User not found when configuring XDR with security


#1

User not found when configuring XDR with security

Problem Description

When using Aerospike 3.8.x and above with XDR and security enabled, the following message is seen in the aerospike.log of the remote data center. XDR shipping has been configured on the source data center but no namespaces are shipping at this time.

May 05 2016 12:38:37 GMT: WARNING (security): (security.c:2148) authenticate - user not found

The source cluster aerospike.log will show:

May 05 2016 12:40:19 GMT: WARNING (xdr): (as_cluster.c:404) Failed to connect to 52.58.138.104:3000. AEROSPIKE_INVALID_USER AEROSPIKE_INVALID_USER
May 05 2016 12:40:19 GMT: WARNING (xdr): (as_cluster.c:404) Failed to connect to 52.58.117.63:3000. AEROSPIKE_INVALID_USER AEROSPIKE_INVALID_USER

Explanation

This error will be displayed when the user credentials specified for the remote data center do not exist. Even though there are no namespaces shipping data, the source cluster will attempt to connect to the remote cluster. If the specified user does not exist, this will be logged as a failed connection in the remote cluster log which can generate large logs if left unchecked.

Solution

Create the XDR user specified in security configuration files on all remote data centers.

Notes

  • Nodes in remote datacenters can be added dynamically. It is possible to put a skeleton XDR Datacenter stanza into the xdr stanza of aerospike.conf and add nodes using asinfo . Therefore the XDR configurationcan be added when the node is restarted and filled out when XDR is ready to go live.

http://www.aerospike.com/docs/operations/configure/cross-datacenter/

Keywords

XDR SECURITY USER AUTHENTICATION

Timestamp

5/6/16