How to Install and Secure the Apache Cassandra Database Server On Ubuntu 22.04

Updated on November 21, 2023
How to Install and Secure the Apache Cassandra Database Server On Ubuntu 22.04 header image

Introduction

Apache Cassandra is a free open-source NoSQL database server commonly used with distributed systems. Cassandra can replicate high volumes of data across multiple cloud locations with low latency. When designing an application that requires high availability even in cases where a full data location goes down, Cassandra is the best choice for a database server. Examples of these applications include banking systems, healthcare management systems, social media applications, and e-commerce stores.

This guide explains how to install, use, and secure the Apache Cassandra Database Server on a Ubuntu 22.04 server.

Prerequisites

Before you begin:

Install the Apache Cassandra Database Server

In this section, install the Apache Cassandra dependencies such as the Java run time environment as described in the steps below.

  1. Install the Java development kit.

     $ sudo apt install default-jdk -y
  2. Install apt-transport-https and gnupg2 dependency packages.

     $ sudo apt install apt-transport-https gnupg2 -y
  3. Download and add the Apache Cassandra GPG key to the server.

     $ sudo wget -q -O - https://www.apache.org/dist/cassandra/KEYS | sudo apt-key add -
  4. Add the latest Apache Cassandra repository to the APT sources list.

     $ echo "deb https://debian.cassandra.apache.org 41x main"| sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list

    The above command installs version 4.1. To use the latest version, visit the Apache Cassandra download page.

  5. Update the server packages to enable the Cassandra repository.

     $ sudo apt update
  6. Install Apache Cassandra.

     $ sudo apt install cassandra -y
  7. When the installation is successful, Apache Cassandra takes an average of 2 minutes to start up. View the application logs to verify that it starts correctly.

     $ cat /var/log/cassandra/system.log | tail

    Your output should look like the one below:

     ...
     INFO  [main] ... - Starting listening for CQL clients on localhost/127.0.0.1:9042 (unencrypted)...
     INFO  [OptionalTasks:1] ... Created default superuser role 'cassandra'

    As displayed in the above output, the Apache Cassandra database is ready to use with a new default superuser role cassandra

  8. Check the Apache Cassandra database server status, and verify that it's active.

     $ sudo systemctl status cassandra

    Output.

     ● cassandra.service - LSB: distributed storage system for structured data
          Loaded: loaded (/etc/init.d/cassandra; generated)
          Active: active (running) ...
          ...
  9. Verify the Cassandra node status.

     $ nodetool status

    Output:

     Datacenter: datacenter1
     =======================
     Status=Up/Down
     |/ State=Normal/Leaving/Joining/Moving
     --  Address    Load        Tokens  Owns (effective)  Host ID                               Rack
     UN  127.0.0.1  104.33 KiB  16      100.0%            15addadb-68b2-48f4-b076-ed020c2e926b  rack1

    As displayed in the Apache Cassandra status outputs, the database server is active and ready to use.

Use the Apache Cassandra Command-line Interface

Apache Cassandra uses the cqlsh command line tool that accepts Cassandra Query Language (CQL) commands when interacting with the database server. In this section, access the database server, and add sample data as described in the steps below.

  1. Log in to the Cassandra database server.

     $ cqlsh
  2. Create a new sample keyspace my_company.

     cqlsh> CREATE KEYSPACE my_company
           WITH REPLICATION = { 
               'class': 'SimpleStrategy', 
               'replication_factor' : 1 
           };

    The above command creates a new my_company keyspace. In Cassandra, a keyspace is an object that stores tables, and defines how data replication works on different nodes.

  3. Switch to the keyspace.

     cqlsh> USE my_company;
  4. Create a new sample products table with the following data.

     cqlsh:my_company> CREATE TABLE products (
                           product_id UUID PRIMARY KEY,                     
                           product_name TEXT,
                           retail_price DOUBLE
                       );

    The above code creates a table with the product_id column which is a PRIMARY KEY that uniquely identifies records in the products table. The product_name column stores product names. retail_price stores the actual price that customers pay for a product. product_id uses the Universal Unique Identifier (UUID) data type. The data type ensures uniqueness of the product_id value in the Cassandra cluster even when some nodes are down.

