Cassandra stores metadata and supports storage of the metadata for replication services.

About this task

For test and development environments, you can optionally skip this topic, and follow the instructions at Create Containers for Test and Development Environments to have Cassandra run in a Docker container instead.

The following is an example of the installation and configuration of a Cassandra server on a CentOS 6.5 host.

Prerequisites

  • Verify that you have Python 2.7 or later.

  • Verify that Java 1.7.X is installed and configured.

# cd /opt 

# wget --no-cookies --no-check-certificate --header \
"Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" \
"http://download.oracle.com/otn-pub/java/jdk/7u79-b15/jdk-7u79-linux-x64.tar.gz"

# tar xzf jdk-7u79-linux-x64.tar.gz

Update Security

# wget --no-cookies --no-check-certificate --header \
"Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" \
http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip

# unzip UnlimitedJCEPolicyJDK7.zip

# cp UnlimitedJCEPolicy/*.jar /opt/jdk1.7.0_79/jre/lib/security/

Install and Configure Java

# cd /opt/jdk1.7.0_79/

# alternatives --install /usr/bin/java java /opt/jdk1.7.0_79/bin/java 2

# alternatives --config java

Verify that the latest version of Java is installed and active

# java -version

Procedure

  1. Run the following commands to add the DataStax Community repository and install Cassandra.
    1. Create the file /etc/yum.repos.d/datastax.repo. The contents are:
      [datastax] 
      name = DataStax Repo for Apache Cassandra
      baseurl = https://rpm.datastax.com/community
      enabled = 1
      gpgcheck = 0
    2. Install Cassandra
      # yum install dsc22 cassandra22 -y
    3. Start and verify the newly installed Cassandra.
      # service cassandra start
    4. Check Cassandra service status:
      # service cassandra status
    5. Enter Cassandra command line to verify setup:
      # cqlsh

      If an error regarding python occurs when running cqlsh, update Python to Python 2.7:

      # yum install -y centos-release-SCL
      
      # yum install -y python27
      
      # scl enable python27 bash
      
      # echo "/usr/lib/python2.7/site-packages/" > \
      /opt/rh/python27/root/usr/lib/python2.7/site-packages/usrlocal.pth
  2. Modify Cassandra to enable SSL

    Cassandra requires SSL communication between client and node to enable vSphere Replication Cloud Service to communicate with Cassandra.

    1. On each node, create a certificate:

      Generate SSL certificate

      # /opt/jdk1.7.0_79/bin/keytool -keystore /etc/cassandra/conf/.keystore \
      -storepass vmware -validity 365 -storetype JKS -genkey -keyalg RSA \
      -alias ${CASS_NODE} -dname 'cn=${CASS_NODE}, ou=DR2C, o=VMware, c=US' \
      -keypass vmware
    2. Export Cassandra certificate. In cloud-cassandra-X.pem, the X represents the node number.
      # /opt/jdk1.7.0_79/bin/keytool -export -rfc \
      -keystore /etc/cassandra/conf/.keystore -storepass vmware \
      -file /root/cloud-${CASS_NODE}.pem -alias ${CASS_NODE}
    3. Copy .pem files to all other servers
    4. Import each certificate into truststore:
      # /opt/jdk1.7.0_79/bin/keytool -noprompt -import -trustcacerts \
      -alias ${CASS_NODE} -file /root/cloud-${CASS_NODE}.pem \
      -keystore /etc/cassandra/conf/.truststore -storepass vmware

      The truststore contains a copy of the pem certificate of all the nodes.

  3. Modify Cassandra to enable SSL
    1. Enable client communication with Cassandra over SSL by editing: /etc/cassandra/conf/cassandra.yaml
      # Comment out listen_address and bind to listen_interface instead 
      
      #listen_address: localhost
      listen_interface: eth1
      
      # Comment out rpc_address and bind to rpc_interface instead 
      
      #rpc_address: localhost
      rpc_interface: eth1
      
      # ---------------- Further down in file
      server_encryption_options:
         internode_encryption: all
         keystore: /etc/cassandra/conf/.keystore
         keystore_password: vmware
         truststore: /etc/cassandra/conf/.truststore
         truststore_password: vmware
         require_client_auth: true
         store_type: JKS
      #------------------------
      
      # ---------------- Further down in file
      Client_encryption_options: 
      enabled: true 
      keystore: /etc/cassandra/conf/.keystore 
      keystore_password: vmware 
      require_client_auth: true
      
      # Set trustore and truststore_password if require_client_auth is true
      truststore: /etc/cassandra/conf/.truststore
      truststore_password: vmware
      
      # More advanced defaults below:
      
      # protocol: TLS
      
      # algorithm: SunX509
      store_type: JKS
      
    2. Restart Cassandra
      # service cassandra restart