How to Install Apache Cassandra on CentOS 8
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
After completing this guide, you will have a single-node, production-ready installation of Apache Cassandra hosted on your Linode running CentOS 8. This tutorial will cover basic configuration options, as well as how to harden and secure your database.
NoteIn order to successfully execute the commands in this guide, you will need to run them as theroot
user, or log in using an account with root privileges, prefixing each command withsudo
.
Before You Begin
- Complete the Getting Started guide for setting up a new Linode.
- While it is recommended you complete the entire Securing Your Server guide, at minimum, you should add a limited user account.
Add Repositories and GPG Keys
Install the “yum-utils” package:
sudo yum install yum-utils -y
Add the Datastax repository so that we can install the required Cassandra software in a later step:
sudo yum-config-manager --add-repo http://rpm.datastax.com/community
Add the public key for the Datastax repository. Create a directory for the downloaded key:
mkdir ~/.keys
Navigate to the
.keys
directory and download the public key usingcurl
:curl -o repo_key http://rpm.datastax.com/rpm/repo_key
The key should now be contained in a file called “repo_key”. Install the key with the package manager:
sudo rpm --import repo_key
Install Cassandra and Supporting Applications
In this section, you will update your Linux system software, install package dependencies, Java, and Cassandra.
Install Cassandra, Java, and NTP:
sudo yum update && sudo yum upgrade sudo yum install java dsc30 cassandra30-tools
Install Python. The Cassandra
cqlsh
interpreter requires Python in order to run. You will use this interpreter in later sections of this guide.sudo dnf install python2
Activate Cassandra
Enable Cassandra on system boot and verify that it is running:
sudo systemctl enable cassandra sudo systemctl start cassandra sudo systemctl -l status cassandra
Check the status of the Cassandra cluster:
nodetool status
If
UN
is displayed in the output, the cluster is working. Your output should resemble the following:Status=Up/Down |/ State=Normal/Leaving/Joining/Moving -- Address Load Tokens Owns (effective) Host ID Rack UN 127.0.0.1 103.51 KiB 256 100.0% c43a2db6-8e5f-4b5e-8a83-d9b6764d923d rack1
If you receive connection errors, see Troubleshooting Connection Errors.
Configure Cassandra
Enable Security Features
In this section, you will enable user login authentication. You can also configure other security settings based on your project’s needs.
Make a backup of the Cassandra configuration file
cassandra.yaml
.sudo cp /etc/cassandra/conf/cassandra.yaml /etc/cassandra/conf/cassandra.yaml.backup
Open
cassandra.yaml
in your preferred text editor:Note
Locations of thecassandra.yaml
file may differ slightly between distros.sudo vim /etc/cassandra/conf/cassandra.yaml
Match the following variables in the file to the values shown in the example file. If any values are commented out, uncomment them. The rest of the properties found in the
cassandra.yaml
file should be set based on your project’s particular requirements and how you plan to utilize Cassandra. The default configuration should work well for development.- File: CentOS /etc/cassandra/conf/cassandra.yaml
1 2 3 4 5 6 7 8 9 10
. . . authenticator: org.apache.cassandra.auth.PasswordAuthenticator authorizer: org.apache.cassandra.auth.CassandraAuthorizer role_manager: CassandraRoleManager roles_validity_in_ms: 0 permissions_validity_in_ms: 0 . . .
More information about this file can be found in the Cassandra Configuration File guide in Apache’s official documentation.
After editing the configuration file restart Cassandra.
sudo systemctl restart cassandra
Add An Administration Superuser
Open the Cassandra command terminal by typing
cqlsh
. Log in with the credentials shown below for the default usercassandra
:cqlsh -u cassandra -p cassandra
Create a new superuser. Replace the brackets as well as the content inside with the applicable information:
CREATE ROLE [new_superuser] WITH PASSWORD = '[secure_password]' AND SUPERUSER = true AND LOGIN = true;
Log out by typing
exit
.Log back in with the new superuser account and replace the username and password with your new credentials:
cqlsh -u new-super-user -p my-scecure-password
Remove the elevated permissions from the Cassandra account:
ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false; REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;
Grant all permissions to the new superuser account. Replace the brackets and contents inside with your superuser account username:
GRANT ALL PERMISSIONS ON ALL KEYSPACES TO '[superuser]';
Log out by typing
exit
.
Edit The Console Configuration File
The cqlshrc
file holds configuration settings that influence user preferences and how Cassandra performs certain tasks.
