Install Apache Cassandra on Debian 9
Updated by Linode Contributed by Linode
After completing this guide, you will have a single-node, production-ready installation of Apache Cassandra hosted on your Linode running Debian 9. This tutorial will cover basic configuration options, as well as harden database security.
NoteIn order to successfully execute the commands in this guide, you will need to run them as theroot
user, or log in using an account with root privileges, prefixing each command withsudo
.
Before You Begin
- Complete the Getting Started guide for setting up a new Linode.
- While it is recommended you complete the entire Securing Your Server guide, at minimum, you should add a limited user account.
Install Cassandra and Supporting Applications
In this section, you will install package dependencies, Java, Cassandra, and update your Linux system software.
Update your system’s software packages:
sudo apt update
Install the required package dependencies:
sudo apt install apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common
Import the repository’s GPG key using
wget
and add the AdoptOpenJDK APT repository:wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add - sudo add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/
Install Java 8:
sudo apt update sudo apt install adoptopenjdk-8-hotspot
Verify the version of Java you just installed:
java -version
Add Cassandra’s GPG keys:
wget -q -O - https://www.apache.org/dist/cassandra/KEYS | sudo apt-key add -
Add the Cassandra repository to your Debian system’s sources list:
sudo sh -c 'echo "deb http://www.apache.org/dist/cassandra/debian 311x main" > /etc/apt/sources.list.d/cassandra.list'
Note
You may want to follow the link to the Apache repository to confirm that “40x” is the latest available version.Update your packages index and install Cassandra:
sudo apt update sudo apt install cassandra
Activate Cassandra
Enable Cassandra on system boot and verify that it is running:
sudo systemctl enable cassandra sudo systemctl start cassandra sudo systemctl -l status cassandra
Check the status of the Cassandra cluster:
nodetool status
If
UN
is displayed in the output, the cluster is working. Your output should resemble the following:Status=Up/Down |/ State=Normal/Leaving/Joining/Moving -- Address Load Tokens Owns (effective) Host ID Rack UN 127.0.0.1 103.51 KiB 256 100.0% c43a2db6-8e5f-4b5e-8a83-d9b6764d923d rack1
If you receive connection errors, open the
cassandra-env.sh
file in a text editor.sudo vim /etc/cassandra/cassandra-env.sh
Search for
-Djava.rmi.server.hostname=
in the file. Uncomment this line and add your loopback address or public IP address by replacing<public name>
at the end of the line:- Debian /etc/cassandra/conf/cassandra-env.sh
-
1 2 3 4 5 6
. . . JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=<public name>" . . .
Restart Cassandra after you’ve finished updating the
cassandra-env.sh
file:sudo systemctl restart cassandra
Check the node status:
nodetool status
Note
It may take a few seconds for Cassandra to refresh the configuration. If you receive another connection error, try waiting 15 seconds before rechecking the node status.
Configure Cassandra
Enable Security Features
In this section, you will enable user login authentication. You can also configure other security settings based on your project’s needs.
Make a backup of the Cassandra configuration file
cassandra.yaml
.sudo cp /etc/cassandra/cassandra.yaml /etc/cassandra/cassandra.yaml.backup
Open
cassandra.yaml
in your preferred text editor:Note
Locations of thecassandra.yaml
file may differ slightly between distros.sudo vim /etc/cassandra/cassandra.yaml
Match the following variables in the file to the values shown in the example file. If any values are commented out, uncomment them. The rest of the properties found in the
cassandra.yaml
file should be set based on your project’s particular requirements and how you plan to utilize Cassandra. The default configuration should work well for development.- Debian /etc/cassandra/cassandra.yaml
-
1 2 3 4 5 6 7 8 9 10
. . . authenticator: org.apache.cassandra.auth.PasswordAuthenticator authorizer: org.apache.cassandra.auth.CassandraAuthorizer role_manager: CassandraRoleManager roles_validity_in_ms: 0 permissions_validity_in_ms: 0 . . .
More information about this file can be found in the Cassandra Configuration File guide in Apache’s official documentation.
