategy', 'DCA' : 1, 'DCB' : 1 } (for both my own and system_auth keyspaces)

Answer 1

For any system specific keyspace, the replication strategy should only be Local Strategy and not Network Strategy. The reason your system_auth keyspace got altered is because when you installed Cassandra on new node, it created system_auth keysapce and had the newest time stamp. Being Network Topolgy strategy, it replicated to older node. I hope this explains the situation.