NoteEnsure you complete the steps in this section using your limited user account. This account will need sudo privileges, if it does not already have them.
Since your Cassandra username and password can be stored in plaintext, the cqlshrc
file should only be accessible to your administrative user account, and is designed to be inaccessible to other accounts on your Linux system.
CautionDo not complete this section as the root user. Before proceeding, fully evaluate the security risks and consequences to your node cluster before adding the[authentication]
section.
Create the file
cqlshrc
using your preferred text editor. If the~/.cassandra
directory does not exist, create it:sudo mkdir ~/.cassandra sudo vim ~/.cassandra/cqlshrc
Copy any sections below that you wish to add to your configuration, and ensure you replace the
superuser
andpassword
value in brackets with your own values. Details for this file can be found in the Configuring cqlsh From a File guide on the DataStax site.Note
You can find a sample file containing all the configuration options in the example/etc/cassandra/conf/cqlshrc.sample
file.- File: ~/.cassandra/cqlshrc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
;; Options that are common to both COPY TO and COPY FROM [copy] ;; The string placeholder for null values nullval=null ;; For COPY TO, controls whether the first line in the CSV output file will ;; contain the column names. For COPY FROM, specifies whether the first ;; line in the CSV file contains column names. header=true ;; The string literal format for boolean values boolstyle = True,False ;; Input login credentials here to automatically login to the Cassandra command line without entering them each time. When this ;; is enabled, just type "cqlsh" to start Cassandra. [authentication] username=[superuser] password=[password] ;; Uncomment to automatically use a certain keyspace on login ;; keyspace=[keyspace] [ui] color=on datetimeformat=%Y-%m-%d %H:%M:%S%z completekey=tab ;; The number of digits displayed after the decimal point ;; (note that increasing this to large numbers can result in unusual values) float_precision = 5 ;; The encoding used for characters encoding = utf8
Save and close the file.
Update the
cqlshrc
file and directory with the following permissions:sudo chmod 440 ~/.cassandra/cqlshrc sudo chmod 700 ~/.cassandra
Login by typing the command below. You will be prompted to enter your password. The
cqlsh
command terminal should open, and your superuser name should be visible in the command line.cqlsh -u superuser
Note
You can also login by providing your username and password:
cqlsh -u superuser -p password
Rename the Cluster
In this section, you will update your default cluster name from “Test Cluster” to your desired name.
Log into the
cqlsh
control terminal if you are not already logged in.cqlsh -u superuser
Replace
[new_name]
with your new cluster name:UPDATE system.local SET cluster_name = '[new_name]' WHERE KEY = 'local';
Type
exit
to return to the Linux command line.Edit the
cassandra.yaml
file and replace the value in thecluster_name
variable with the new cluster name you just set.sudo vim /etc/cassandra/conf/cassandra.yaml
Save and close.
From the Linux terminal (not
cqlsh
) clear the system cache. This command will not disturb your node’s data.nodetool flush system
Restart Cassandra:
sudo systemctl restart cassandra
Log in with
cqlsh
and verify the new cluster name is visible.cqlsh -u superuser
Connected to my-cluster-name at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 4.0 | CQL spec 3.4.5 | Native protocol v4] Use HELP for help. superuser@cqlsh>
Troubleshooting Connection Errors
If you receive connection errors when running nodetool status
, you may need to manually enter networking information.
Open the
cassandra-env.sh
file in a text editor.sudo vim /etc/cassandra/conf/cassandra-env.sh
Search for
-Djava.rmi.server.hostname=
in the file. Uncomment this line and add your loopback address or public IP address by replacing<public name>
at the end of the line:- File: /etc/cassandra/conf/cassandra-env.sh
1 2 3
. . . JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=<public name>" . . .
Restart Cassandra after you’ve finished updating the
cassandra-env.sh
file:sudo systemctl restart cassandra
Check the node status again after the service restarts:
nodetool status
Note
It may take a few seconds for Cassandra to refresh the configuration. If you receive another connection error, try waiting 15 seconds before rechecking the node status.
Where To Go From Here
Be sure to check out the links in the More Information section, which will help you further configure Cassandra to your needs, as well as provide resources to improve your understanding and ability to use Cassandra.
To fully utilize the capabilities of Cassandra in a production setting, additional nodes should be added to your cluster. See the companion guide Adding Nodes to an Existing Cluster for more information.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on