scylladb 对于用户的认证配置还是比较简单的,以下是一个docker-compose 配置的说明
环境准备
- docker-compose 文件
version: "3"
services:
scylladb:
image: scylladb/scylla
command: --authenticator=PasswordAuthenticator
ports:
- "9042:9042"
scylladb2:
image: scylladb/scylla
command: --seeds=scylladb --authenticator=PasswordAuthenticator
ports:
- "9043:9042"
scylladb3:
image: scylladb/scylla
command: --seeds=scylladb --authenticator=PasswordAuthenticator
ports:
- "9044:9042"
jaeger:
image: jaegertracing/all-in-one:1.13
environment:
- COLLECTOR_ZIPKIN_HTTP_PORT=9411
- CASSANDRA_SERVERS=scylladb,scylladb2,scylladb3
- SPAN_STORAGE_TYPE=cassandra
- CASSANDRA_USERNAME=cassandra
- CASSANDRA_PASSWORD=cassandra
ports:
- "9411:9411"
- "5775:5775/udp"
- "6831:6831/udp"
- "6832:6832/udp"
- "16686:16686"
- 说明
以上是一个jaeger 配置后端存储为jaeger 的例子,主要关于认证的是--authenticator=PasswordAuthenticator
启动&&测试
- 启动
docker-comppose up -d
- 连接
cqlsh -u cassandra -p cassandra
- 简单操作
use system_auth;
select * from system_auth.roles;
效果
role | can_login | is_superuser | member_of | salted_hash
-----------+-----------+--------------+-----------+------------------------------------------------------------------------------------------------------------
cassandra | True | True | null | $6$yTLXoV.PE1VUxebi$30sNkUxHiuwxKtHj.9AQToZwFZnxXZxzV9J82avqePpG1x8hnNuBAH0JbfMYxKuDsaM6I.2U9SUDv66/ATuYd.
(1 rows)
说明
scylladb 也包含了完整的基于rbac 的访问控制机制,还是很不错的
参考资料
https://docs.scylladb.com/operating-scylla/security/rbac_usecase/
https://docs.scylladb.com/operating-scylla/security/authentication/