In the previous post, we reviewed the preparation steps necessary for the installation of Cassandra for use with vCloud Availability. In this post we will complete the deployment by showing the steps necessary to install Cassandra and then configure Cassandra for secure communication as well as clustering the 3 nodes. This post assumes basic proficiency with the ‘vi’ text editor.
Installing & Configuring Cassandra
For this example, the Datastax version of Cassandra will be deployed. To prepare the server for Cassandra, create the datastax.repo file in the /etc/yum.repos.d directory with the following command:
Then input the Datastax repo details in to the file.
[datastax] name = DataStax Repo for Apache Cassandra baseurl = https://rpm.datastax.com/community enabled = 1 gpgcheck = 0
Once the repo details have been correctly entered, press the ESC key, type :wq! to write and exit the file.
Next, we will install Cassandra version 2.2.8
yum install dsc22 cassandra22 –y
Start the Cassandra Service
service cassandra start
At this point, it is recommended that the steps above are repeated on each of the remaining Cassandra nodes, then continue with the rest of the installation.
Configure Cassandra for Secure Communication
Continuing with the first node of the cluster, the next step is to enable secure communications for Cassandra.
Enter the following command to create the SSL certificate, this step will be performed on each node:
/opt/jdk1.8.0_151/bin/keytool -keystore /etc/cassandra/conf/.keystore \ -storepass password -validity 365 -storetype JKS -genkey -keyalg RSA \ -alias <CASS_NODE HOSTNAME> -dname 'cn=<CASS_NODE FQDN>, ou=GCP, o=VMware, c=US' \ -keypass password
The actual command will look like the following:
/opt/jdk1.8.0_151/bin/keytool -keystore /etc/cassandra/conf/.keystore \ -storepass password -validity 365 -storetype JKS -genkey -keyalg RSA \ -alias casdb-01 -dname 'cn=casdb-01.corp.local, ou=GCP, o=VMware, c=US' \ -keypass password
Next Export the Node certificate to the root directory
/opt/jdk1.8.0_151/bin/keytool -export -rfc \ -keystore /etc/cassandra/conf/.keystore -storepass password \ -file /root/casdb-01.pem -alias casdb-01
Note: Repeat the SSL certificate configuration steps on each node and then continue.
Using the scp command or a file copy tool such as WinSCP, copy the certificate files from each respective node to the other nodes in the cluster (i.e. Copy the Casdb-01.pem file to Casdb-02 and Casdb-03 node servers). For the purposes of this post, scp copy will be used.
scp /root/casdb-01.pem firstname.lastname@example.org:/root/casdb-01.pem
scp /root/casdb-01.pem email@example.com:/root/casdb-01.pem
Note: Repeat the previous configuration steps on each node and then continue.
Back at the first node, import each certificate into the keystore:
/opt/jdk1.8.0_151/bin/keytool -noprompt -import -trustcacerts \ -alias casdb-01 -file /root/casdb-01.pem \ -keystore /etc/cassandra/conf/.truststore -storepass password
Note: Repeat the previous steps on the other nodes and then continue.
Next enable SSL communication between the Cassandra nodes that will be clustered. On the first node, run the following command to edit the Cassandra.yaml file
Configure the cluster_name parameter from the default ‘Test Cluster’. You can type the following to find the cluster_name parameter:
Then press Enter. Press ‘n’ (lowercase ‘n’) to continue searching until you locate the value, the press ‘i’ to edit the value.
Next locate the seeds_provider parameter and update the seeds: value with the IP address of the nodes for the cluster, separated by comas.
Locate the listen_address parameter in the Cassandra.yaml file:
Comment out the listen_address parameter, and uncomment the listen_interface parameter and update with the interface of the node.
server_encryption_options: internode_encryption: all keystore: /etc/cassandra/conf/.keystore keystore_password: password truststore: /etc/cassandra/conf/.truststore truststore_password: password require_client_auth: true store_type: JKS
Now update the client_encryption_options section to the following values:
Client_encryption_options: enabled: true keystore: /etc/cassandra/conf/.keystore keystore_password: password require_client_auth: true # Set truststore and truststore_password if require_client_auth is true truststore: /etc/cassandra/conf/.truststore truststore_password: password # More advanced defaults below: # protocol: TLS # algorithm: SunX509 store_type: JKS
Save and Exit the file once the changes have successfully been updated. Restart the Cassandra Service:
service cassandra restart
Now test the node with the nodetool utility to ensure that the node is operational by typing the following command and pressing Enter:
The screen should look like the following:
Note: Repeat the steps above on each node that will be a part of the cluster.
Once you have completed the steps on all the nodes in the cluster, run the nodetool status command again to confirm that all nodes are in the communicating in the cluster as expected. The output of the nodetool should look like the following:
While the installation is complete, it is also important that the VMs that make up that Cassandra cluster are also configured with vSphere DRS Anti-Affinity rules to remove the risk of more than one Cassandra node being impacted by a hardware failure of an ESXi host.
This concludes the installation steps for installing a Cassandra cluster for vCloud Availability. For more details regarding vCloud Availability please review the “Architecting a VMware vCloud Availability for vCloud Director Solution” white paper and the “vCloud Availability for vCloud Director 2.0 Installation and Configuration” documentation.