From Fedora Project Wiki

m (Jjanco moved page Cassandra to Apache Cassandra: just Cassandra is vague name)
No edit summary
Line 42: Line 42:
# Create a new superuser: <pre>cqlsh> CREATE ROLE <new_super_user> WITH PASSWORD = '<some_secure_password>' AND SUPERUSER = true AND LOGIN = true;</pre>
# Create a new superuser: <pre>cqlsh> CREATE ROLE <new_super_user> WITH PASSWORD = '<some_secure_password>' AND SUPERUSER = true AND LOGIN = true;</pre>
# Log in as the newly created superuser: <pre>cqlsh -u <new_super_user> -p <some_secure_password></pre>
# Log in as the newly created superuser: <pre>cqlsh -u <new_super_user> -p <some_secure_password></pre>
# The Cassandra superuser cannot be deleted from Cassandra, so to neutralize the account, change the password to something long and incomprehensible, and alter the user’s status to NOSUPERUSER: <pre>cqlsh> ALTER ROLE cassandra WITH PASSWORD='SomeNonsenseThatNoOneWillThinkOf' AND SUPERUSER=false;</pre>
# "cassandra" superuser cannot be deleted from Cassandra, so to neutralize the account, change the password to something long and incomprehensible, and alter the user’s status to NOSUPERUSER: <pre>cqlsh> ALTER ROLE cassandra WITH PASSWORD='SomeNonsenseThatNoOneWillThinkOf' AND SUPERUSER=false;</pre>


=== Ports and remote access ===
=== Ports and remote access ===

Revision as of 14:57, 15 May 2018

Introduction

Apache Cassandra is a free and open-source distributed NoSQL database system designed to handle large amounts of data across multiple servers, providing high availability with no single point of failure.


Installation

The database have been available since Fedora 26 and there are multiple packages in Fedora repositories:

cassandra Client tools
cassandra-server Server part, mainly database daemon
cassandra-javadoc Documentation
More packages can be listed with command: dnf list cassandra\*
dnf install cassandra cassandra-server

will install database server and tools for working with it.


Basic setup

Initialization and startup

Start database daemon:

systemctl start cassandra

Enable start of database daemon after boot:

systemctl enable cassandra

To test if server initialization was successful you can try the Cassandra client. See Usage example.

Users authentication

It’s especially relevant to note that by default authentication is disabled and to enable it you have to take the following steps:

  1. Change the authenticator option in the /etc/cassandra/cassandra.yaml file to PasswordAuthenticator:
    authenticator: PasswordAuthenticator
  2. Restart cassandra:
    systemctl restart cassandra
  3. Start cqlsh using the default superuser name and password:
    cqlsh -u cassandra -p cassandra
  4. Create a new superuser:
    cqlsh> CREATE ROLE <new_super_user> WITH PASSWORD = '<some_secure_password>' AND SUPERUSER = true AND LOGIN = true;
  5. Log in as the newly created superuser:
    cqlsh -u <new_super_user> -p <some_secure_password>
  6. "cassandra" superuser cannot be deleted from Cassandra, so to neutralize the account, change the password to something long and incomprehensible, and alter the user’s status to NOSUPERUSER:
    cqlsh> ALTER ROLE cassandra WITH PASSWORD='SomeNonsenseThatNoOneWillThinkOf' AND SUPERUSER=false;

Ports and remote access

By default these ports should be binded to Cassandra Java process after start:

Port number Description
TCP / 7000 Cassandra inter-node cluster communication
TCP / 7199 Cassandra JMX monitoring port
TCP / 9042 Cassandra client port
Encrypted communication
SSL/TLS in Apache Cassandra can be configured, by default it uses TCP / 7001 for inter-node communication and TCP / 9142 as client port.
Thrift API
was deprecated in Apache Cassandra 4 and in Fedora version of Cassandra 3 is also stripped. This means there is not port TCP / 9160.

To allow remote access to database, edit the /etc/cassandra/cassandra.yaml file, changing the following parameters (needs service restart):

listen_address: external_ip
rpc_address: external_ip
seed_provider/seeds: "<external_ip>"

Also open ports in firewall.

firewalld:

firewall-cmd --add-port=7000/tcp
firewall-cmd --add-port=9042/tcp
# probably you do not want to expose JMX port on external network
# firewall-cmd --add-port=7199/tcp
# save configuration
firewall-cmd --runtime-to-permanent

iptables:

iptables -A INPUT -p tcp --dport 7000 -j ACCEPT
iptables -A INPUT -p tcp --dport 9042 -j ACCEPT
# probably you do not want to expose JMX port on external network
# iptables -A INPUT -p tcp --dport 7199 -j ACCEPT
Warning:
By default authentication is disabled and data are unprotected. See Users authentication.

More about how to configure Apache Cassandra

To configure the server you have to edit the file /etc/cassandra/cassandra.yaml. For more information about how to change configuration, see the the upstream configuration.


Usage example

$ cqlsh
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
cqlsh> CREATE KEYSPACE k1 WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
cqlsh> USE k1;
cqlsh:k1> CREATE TABLE users (user_name varchar, password varchar, gender varchar, PRIMARY KEY (user_name));
cqlsh:k1> INSERT INTO users (user_name, password, gender) VALUES ('John', 'test123', 'male');
cqlsh:k1> SELECT * from users;

 user_name | gender | password
-----------+--------+----------
      John |   male |  test123

(1 rows)


Feedback

We will be glad to see any feedback from you.

Also we are looking for some help with maintaining Apache Cassandra in Fedora, so if you feel ready to help us, just contact us.