scylladb docker-compose 用户密码认证配置

scylladb 对于用户的认证配置还是比较简单的，以下是一个docker-compose 配置的说明

环境准备

• docker-compose 文件

version: "3"

services: 

  scylladb:

    image: scylladb/scylla

    command: --authenticator=PasswordAuthenticator

    ports: 

    - "9042:9042"

  scylladb2:

   image: scylladb/scylla

   command: --seeds=scylladb --authenticator=PasswordAuthenticator

   ports: 

   - "9043:9042"

  scylladb3:

   image: scylladb/scylla

   command: --seeds=scylladb --authenticator=PasswordAuthenticator

   ports: 

   - "9044:9042"

  jaeger:

    image: jaegertracing/all-in-one:1.13

    environment:

      - COLLECTOR_ZIPKIN_HTTP_PORT=9411

      - CASSANDRA_SERVERS=scylladb,scylladb2,scylladb3

      - SPAN_STORAGE_TYPE=cassandra

      - CASSANDRA_USERNAME=cassandra

      - CASSANDRA_PASSWORD=cassandra

    ports:

      - "9411:9411"

      - "5775:5775/udp"

      - "6831:6831/udp"

      - "6832:6832/udp"

      - "16686:16686"

• 说明
  以上是一个jaeger 配置后端存储为jaeger 的例子，主要关于认证的是--authenticator=PasswordAuthenticator

启动&&测试

• 启动

docker-comppose up -d

• 连接

cqlsh -u cassandra -p cassandra

• 简单操作

use system_auth;

select * from system_auth.roles;

效果

 role | can_login | is_superuser | member_of | salted_hash

-----------+-----------+--------------+-----------+------------------------------------------------------------------------------------------------------------

 cassandra | True | True | null | $6$yTLXoV.PE1VUxebi$30sNkUxHiuwxKtHj.9AQToZwFZnxXZxzV9J82avqePpG1x8hnNuBAH0JbfMYxKuDsaM6I.2U9SUDv66/ATuYd.

​

(1 rows)

说明

scylladb 也包含了完整的基于rbac 的访问控制机制，还是很不错的

参考资料

https://docs.scylladb.com/operating-scylla/security/rbac_usecase/
https://docs.scylladb.com/operating-scylla/security/authentication/