(Created blank page) |
No edit summary |
||
Line 1: | Line 1: | ||
== Introduction == | |||
[https://en.wikipedia.org/wiki/Apache_Cassandra Apache Cassandra] is a free and open-source distributed NoSQL database system designed to handle large amounts of data across multiple servers, providing high availability with no single point of failure. | |||
== Installation == | |||
The database have been available since Fedora 26 and there are multiple packages in Fedora repositories: | |||
{|class="wikitable" | |||
|- | |||
| '''cassandra''' || Client tools | |||
|- | |||
| '''cassandra-server''' || Server part, mainly database daemon | |||
|- | |||
| '''cassandra-javadoc''' || Documentation | |||
|- | |||
| colspan="2" | More packages can be listed with command: '''dnf list cassandra\*''' | |||
|} | |||
<pre> | |||
dnf install cassandra cassandra-server | |||
</pre> | |||
will install database server and tools for working with it. | |||
== Basic setup == | |||
=== Initialization and startup === | |||
Start database daemon: | |||
<pre> | |||
systemctl start cassandra | |||
</pre> | |||
Enable start of database daemon after boot: | |||
<pre> | |||
systemctl enable cassandra | |||
</pre> | |||
To test if server initialization was successful you can try the Cassandra client. See [[#Usage example|Usage example]]. | |||
=== Users authentication === | |||
It’s especially relevant to note that '''by default authentication is disabled''' and to enable it you have to take the following steps: | |||
# Change the authenticator option in the ''/etc/cassandra/cassandra.yaml'' file to PasswordAuthenticator: <pre>authenticator: PasswordAuthenticator</pre> | |||
# Restart cassandra: <pre>systemctl restart cassandra</pre> | |||
# Start cqlsh using the default superuser name and password: <pre>cqlsh -u cassandra -p cassandra</pre> | |||
# Create a new superuser: <pre>cqlsh> CREATE ROLE <new_super_user> WITH PASSWORD = '<some_secure_password>' AND SUPERUSER = true AND LOGIN = true;</pre> | |||
# Log in as the newly created superuser: <pre>cqlsh -u <new_super_user> -p <some_secure_password></pre> | |||
# The Cassandra superuser cannot be deleted from Cassandra, so to neutralize the account, change the password to something long and incomprehensible, and alter the user’s status to NOSUPERUSER: <pre>cqlsh> ALTER ROLE cassandra WITH PASSWORD='SomeNonsenseThatNoOneWillThinkOf' AND SUPERUSER=false;</pre> | |||
=== Ports and remote access === | |||
By default these ports should be binded to Cassandra Java process after start: | |||
{| class="wikitable" | |||
|- | |||
! Port number !! Description | |||
|- | |||
| TCP / 7000 || Cassandra inter-node cluster communication | |||
|- | |||
| TCP / 7199 || Cassandra JMX monitoring port | |||
|- | |||
| TCP / 9042 || Cassandra client port | |||
|} | |||
{{admon/tip | Encrypted communication | [http://cassandra.apache.org/doc/latest/operating/security.html#tls-ssl-encryption SSL/TLS in Apache Cassandra] can be configured, by default it uses TCP / 7001 for inter-node communication and TCP / 9142 as client port.}} | |||
{{admon/warning | Thrift API | was deprecated in Apache Cassandra 4 and in Fedora version of Cassandra 3 is also stripped. This means there is not port TCP / 9160.}} | |||
To allow '''remote access''' to database, edit the ''/etc/cassandra/cassandra.yaml'' file, changing the following parameters (needs service restart): | |||
<pre> | |||
listen_address: external_ip | |||
rpc_address: external_ip | |||
seed_provider/seeds: "<external_ip>" | |||
</pre> | |||
Also open ports in '''firewall'''. | |||
firewalld: | |||
<pre> | |||
firewall-cmd --add-port=7000/tcp | |||
firewall-cmd --add-port=9042/tcp | |||
# probably you do not want to expose JMX port on external network | |||
# firewall-cmd --add-port=7199/tcp | |||
# save configuration | |||
firewall-cmd --runtime-to-permanent | |||
</pre> | |||
iptables: | |||
<pre> | |||
iptables -A INPUT -p tcp --dport 7000 -j ACCEPT | |||
iptables -A INPUT -p tcp --dport 9042 -j ACCEPT | |||
# probably you do not want to expose JMX port on external network | |||
# iptables -A INPUT -p tcp --dport 7199 -j ACCEPT | |||
</pre> | |||
{{admon/warning | Warning: | '''By default''' authentication is disabled and '''data are unprotected'''. See [[#Users authentication|Users authentication]].}} | |||
=== More about how to configure Apache Cassandra === | |||
To configure the server you have to edit the file ''/etc/cassandra/cassandra.yaml''. For more information about how to change configuration, see the the [https://docs.datastax.com/en/archived/cassandra/3.x/cassandra/configuration/configCassandra_yaml.html upstream configuration]. | |||
== Usage example == | |||
<pre> | |||
$ cqlsh | |||
Connected to Test Cluster at 127.0.0.1:9042. | |||
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] | |||
Use HELP for help. | |||
cqlsh> CREATE KEYSPACE k1 WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; | |||
cqlsh> USE k1; | |||
cqlsh:k1> CREATE TABLE users (user_name varchar, password varchar, gender varchar, PRIMARY KEY (user_name)); | |||
cqlsh:k1> INSERT INTO users (user_name, password, gender) VALUES ('John', 'test123', 'male'); | |||
cqlsh:k1> SELECT * from users; | |||
user_name | gender | password | |||
-----------+--------+---------- | |||
John | male | test123 | |||
(1 rows) | |||
</pre> |
Revision as of 14:17, 15 May 2018
Introduction
Apache Cassandra is a free and open-source distributed NoSQL database system designed to handle large amounts of data across multiple servers, providing high availability with no single point of failure.
