The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.
FAQ - Is a cluster shutdown required to enable Aerospike Security?
Detail
The Aerospike Enterprise edition has an optional security feature that allows username and password based authentication. Is a full cluster shutdown required to implement this?
Answer
Aerospike Server versions 4.6.0.4+, 4.5.3.6+, 4.5.2.6+, 4.5.1.11+, 4.5.0.15+
For Aerospike Server versions 4.6.0.4+, 4.5.3.6+, 4.5.2.6+, 4.5.1.11+, 4.5.0.15+ security can be enabled with a rolling restart. Refer to Configuring Access Control - Enabling Access Control. In Aerospike Server versions 4.6.0.4, 4.5.3.6, 4.5.2.6, 4.5.1.11, 4.5.0.15 an enhancement (AER-6099) was made to allow security information to be exchanged between nodes via the SMD. Therefore, client applications built with Aerospike Clients (C Client 4.6.5+, C# Client 3.8.2+, Java Client 4.4.4+, Python Client 3.7.3+ and Node.js Client 3.12.0+) can communicate with a ‘mixed’ cluster where some nodes require authentication and some do not. It is not required to have a full cluster shutdown to implement security.
Aerospike Server versions 4.6.0.2, 4.5.3.5 or earlier, 4.5.2.5 or earlier, 4.5.1.10 or earlier, 4.5.0.14 or earlier
For Aerospike Server versions 4.6.0.2, 4.5.3.5 or earlier, 4.5.2.5 or earlier, 4.5.1.10 or earlier, 4.5.0.14 or earlier the enable-security
parameter is static, meaning it requires a node restart and unanimous. If a single node is restarted with security turned on, the SMD sub-system would actually revert the security related SMD configuration, preventing even a single node in a cluster to have security enabled.
It would therefore be required for those older versions to fully shutdown the cluster in order to enable security…
Notes
- In Aerospike Server version 4.6.0.4 clusters using XDR cannot enable Aerospike Security with a simple rolling restart. Version 4.7 addresses this issue.
- Enabling Access Control is covered in the Configuring Access Control documentation.
- Enabling Aerospike Security on an XDR enabled cluster is covered in the How to enable ACL for XDR knowledge base article.
Keywords
ENABLE SECURITY UNANIMOUS AUTHENTICATION ACCESS CONTROL CLIENT
Timestamp
September 2019