Home > Blogs > vCloud Architecture Toolkit (vCAT) Blog


Deploying Cassandra for vCloud Availability Part 2

In the previous post, we reviewed the preparation steps necessary for the installation of Cassandra for use with vCloud Availability. In this post we will complete the deployment by showing the steps necessary to install Cassandra and then configure Cassandra for secure communication as well as clustering the 3 nodes. This post assumes basic proficiency with the ‘vi’ text editor.

Installing & Configuring Cassandra

For this example, the Datastax version of Cassandra will be deployed. To prepare the server for Cassandra, create the datastax.repo file in the /etc/yum.repos.d directory with the following command:

vi /etc/yum.repos.d/datastax.repo

Then input the Datastax repo details in to the file.

 [datastax]
 name = DataStax Repo for Apache Cassandra
 baseurl = https://rpm.datastax.com/community
 enabled = 1
 gpgcheck = 0

Once the repo details have been correctly entered, press the ESC key, type :wq! to write and exit the file.

Next, we will install Cassandra version 2.2.8

yum install dsc22 cassandra22 –y

Start the Cassandra Service

 service cassandra start

At this point, it is recommended that the steps above are repeated on each of the remaining Cassandra nodes, then continue with the rest of the installation.

Configure Cassandra for Secure Communication

Continuing with the first node of the cluster, the next step is to enable secure communications for Cassandra.

Enter the following command to create the SSL certificate, this step will be performed on each node:

 /opt/jdk1.8.0_151/bin/keytool -keystore /etc/cassandra/conf/.keystore \
 -storepass password -validity 365 -storetype JKS -genkey -keyalg RSA \
 -alias <CASS_NODE HOSTNAME> -dname 'cn=<CASS_NODE FQDN>, ou=GCP, o=VMware, c=US' \
 -keypass password

The actual command will look like the following:

 /opt/jdk1.8.0_151/bin/keytool -keystore /etc/cassandra/conf/.keystore \
 -storepass password -validity 365 -storetype JKS -genkey -keyalg RSA \
 -alias casdb-01 -dname 'cn=casdb-01.corp.local, ou=GCP, o=VMware, c=US' \
 -keypass password

Next Export the Node certificate to the root directory

 /opt/jdk1.8.0_151/bin/keytool -export -rfc \
 -keystore /etc/cassandra/conf/.keystore -storepass password \
 -file /root/casdb-01.pem -alias casdb-01

Note: Repeat the SSL certificate configuration steps on each node and then continue.
Using the scp command or a file copy tool such as WinSCP, copy the certificate files from each respective node to the other nodes in the cluster (i.e. Copy the Casdb-01.pem file to Casdb-02 and Casdb-03 node servers). For the purposes of this post, scp copy will be used.

 scp /root/casdb-01.pem root@casdb-02.corp.local:/root/casdb-01.pem
scp /root/casdb-01.pem root@casdb-03.corp.local:/root/casdb-01.pem

Note: Repeat the previous configuration steps on each node and then continue.
Back at the first node, import each certificate into the keystore:

 /opt/jdk1.8.0_151/bin/keytool -noprompt -import -trustcacerts \
 -alias casdb-01 -file /root/casdb-01.pem \
 -keystore /etc/cassandra/conf/.truststore -storepass password

Note: Repeat the previous steps on the other nodes and then continue.
Next enable SSL communication between the Cassandra nodes that will be clustered. On the first node, run the following command to edit the Cassandra.yaml file

 vi /etc/cassandra/conf/cassandra.yaml

Configure the cluster_name parameter from the default ‘Test Cluster’. You can type the following to find the cluster_name parameter:

 /cluster_name

Then press Enter. Press ‘n’ (lowercase ‘n’) to continue searching until you locate the value, the press ‘i’ to edit the value.

Next locate the seeds_provider parameter and update the seeds: value with the IP address of the nodes for the cluster, separated by comas.


Locate the start_rpc parameter and set the value to true:

Locate the listen_address parameter in the Cassandra.yaml file:

Comment out the listen_address parameter, and uncomment the listen_interface parameter and update with the interface of the node.


Next find the rpc_address parameter, comment out the rpc_address parameter and then uncomment the rpc_interface parameter and configure with the interface of the node


Next update the server_encryption_options to the following values:

 server_encryption_options:
     internode_encryption: all
     keystore: /etc/cassandra/conf/.keystore
     keystore_password: password
     truststore: /etc/cassandra/conf/.truststore
     truststore_password: password
     require_client_auth: true
     store_type: JKS

Now update the client_encryption_options section to the following values:

 Client_encryption_options:
     enabled: true
     keystore: /etc/cassandra/conf/.keystore
     keystore_password: password
     require_client_auth: true
     # Set truststore and truststore_password if 
       require_client_auth is true
     truststore: /etc/cassandra/conf/.truststore
     truststore_password: password
     # More advanced defaults below:
     # protocol: TLS
     # algorithm: SunX509
     store_type: JKS

Save and Exit the file once the changes have successfully been updated. Restart the Cassandra Service:

 service cassandra restart

Now test the node with the nodetool utility to ensure that the node is operational by typing the following command and pressing Enter:

 nodetool status

The screen should look like the following:

Note: Repeat the steps above on each node that will be a part of the cluster.
Once you have completed the steps on all the nodes in the cluster, run the nodetool status command again to confirm that all nodes are in the communicating in the cluster as expected.  The output of the nodetool should look like the following:

Conclusion

While the installation is complete, it is also important that the VMs that make up that Cassandra cluster are also configured with vSphere DRS Anti-Affinity rules to remove the risk of more than one Cassandra node being impacted by a hardware failure of an ESXi host.

This concludes the installation steps for installing a Cassandra cluster for vCloud Availability. For more details regarding vCloud Availability please review the “Architecting a VMware vCloud Availability for vCloud Director Solution” white paper and the “vCloud Availability for vCloud Director 2.0 Installation and Configuration” documentation.