vCloud Availability for vCloud Director: Part 5: Deploy and Configure Cassandra Cluster

In second post of this series we looked at the components which are needed to form a VCAV solution stack and we saw cassandra is an integral part of this solution.

To know about cassandra in detail, you can refer an old blogpost written by me.

If you are not following along this series, then I recommend reading earlier posts of this series from below links:

1: vCloud Availability Introduction

2: vCloud Availability Architecture & Components

3: VCAV Deployment

4: Install Cloud Proxy for vCD

In this post we will deploy a Cassandra Cluster. Before installing cassandra software we need to meet following requirements:

1: Verify that routing, NTP, forward, and reverse DNS resolutions are working correctly.

2: Make sure that SELinux and your firewall are in disabled state. If they are enabled then make sure to open appropriate ports in firewall.

I have disabled SELinux and firewall service in my lab. 

3: Install Python: Make sure Python 2.7 is installed in your CentOS 7 system. Default version of installed python is 2.7.5

[root@mgmt-cass-b ~]# python –version

Python 2.7.5

Note: If python is not installed, then you can install it via yum by typing: # yum install python2 -y

4 : Install Java: JDK 8u152 has been tested for cassandra and it works fine. It can be downloaded from here

[root@mgmt-cass-b ~]# rpm -ivh jdk-8u152-linux-x64.rpm

5: Set JAVA_HOME Variable

6: Install Java Cryptography Extension (JCE): JCE increase the java encryption level support.

If your cassandra node has access to internet and you have wget utility installed then JCE can be downloaded by running the following command:

[root@mgmt-cass-b ~]# wget -c –header “Cookie: oraclelicense=accept-securebackup-cookie” http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip

Unzip the file by running the following command:

[root@mgmt-cass-b ~]# unzip jce_policy-8.zip

Note: If you get error “unzip: command not found” then you can install the unzip by running command # yum install zip unzip -y

Copy the unzipped JCE file to the respective directory by running the following command:

[root@mgmt-cass-b ~]# cp UnlimitedJCEPolicyJDK8/*.jar /usr/java/jdk1.8.0_152/jre/lib/security/

7: Install Cassandra via YUM 

Create the /etc/yum.repos.d/cassandra.repo file with the following content:

Install Cassandra by running command: yum install cassandra -y

8: Fine Tune cassandra : We need to make some configuration changes in cassandra by editing cassandra.yaml file. make sure to backup original file before making any changes.

# Enable Cassandra Service 

# Start the Cassandra service.

[root@mgmt-cass-b ~]# systemctl start cassandra

# Check the Cassandra service status.

[root@mgmt-cass-b ~]# systemctl status cassandra

# Check nodetool status to verify node is up and had joined cluster

8: Cassandra Clustering: To add additional nodes to cassandra cluster, deploy a new CentOS 7 vm and repeat the above steps. In my lab I have deployed only one cassandra node at the moment, but you can follow instructions documented in this article for adding additional nodes.

Once new node is fully configured, edit the cassandra.yaml file on both node and change the value of seed under seed_provider section

e.g: – seeds: “ip-Cassandra-node-1,ip-Cassandra-node-2,ip-Cassandra-node-3”

And then restart the Cassandra service on all nodes. Verify that the node is operational by running command: nodetool status  

9: Cassandra SSL Installation

1: Generate an SSL certificate by running the following command.

# /usr/bin/keytool -keystore /etc/cassandra/conf/.keystore -storepass vmware -validity 1826 -storetype JKS -genkey -keyalg RSA -alias mgmt-cass-b -dname ‘cn=mgmt-cass-b, ou=vStellar, o=Alex.Co, c=IN’ -keypass vmware

2: Export the Cassandra certificate to a PEM-formatted file.

# /usr/bin/keytool -export -rfc -keystore /etc/cassandra/conf/.keystore -storepass vmware -file /root/cloud-mgmt-cass-b-node_number.pem -alias mgmt-cass-b

3: Copy the .pem certificate file of each Cassandra node to the /root directory of the rest of the Cassandra nodes.

4: Import each certificate to the truststore of every Cassandra host.

# /usr/bin/keytool -noprompt -import -trustcacerts -alias mgmt-cass-b -file /root/cloud-mgmt-cass-b-node_number.pem -keystore /etc/cassandra/conf/.truststore -storepass vmware

5: Enable the server and the client communication with Cassandra over SSL. 

Edit /etc/cassandra/conf/cassandra.yaml configuration file and change following values as shown below 

a: Set the listen_address and rpc_address values to the Cassandra node IP address.

  • listen_address: Cass-Node-IP
  • rpc_address: Cass-Node-IP

b: Update the values of the server_encryption_options properties.

Note: The keystore and truststore passwords are the same passwords that you used to create the keystore and the truststore.

c: Update the values of the client_encryption_options properties.

d: Restart the Cassandra node and make sure there are no errors reported in /var/log/cassandra/system.log. Last line of this log file usually reads as:

10: Enable cqlsh with SSL encryption 

a: Import the Cassandra keystore into a new PKC12 keystore.

b: Extract the certificate from the new PKC12 keystore.

c: Extract the certificate key from the new PKC12 keystore.

d: Create a /root/.cassandra/cqlshrc file with the following contents:

e: Verify that you can use cqlsh command

And that’s it for this post. In next post of this series we will deploy RabbitMQ Cluster.

 I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable :)

Leave a Reply