In this guide, you will learn how to install Apache Cassandra Node on CentOS 8 and configure initial security configuration.
Table of Contents:
- What is Apache Cassandra?
- Features in Apache Cassandra
- Environment Specification
- Update CentOS 8 Software Packages
- Adding Apache Cassandra Official Yum Repository
- Installing Apache Cassandra on CentOS 8
- Configure Apache Cassandra Node Security
- Create an Admin user for Apache Cassandra
- Conclusion
What is Apache Cassandra? :
Apache Cassandra is a free and open-source, distributed, wide column store, NoSQL database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous masterless replication allowing low latency operations for all clients. (Courtesy: Wikipedia)
Cassandra was initially developed in Java programming language at Facebook to power its Inbox search feature. Facebook released Cassandra as an open-source project on Google code in July 2008. In March 2009 it became an Apache Incubator project. On February 17, 2010 it graduated to a top-level project.
Cassandra was now maintained by Apache Software Foundation and distributed under Apache License 2.0.
Features in Apache Cassandra:
Main features of Apache Cassandra are.
- Distributed - Every node in the cluster has the same role
- Supports replication and multi datacenter replication
- Highly Scalable
- Fault-tolerant - Data is automatically replicated to multiple nodes for fault-tolerance
- MapReduce support - Cassandra has Hadoop integration, with MapReduce support
- Query language - Cassandra introduced the Cassandra Query Language (CQL)
Environment Specification:
We are using a KVM based CentOS 8 virtual machine with following specification.
- CPU - 3.4 Ghz (2 cores)
- Memory - 2 GB
- Storage - 20 GB
- Operating System - CentOS 8.2
- Hostname – cassandra-01.centlinux.com
- IP Address - 192.168.116.206 /24
Update CentOS 8 Software Packages:
Connect with cassandra-01.centlinux.com as root user by using a ssh tool.
As a best practice, update existing software packages in our CentOS 8 node.
[root@cassandra-01 ~]# dnf update -y
...
Upgraded:
bind-export-libs-32:9.11.13-5.el8_2.x86_64
gnutls-3.6.8-11.el8_2.x86_64
grub2-common-1:2.02-87.el8_2.noarch
grub2-pc-1:2.02-87.el8_2.x86_64
grub2-pc-modules-1:2.02-87.el8_2.noarch
grub2-tools-1:2.02-87.el8_2.x86_64
grub2-tools-efi-1:2.02-87.el8_2.x86_64
grub2-tools-extra-1:2.02-87.el8_2.x86_64
grub2-tools-minimal-1:2.02-87.el8_2.x86_64
kernel-tools-4.18.0-193.14.2.el8_2.x86_64
kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64
libnghttp2-1.33.0-3.el8_2.1.x86_64
microcode_ctl-4:20191115-4.20200609.1.el8_2.x86_64
python3-perf-4.18.0-193.14.2.el8_2.x86_64
Installed:
kernel-4.18.0-193.14.2.el8_2.x86_64
kernel-core-4.18.0-193.14.2.el8_2.x86_64
kernel-modules-4.18.0-193.14.2.el8_2.x86_64
Removed:
kernel-4.18.0-147.5.1.el8_1.x86_64
kernel-core-4.18.0-147.5.1.el8_1.x86_64
kernel-modules-4.18.0-147.5.1.el8_1.x86_64
Complete!
Verify version of active kernel by using uname command.
[root@cassandra-01 ~]# uname -r
4.18.0-193.6.3.el8_2.x86_64
Verify version of CentOS operating system.
[root@cassandra-01 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
Adding Apache Cassandra Official Yum Repository:
Apache Software Foundation provides official yum repositories for each version of Cassandra software.
We are adding the Apache Cassandra yum repository as mentioned at Cassandra download page.
Create a repo file for Cassendra as follows.
[root@cassandra-01 ~]# vi /etc/yum.repos.d/cassandra.repo
Add following directives in this file.
[cassandra]
name=Apache Cassandra
baseurl=https://downloads.apache.org/cassandra/redhat/311x/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://downloads.apache.org/cassandra/KEYS
Here, 311x is the respective version of Apache Cassandra i.e. 3.11. Apache Cassandra 3.11 is the latest version at the time of this writing. Therefore, we are using it. If you want to install any other version of Apache Cassandra then you should update the version number in repo file accordingly.
Build yum cache for newly installed Cassandra repository. Accept GPG keys if asked to do so.
