Create a highly available Apache Cassandra cluster through the Linode Marketplace. Apache Cassandra is an open-source, distributed NoSQL database management system designed for handling large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters with asynchronous masterless replication allowing low-latency operations for all clients.
- 4.1.5
Supported Distributions:
- Ubuntu 22.04 LTS
Deployment guide:
Additonal resources:
This playbook creates a 3-5 node cluster using Apache Cassandra. Authentication to the cluster is secured via a user-supplied username. The default cassandra database role is dropped and superseded by the new user role provided by the client. In addition, cluster communication is secured via SSL/TLS where keystores are created and used by the cluster.
Both certificates and keystores can be found on every node in the /etc/cassandra/ssl directory. Only the first Cassandra server will have client certificates. This playbook also creates n amount of client certificates so that applications can connect to the Cassandra cluster.
We can connect to Cassandra using cqlsh using client or server certificates. You will need 4 components in order to connect to the cluster:
- Username and password created by the playbook. You can find the credentials in '/home/admin/.credentials'. Assumming that you created a user called `admin'.
- Client certificate
- Client key
- CA certificate
To start, on the client node, create the following directory, /home/admin/cassandra_ssl. In this example we are assuming that there is a system user called admin.
Next, on the first Cassandra node, copy the content of /etc/cassandra/ssl/cert/client1.crt, /etc/cassandra/ssl/cert/client1.crt and /etc/cassandra/ssl/ca/ca.crt and place it in the /home/admin/cassandra_ssl we just created.
We will need to create a Cassandra resource file to use our client certificate. Create the the /home/admin/.cassandra directory. Create a file with the following contents:
[connection]
ssl = true
factory = cqlshlib.ssl.ssl_transport_factory
[ssl]
certfile = /home/admin/cassandra_ssl/ca.crt
userkey = /home/admin/cassandra_ssl/client1.key
usercert = /home/admin/cassandra_ssl/client1.crt
validate = true
Lastly, we connect to one of the Cassandra servers using cqlsh:
cqlsh 192.168.139.160 -u superuser --ssl
Please replace 192.168.139.160 with the private IP address of one of the Cassandra nodes and superuser with the user you provided at the start of the cluster. Once you are connected and enter the password at prompt, you have authenticated to the cluster!
Connected to Cassandra Cluster at 192.168.139.160:9042
[cqlsh 6.1.0 | Cassandra 4.1.5 | CQL spec 3.4.6 | Native protocol v5]
Use HELP for help.
superadmin@cqlsh>
You can distribute the remainder of client certifcates to the remainder of the nodes. Enjoy!