boolean authenticate(InetAddress address, int port)
Cassandra provides no security with its default settings. If a node is configured with the cluster name and if the node can contact at least one cluster node, then it will join the cluster. We want to prevent arbitrary Cassandra nodes from joining the RHQ Storage cluster.
CASSANDRA-5401 added a pluggable security API that can be used to provide basic control over which nodes are allowed to join the cluster. There is a single method that determines whether or not to accept communication from another node.
boolean authenticate(InetAddress address, int port)
The implementation is specified by the internode_authenticator property in cassandra.yaml. The RHQ Storage Node is configured to use org.rhq.cassandra.auth.RhqInternodeAuthenticator. RhqInternodeAuthenticator consults a whitelist of IP addresses to determine whether or or not authorize a request. That list is found in <rhq-storage-basedir>/conf/rhq-storage-auth.conf.
Any host listed in rhq-storage-auth.conf will be allowed to join the cluster and therefore obtain access to data in the RHQ Storage cluster. It is imperative to restrict access to rhq-storage-auth.conf in order to prevent unauthorized users from accessing data stored in RHQ.
When a storage node is installed, rhq-storage-auth.conf will only contain that node's IP address. When an additional storage node is deployed, its IP address will be added to rhq-storage-auth.conf for all existing nodes. And when a node is undeployed, its IP address will be removed from rhq-storage-auth.conf for all existing nodes. This is done automatically by the RHQ Agent with the RHQ Storage plugin.
The RHQ Agent requires write access to rhq-storage-auth.conf.