How to Install and Secure the Apache Cassandra Database Server On Ubuntu 22.04
Introduction
Apache Cassandra is a free open-source NoSQL database server commonly used with distributed systems. Cassandra can replicate high volumes of data across multiple cloud locations with low latency. When designing an application that requires high availability even in cases where a full data location goes down, Cassandra is the best choice for a database server. Examples of these applications include banking systems, healthcare management systems, social media applications, and e-commerce stores.
This guide explains how to install, use, and secure the Apache Cassandra Database Server on a Ubuntu 22.04 server.
Prerequisites
Before you begin:
Deploy a Ubuntu 22.04 server with at least
8GBRAM in development, or32GBin production.Using SSH, access the server.
Switch to the sudo user account.
# su example-user
Install the Apache Cassandra Database Server
In this section, install the Apache Cassandra dependencies such as the Java run time environment as described in the steps below.
Install the Java development kit.
$ sudo apt install default-jdk -yInstall
apt-transport-httpsandgnupg2dependency packages.$ sudo apt install apt-transport-https gnupg2 -yDownload and add the Apache Cassandra GPG key to the server.
$ sudo wget -q -O - https://www.apache.org/dist/cassandra/KEYS | sudo apt-key add -Add the latest Apache Cassandra repository to the APT sources list.
$ echo "deb https://debian.cassandra.apache.org 41x main"| sudo tee -a /etc/apt/sources.list.d/cassandra.sources.listThe above command installs version
4.1. To use the latest version, visit the Apache Cassandra download page.Update the server packages to enable the Cassandra repository.
$ sudo apt updateInstall Apache Cassandra.
$ sudo apt install cassandra -yWhen the installation is successful, Apache Cassandra takes an average of 2 minutes to start up. View the application logs to verify that it starts correctly.
$ cat /var/log/cassandra/system.log | tailYour output should look like the one below:
... INFO [main] ... - Starting listening for CQL clients on localhost/127.0.0.1:9042 (unencrypted)... INFO [OptionalTasks:1] ... Created default superuser role 'cassandra'As displayed in the above output, the Apache Cassandra database is ready to use with a new default superuser role
cassandraCheck the Apache Cassandra database server status, and verify that it's active.
$ sudo systemctl status cassandraOutput.
● cassandra.service - LSB: distributed storage system for structured data Loaded: loaded (/etc/init.d/cassandra; generated) Active: active (running) ... ...Verify the Cassandra node status.
$ nodetool statusOutput:
Datacenter: datacenter1 ======================= Status=Up/Down |/ State=Normal/Leaving/Joining/Moving -- Address Load Tokens Owns (effective) Host ID Rack UN 127.0.0.1 104.33 KiB 16 100.0% 15addadb-68b2-48f4-b076-ed020c2e926b rack1As displayed in the Apache Cassandra status outputs, the database server is active and ready to use.
Use the Apache Cassandra Command-line Interface
Apache Cassandra uses the cqlsh command line tool that accepts Cassandra Query Language (CQL) commands when interacting with the database server. In this section, access the database server, and add sample data as described in the steps below.
Log in to the Cassandra database server.
$ cqlshCreate a new sample keyspace
my_company.cqlsh> CREATE KEYSPACE my_company WITH REPLICATION = { 'class': 'SimpleStrategy', 'replication_factor' : 1 };The above command creates a new
my_companykeyspace. In Cassandra, a keyspace is an object that stores tables, and defines how data replication works on different nodes.Switch to the keyspace.
cqlsh> USE my_company;Create a new sample
productstable with the following data.cqlsh:my_company> CREATE TABLE products ( product_id UUID PRIMARY KEY, product_name TEXT, retail_price DOUBLE );The above code creates a table with the
product_idcolumn which is aPRIMARY KEYthat uniquely identifies records in theproductstable. Theproduct_namecolumn stores product names.retail_pricestores the actual price that customers pay for a product.product_iduses the Universal Unique Identifier (UUID) data type. The data type ensures uniqueness of theproduct_idvalue in the Cassandra cluster even when some nodes are down.Add sample data to the
productstable.cqlsh:my_company> INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'PLIERS', 3.52); INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'FILE', 4.38); INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'PADLOCK', 14.30);In the above commands, the
UUID()function generates a newproduct_idfor each record.View the
productstable data.cqlsh:my_company> SELECT product_id, product_name, retail_price FROM products;Output:
product_id | product_name | retail_price --------------------------------------+--------------+-------------- 56c0f7f7-be59-4f0d-a474-5a2174c19060 | FILE | 4.38 12e720cf-f191-4e59-8c66-360339deae65 | PADLOCK | 14.3 9c62c3a0-0e31-41ab-90d1-09f4d35b6e26 | PLIERS | 3.52 (3 rows)Exit the Cassandra database console.
cqlsh:my_keyspace> QUIT
Secure Apache Cassandra with Password Authentication
It's important to secure the Apache Cassandra database server from unauthorized access. In this section, secure Cassandra with a password to harden your database server security as described in the steps below.
Use a text editor such as
Nano, edit the main Cassandra configuration file.$ sudo nano /etc/cassandra/cassandra.yamlFind the following
authenticator:directive.... authenticator: AllowAllAuthenticator ...Change the
authenticator:value fromAllowAllAuthenticatortoPasswordAuthenticatorbelow.... authenticator: PasswordAuthenticator ...Save and close the file.
In the above configuration, the default
AllowAllAuthenticatordoes not prompt users for a password to access the Cassandra database. But,PasswordAutheticatorenforces password authentication for all system users.Restart the Apache Cassandra server to save changes.
$ sudo systemctl restart cassandraThe above command restarts Apache Cassandra. Wait for at least 1 minute, before re-accessing the database console. Check the application logs to verify that the startup is complete.
$ cat /var/log/cassandra/system.log | tailOutput:
... INFO [main]... CassandraDaemon.java:768 - Startup complete ... Deleting sstable: /var/lib/cassandra/data/system/local-7ad54392bcdd35a684174e047860b377/nb-8-big ...Log in to the Cassandra database console using the default username (
cassandra), and password (cassandra).$ cqlsh -u cassandra -p cassandraCreate a new super-user account. Replace
db_administratorwith your desired user, andEXAMPLE_PASSWORDwith a strong password.cassandra@cqlsh> CREATE ROLE db_administrator WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = 'EXAMPLE_PASSWORD';Exit the Cassandra database console.
cassandra@cqlsh> QUIT;To verify that the user is available, log in to the Cassandra database server as the new user.
$ cqlsh -u db_administratorWhen prompted, enter the user password you created earlier, and press Enter to proceed.
To tighten server security, disable the default super-user
cassandra.db_administrator@cqlsh> ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;Exit the database console.
db_administrator@cqlsh> QUIT;Verify that the default user account can no longer access the database server.
$ cqlsh -u cassandra -p cassandraOutput.
... Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': AuthenticationFailed('Failed to authenticate to 127.0.0.1:9042: Error from server: code=0100 [Bad credentials] message="cassandra is not permitted to log in"')})
Conclusion
In this guide, you installed and used the Apache Cassandra database server on a Ubuntu 22.04 Vultr server. Using the cqlsh command, you accessed the database server, and used CQL commands to create a sample keyspace, then, added data to the table. For more information and configuration options, visit the Apache Cassandra official documentation.