After editing the configuration file restart Cassandra.
sudo systemctl restart cassandra
Add An Administration Superuser
Open the Cassandra command terminal by typing
cqlsh
. Log in with the credentials shown below for the default usercassandra
:cqlsh -u cassandra -p cassandra
Create a new superuser. Replace the brackets as well as the content inside with the applicable information:
CREATE ROLE [new_superuser] WITH PASSWORD = '[secure_password]' AND SUPERUSER = true AND LOGIN = true;
Log out by typing
exit
.Log back in with the new superuser account and replace the username and password with your new credentials:
cqlsh -u new-super-user -p my-secure-password
Remove the elevated permissions from the Cassandra account:
ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false; REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;
Grant all permissions to the new superuser account. Replace the brackets and contents inside with your superuser account username:
GRANT ALL PERMISSIONS ON ALL KEYSPACES TO [superuser];
Log out by typing
exit
.
Edit The Console Configuration File
The cqlshrc
file holds configuration settings that influence user preferences and how Cassandra performs certain tasks.
NoteEnsure you complete the steps in this section using your limited user account. This account will need sudo privileges, if it does not already have them.
Since your Cassandra username and password can be stored in plaintext, the cqlshrc
file should only be accessible to your administrative user account, and is designed to be inaccessible to other accounts on your Linux system.
CautionDo not complete this section as the root user. Before proceeding, fully evaluate the security risks and consequences to your node cluster before adding the[authentication]
section.
Create the file
cqlshrc
using your preferred text editor. If the~/.cassandra
directory does not exist, create it:sudo mkdir ~/.cassandra sudo vim ~/.cassandra/cqlshrc
Copy any sections below that you wish to add to your configuration, and ensure you replace the
superuser
andpassword
value in brackets with your own values. Details for this file can be found in the Configuring cqlsh From a File guide on the DataStax site.- ~/.cassandra/cqlshrc
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
. . . ;; Options that are common to both COPY TO and COPY FROM [copy] ;; The string placeholder for null values nullval=null ;; For COPY TO, controls whether the first line in the CSV output file will ;; contain the column names. For COPY FROM, specifies whether the first ;; line in the CSV file contains column names. header=true ;; The string literal format for boolean values boolstyle = True,False ;; Input login credentials here to automatically login to the Cassandra command line without entering them each time. When this ;; is enabled, just type "cqlsh" to start Cassandra. [authentication] username=[superuser] password=[password] ;; Uncomment to automatically use a certain keyspace on login ;; keyspace=[keyspace] [ui] color=on datetimeformat=%Y-%m-%d %H:%M:%S%z completekey=tab ;; The number of digits displayed after the decimal point ;; (note that increasing this to large numbers can result in unusual values) float_precision = 5 ;; The encoding used for characters encoding = utf8 . . .
Save and close the file.
Update the
cqlshrc
file and directory with the following permissions:sudo chmod 440 ~/.cassandra/cqlshrc sudo chmod 700 ~/.cassandra
Login by typing the command below. You will be prompted to enter your password. The
cqlsh
command terminal should open, and your superuser name should be visible in the command line.cqlsh -u superuser
Note
You can also login by providing your username and password:
cqlsh -u superuser -p password
Rename the Cluster
In this section, you will update your default cluster name from “Test Cluster” to your desired name.
Log into the
cqlsh
control terminal if you are not already logged in.cqlsh -u superuser
Replace
[new_name]
with your new cluster name:UPDATE system.local SET cluster_name = '[new_name]' WHERE KEY = 'local';
Type
exit
to return to the Linux command line.Edit the
cassandra.yaml
file and replace the value in thecluster_name
variable with the new cluster name you just set.sudo vim /etc/cassandra/cassandra.yaml
Save and close.
From the Linux terminal (not cqlsh) clear the system cache. This command will not disturb your node’s data.
nodetool flush system
Restart Cassandra:
sudo systemctl restart cassandra
Log in with cqlsh and verify the new cluster name is visible.
cqlsh -u superuser
Connected to my-cluster-name at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 4.0 | CQL spec 3.4.5 | Native protocol v4] Use HELP for help. superuser@cqlsh>
Where To Go From Here
Be sure to check out the links in the More Information section, which will help you further configure Cassandra to your needs, as well as provide resources to improve your understanding and ability to use Cassandra.
To fully utilize the capabilities of Cassandra in a production setting, additional nodes should be added to your cluster. See the companion guide Adding Nodes to an Existing Cluster for more information.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
- Cassandra Documentation
- Cassandra cqlshrc File Configuration Overview
- Cassandra .yaml Configuration File Overview
- Recommended Production Settings For Apache Cassandra
- The Cassandra Query Language (CQL)
Join our Community
Find answers, ask questions, and help others.
This guide is published under a CC BY-ND 4.0 license.