  5. Add sample data to the products table.

     cqlsh:my_company> INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'PLIERS', 3.52);
                       INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'FILE', 4.38);
                       INSERT INTO products (product_id, product_name, retail_price) VALUES (UUID(), 'PADLOCK', 14.30);

    In the above commands, the UUID() function generates a new product_id for each record.

  6. View the products table data.

     cqlsh:my_company> SELECT
                            product_id,                     
                            product_name,
                            retail_price
                        FROM products;

    Output:

     product_id                           | product_name | retail_price
     --------------------------------------+--------------+--------------
      56c0f7f7-be59-4f0d-a474-5a2174c19060 |         FILE |         4.38
      12e720cf-f191-4e59-8c66-360339deae65 |      PADLOCK |         14.3
      9c62c3a0-0e31-41ab-90d1-09f4d35b6e26 |       PLIERS |         3.52
    
     (3 rows)
  7. Exit the Cassandra database console.

     cqlsh:my_keyspace> QUIT

Secure Apache Cassandra with Password Authentication

It's important to secure the Apache Cassandra database server from unauthorized access. In this section, secure Cassandra with a password to harden your database server security as described in the steps below.

  1. Use a text editor such as Nano, edit the main Cassandra configuration file.

     $ sudo nano /etc/cassandra/cassandra.yaml
  2. Find the following authenticator: directive.

     ...
     authenticator: AllowAllAuthenticator
     ...
  3. Change the authenticator: value from AllowAllAuthenticator to PasswordAuthenticator below.

     ...
     authenticator: PasswordAuthenticator
     ...

    Save and close the file.

    In the above configuration, the default AllowAllAuthenticator does not prompt users for a password to access the Cassandra database. But, PasswordAutheticator enforces password authentication for all system users.

  4. Restart the Apache Cassandra server to save changes.

     $ sudo systemctl restart cassandra

    The above command restarts Apache Cassandra. Wait for at least 1 minute, before re-accessing the database console. Check the application logs to verify that the startup is complete.

     $ cat  /var/log/cassandra/system.log | tail

    Output:

     ...
     INFO  [main]... CassandraDaemon.java:768 - Startup complete
     ...
     Deleting sstable: /var/lib/cassandra/data/system/local-7ad54392bcdd35a684174e047860b377/nb-8-big
     ...
  5. Log in to the Cassandra database console using the default username (cassandra), and password (cassandra).

     $ cqlsh -u cassandra -p cassandra
  6. Create a new super-user account. Replace db_administrator with your desired user, and EXAMPLE_PASSWORD with a strong password.

     cassandra@cqlsh> CREATE ROLE db_administrator WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = 'EXAMPLE_PASSWORD';
  7. Exit the Cassandra database console.

     cassandra@cqlsh> QUIT;
  8. To verify that the user is available, log in to the Cassandra database server as the new user.

     $ cqlsh -u db_administrator

    When prompted, enter the user password you created earlier, and press Enter to proceed.

  9. To tighten server security, disable the default super-user cassandra.

     db_administrator@cqlsh> ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;
  10. Exit the database console.

     db_administrator@cqlsh> QUIT;
  11. Verify that the default user account can no longer access the database server.

     $ cqlsh -u cassandra -p cassandra

    Output.

     ...
     Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': AuthenticationFailed('Failed to authenticate to 127.0.0.1:9042: Error from server: code=0100 [Bad credentials] message="cassandra is not permitted to log in"')})

Conclusion

In this guide, you installed and used the Apache Cassandra database server on a Ubuntu 22.04 Vultr server. Using the cqlsh command, you accessed the database server, and used CQL commands to create a sample keyspace, then, added data to the table. For more information and configuration options, visit the Apache Cassandra official documentation.