[root@cassandra-01 ~]# dnf makecache
CentOS-8 - AppStream 7.3 kB/s | 4.3 kB 00:00
CentOS-8 - Base 5.0 kB/s | 3.9 kB 00:00
CentOS-8 - Extras 162 B/s | 1.5 kB 00:09
Apache Cassandra 582 B/s | 833 B 00:01
Apache Cassandra 229 kB/s | 253 kB 00:01
Importing GPG key 0xF2833C93:
Userid : "Eric Evans <eevans@sym-link.com>"
Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0x8D77295D:
Userid : "Eric Evans <eevans@sym-link.com>"
Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0x2B5C1B00:
Userid : "Sylvain Lebresne (pcmanus) <sylvain@datastax.com>"
Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0x0353B12C:
Userid : "T Jake Luciani <jake@apache.org>"
Fingerprint: 514A 2AD6 31A5 7A16 DD00 47EC 749D 6EEC 0353 B12C
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0xFE4B2BDA:
Userid : "Michael Shuler <michael@pbandjelly.org>"
Fingerprint: A26E 528B 271F 19B9 E5D8 E19E A278 B781 FE4B 2BDA
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0x7E3E87CB:
Userid : "Michael Semb Wever <mick@thelastpickle.com>"
Fingerprint: A4C4 65FE A0C5 5256 1A39 2A61 E913 35D7 7E3E 87CB
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Importing GPG key 0xB7F6840C:
Userid : "Alex Petrov <oleksandr.petrov@gmail.com>"
Fingerprint: 9E66 CEC6 106D 578D 0B1E B9BF F100 0962 B7F6 840C
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Apache Cassandra 2.1 kB/s | 3.6 kB 00:01
Metadata cache created.
Apache Cassandra 3.11 yum repository has been installed on CentOS 8.
Installing Apache Cassandra on CentOS 8:
Apache Cassandra requires JVM (Java Virtual Machine) to run. Although, we can explicitly install Java on our CentOS 8 node, but if we install Cassandra by using dnf command, it will automatically installs all required dependencies including Java.
Therefore, we are directly installing Apache Cassandra on CentOS 8 by using dnf command.
[root@cassandra-01 ~]# dnf install -y cassandra
...
Installed:
alsa-lib-1.2.1.2-3.el8.x86_64
atk-2.28.1-1.el8.x86_64
avahi-libs-0.7-19.el8.x86_64
cairo-1.15.12-3.el8.x86_64
cassandra-3.11.7-1.noarch
copy-jdk-configs-3.7-1.el8.noarch
cups-libs-1:2.2.6-33.el8.x86_64
dejavu-fonts-common-2.35-6.el8.noarch
dejavu-sans-fonts-2.35-6.el8.noarch
fontconfig-2.13.1-3.el8.x86_64
fontpackages-filesystem-1.44-22.el8.noarch
fribidi-1.0.4-8.el8.x86_64
gdk-pixbuf2-2.36.12-5.el8.x86_64
gdk-pixbuf2-modules-2.36.12-5.el8.x86_64
giflib-5.1.4-3.el8.x86_64
graphite2-1.3.10-10.el8.x86_64
gtk-update-icon-cache-3.22.30-5.el8.x86_64
gtk2-2.24.32-4.el8.x86_64
harfbuzz-1.7.5-3.el8.x86_64
hicolor-icon-theme-0.17-2.el8.noarch
jasper-libs-2.0.14-4.el8.x86_64
java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2.x86_64
java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_2.x86_64
javapackages-filesystem-5.3.0-1.module_el8.0.0+11+5b8c10bd.noarch
jbigkit-libs-2.1-14.el8.x86_64
libX11-1.6.8-3.el8.x86_64
libX11-common-1.6.8-3.el8.noarch
libXau-1.0.8-13.el8.x86_64
libXcomposite-0.4.4-14.el8.x86_64
libXcursor-1.1.15-3.el8.x86_64
libXdamage-1.1.4-14.el8.x86_64
libXext-1.3.3-9.el8.x86_64
libXfixes-5.0.3-7.el8.x86_64
libXft-2.3.2-10.el8.x86_64
libXi-1.7.9-7.el8.x86_64
libXinerama-1.1.4-1.el8.x86_64
libXrandr-1.5.1-7.el8.x86_64
libXrender-0.9.10-7.el8.x86_64
libXtst-1.2.3-7.el8.x86_64
libdatrie-0.2.9-7.el8.x86_64
libfontenc-1.1.3-8.el8.x86_64
libjpeg-turbo-1.5.3-10.el8.x86_64
libthai-0.1.27-2.el8.x86_64
libtiff-4.0.9-17.el8.x86_64
libxcb-1.13.1-1.el8.x86_64
lksctp-tools-1.0.18-3.el8.x86_64
lua-5.3.4-11.el8.x86_64
pango-1.42.4-6.el8.x86_64
pixman-0.38.4-1.el8.x86_64
ttmkfdir-3.0.9-54.el8.x86_64
tzdata-java-2020a-1.el8.noarch
xorg-x11-font-utils-1:7.5-40.el8.x86_64
xorg-x11-fonts-Type1-7.5-19.el8.noarch
Complete!
cqlsh (Cassandra Query Language Shell) requires Python to run. Therefore, we are also required to install Python as well.