Installation
The database have been available since Fedora 26 and there are multiple packages in Fedora repositories:
cassandra | Client tools |
cassandra-server | Server part, mainly database daemon |
cassandra-javadoc | Documentation |
More packages can be listed with command: dnf list cassandra\* |
dnf install cassandra cassandra-server
will install database server and tools for working with it.
Basic setup
Initialization and startup
Start database daemon:
systemctl start cassandra
Enable start of database daemon after boot:
systemctl enable cassandra
To test if server initialization was successful you can try the Cassandra client. See Usage example.
Users authentication
It’s especially relevant to note that by default authentication is disabled and to enable it you have to take the following steps:
- Change the authenticator option in the /etc/cassandra/cassandra.yaml file to PasswordAuthenticator:
authenticator: PasswordAuthenticator
- Restart cassandra:
systemctl restart cassandra
- Start cqlsh using the default superuser name and password:
cqlsh -u cassandra -p cassandra
- Create a new superuser:
cqlsh> CREATE ROLE <new_super_user> WITH PASSWORD = '<some_secure_password>' AND SUPERUSER = true AND LOGIN = true;
- Log in as the newly created superuser:
cqlsh -u <new_super_user> -p <some_secure_password>
- The Cassandra superuser cannot be deleted from Cassandra, so to neutralize the account, change the password to something long and incomprehensible, and alter the user’s status to NOSUPERUSER:
cqlsh> ALTER ROLE cassandra WITH PASSWORD='SomeNonsenseThatNoOneWillThinkOf' AND SUPERUSER=false;
Ports and remote access
By default these ports should be binded to Cassandra Java process after start:
Port number | Description |
---|---|
TCP / 7000 | Cassandra inter-node cluster communication |
TCP / 7199 | Cassandra JMX monitoring port |
TCP / 9042 | Cassandra client port |
To allow remote access to database, edit the /etc/cassandra/cassandra.yaml file, changing the following parameters (needs service restart):
listen_address: external_ip rpc_address: external_ip seed_provider/seeds: "<external_ip>"
Also open ports in firewall.
firewalld:
firewall-cmd --add-port=7000/tcp firewall-cmd --add-port=9042/tcp # probably you do not want to expose JMX port on external network # firewall-cmd --add-port=7199/tcp # save configuration firewall-cmd --runtime-to-permanent
iptables:
iptables -A INPUT -p tcp --dport 7000 -j ACCEPT iptables -A INPUT -p tcp --dport 9042 -j ACCEPT # probably you do not want to expose JMX port on external network # iptables -A INPUT -p tcp --dport 7199 -j ACCEPT
More about how to configure Apache Cassandra
To configure the server you have to edit the file /etc/cassandra/cassandra.yaml. For more information about how to change configuration, see the the upstream configuration.
Usage example
$ cqlsh Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cqlsh> CREATE KEYSPACE k1 WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; cqlsh> USE k1; cqlsh:k1> CREATE TABLE users (user_name varchar, password varchar, gender varchar, PRIMARY KEY (user_name)); cqlsh:k1> INSERT INTO users (user_name, password, gender) VALUES ('John', 'test123', 'male'); cqlsh:k1> SELECT * from users; user_name | gender | password -----------+--------+---------- John | male | test123 (1 rows)