Currently, Apache Cassandra is only compatible with Python 2.7. Therefore, we are installing the same on our CentOS 8 node.
[root@cassandra-01 ~]# dnf install -y python2
...
Installed:
python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64
python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64
python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch
python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch
python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
Complete!
Cassandra service is SystemV based, therefore, we have to use the legacy commands to enable and start it.
[root@cassandra-01 ~]# service cassandra start
Starting cassandra (via systemctl): [ OK ]
[root@cassandra-01 ~]# chkconfig cassandra on
Verify the status of cassandra.service.
[root@cassandra-01 ~]# systemctl status cassandra.service
â cassandra.service - LSB: distributed storage system for structured data
Loaded: loaded (/etc/rc.d/init.d/cassandra; generated)
Active: active (running) since Sat 2020-08-01 11:18:50 PKT; 51s ago
Docs: man:systemd-sysv-generator(8)
Main PID: 48050 (java)
Tasks: 50 (limit: 12331)
Memory: 1.1G
CGroup: /system.slice/cassandra.service
ââ48050 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el8_2.x86_64>
Aug 01 11:18:46 cassandra-01.centlinux.com systemd[1]: Starting LSB: distribute>
Aug 01 11:18:46 cassandra-01.centlinux.com runuser[47978]: pam_unix(runuser:ses>
Aug 01 11:18:50 cassandra-01.centlinux.com runuser[47978]: pam_unix(runuser:ses>
Aug 01 11:18:50 cassandra-01.centlinux.com cassandra[47966]: Starting Cassandra>
Aug 01 11:18:50 cassandra-01.centlinux.com systemd[1]: Started LSB: distributed>
Use the nodetool command to verify the status of the Cassandra cluster.
[root@cassandra-01 ~]# nodetool status
Datacenter: datacenter1
=======================
Status=Up/Down
|/ State=Normal/Leaving/Joining/Moving
-- Address Load Tokens Owns (effective) Host ID Rack
UN 127.0.0.1 70.01 KiB 256 100.0% 7d916cdb-8065-42d0-97c0-c88c68b68aa3 rack1
Apache Cassandra has been installed on CentOS 8 node.
Configure Apache Cassandra Node Security:
Configuration files for Apache Cassandra are located in /etc/cassandra/conf directory.
It is a safe practice to take a backup of the original configuration file, before we start to edit it.
Create a copy of the original cassandra.yaml configuration file as follows.
[root@cassandra-01 ~]# cd /etc/cassandra/conf/
[root@cassandra-01 conf]# cp cassandra.yaml cassandra.yaml.bkp
[root@cassandra-01 conf]# cd
Now, edit this file by using vim editor.
[root@cassandra-01 ~]# vi /etc/cassandra/conf/cassandra.yaml
Locate following parameters in this file.
authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer
roles_validity_in_ms: 2000
permissions_validity_in_ms: 2000
And update their values as follows.
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
roles_validity_in_ms: 0
permissions_validity_in_ms: 0
Restart Cassandra service to take changes into effect.
[root@cassandra-01 ~]# systemctl restart cassandra.service
Create an Admin user for Apache Cassandra:
Connect to cqlsh prompt by using the Cassandra default username/password.
[root@cassandra-01 ~]# cqlsh -u cassandra -p cassandra
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.7 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
cassandra@cqlsh>
Create an admin user by using following command.
cassandra@cqlsh> CREATE ROLE ahmer WITH PASSWORD = 'Ahmer@1234' AND SUPERUSER = true AND LOGIN = true;
Exit from cqlsh prompt.
cassandra@cqlsh> exit
Again Connect to cqlsh by using new admin user.
[root@cassandra-01 ~]# cqlsh -u ahmer -p Ahmer@1234
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.7 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
ahmer@cqlsh>
For better security it is always advisable to remove/disable the default users. Therefore, revoke admin role and login permissions from cassendra user.
ahmer@cqlsh> ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false;
Revoke all permissions from cassendra user.
ahmer@cqlsh> REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;
Grant all permissions to new admin user.
ahmer@cqlsh> GRANT ALL PERMISSIONS ON ALL KEYSPACES TO ahmer;
Exit from cqlsh prompt.
ahmer@cqlsh> exit
Apache Cassandra node has been configured. It is now ready to become part of a Cassandra cluster.
Conclusion:
In above guide, you have learned how to install Apache Cassandra node on CentOS 8, we have also configured recommended security configurations as well. Cassandra: The Definitive Guide: Distributed Data at Web Scale 2nd Edition by Jeff Carpenter is a very good book and we strongly recommend that you should read it.
No comments:
Post a Comment