目錄
- 什么是Apache Cassandra?
- Apache Cassandra中的功能
- 環境規格:
- 第一步:更新主機名和CentOS 8軟體包
- 第二步:添加Apache Cassandra官方Yum存盤庫
- 第三步:CentOS 8上安裝Apache Cassandra
- 第四步:配置Apache Cassandra節點安全性
- 第五步:Apache Cassandra創建一個Admin用戶
- 結論:
在本指南中,您將學習如何在CentOS 8上安裝Apache Cassandra Node以及如何配置初始安全性配置,
什么是Apache Cassandra?
Apache Cassandra是一個免費的開放源代碼,分布式,寬列存盤的NoSQL資料庫管理系統,在處理許多商用服務器上的大量資料,提供高可用性而沒有單點故障,Cassandra通過異步無主復制為跨多個資料中心的集群提供強大的支持,從而允許所有客戶端進行低延遲的操作 維基百科
Cassandra最初是在Facebook上使用Java編程語言開發的,以增強其Inbox搜索功能,Facebook于2008年7月在Google代碼上將Cassandra作為開源專案發布,2009年3月,它成為Apache Incubator專案,
Cassandra現在由Apache Software Foundation維護,并根據Apache License 2.0進行分發,
Apache Cassandra中的功能
Apache Cassandra的主要功能是,
- 分布式-集群中的每個節點都具有相同的角色
- 支持復制和多資料中心復制
- 高度可擴展
- 容錯-資料自動復制到多個節點以實作容錯
- MapReduce支持-Cassandra具有Hadoop集成,并具有MapReduce支持
- 查詢語言-Cassandra引入了Cassandra查詢語言(CQL)
環境規格:
- CPU:3.4 GHz(2核)
- 記憶體:2 GB
- 儲存空間:20 GB
- 作業系統:CentOS 8.2
- 主機名: cassandra.liangglab.cn
- IP地址:192.168.6.65/24
第一步:更新主機名和CentOS 8軟體包
使用ssh工具以root用戶身份與cassandra.liangglab.cn連接,
作為最佳實踐,請更新我們的CentOS 8節點中的現有軟體包,
[root@centos8 ~]# hostnamectl set-hostname cassandra.liangglab.cn
[root@cassandra ~]# dnf update -y
...
Upgraded:
bind-export-libs-32:9.11.13-5.el8_2.x86_64
gnutls-3.6.8-11.el8_2.x86_64
grub2-common-1:2.02-87.el8_2.noarch
grub2-pc-1:2.02-87.el8_2.x86_64
grub2-pc-modules-1:2.02-87.el8_2.noarch
grub2-tools-1:2.02-87.el8_2.x86_64
grub2-tools-efi-1:2.02-87.el8_2.x86_64
grub2-tools-extra-1:2.02-87.el8_2.x86_64
grub2-tools-minimal-1:2.02-87.el8_2.x86_64
kernel-tools-4.18.0-193.14.2.el8_2.x86_64
kernel-tools-libs-4.18.0-193.14.2.el8_2.x86_64
libnghttp2-1.33.0-3.el8_2.1.x86_64
microcode_ctl-4:20191115-4.20200609.1.el8_2.x86_64
python3-perf-4.18.0-193.14.2.el8_2.x86_64
Installed:
kernel-4.18.0-193.14.2.el8_2.x86_64
kernel-core-4.18.0-193.14.2.el8_2.x86_64
kernel-modules-4.18.0-193.14.2.el8_2.x86_64
Removed:
kernel-4.18.0-147.5.1.el8_1.x86_64
kernel-core-4.18.0-147.5.1.el8_1.x86_64
kernel-modules-4.18.0-147.5.1.el8_1.x86_64
Complete!
【1】使用uname命令驗證活動內核的版本,
[root@cassandra ~]# uname -r
4.18.0-193.el8.x86_64
【2】驗證CentOS作業系統的版本,
[root@cassandra ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
第二步:添加Apache Cassandra官方Yum存盤庫
Apache Software Foundation為每個版本的Cassandra軟體提供了官方的yum存盤庫,
如Cassandra下載頁面所述,我們將添加Apache Cassandra yum存盤庫,
如下所示為Cassendra創建一個repo檔案,
[root@cassandra ~]# vi /etc/yum.repos.d/cassandra.repo
在此檔案中添加以下指令,
[cassandra]
name=Apache Cassandra
baseurl=https://downloads.apache.org/cassandra/redhat/311x/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://downloads.apache.org/cassandra/KEYS
在這里,311x是Apache Cassandra的相應版本,即3.11,在撰寫本文時,Apache Cassandra 3.11是最新版本,因此,我們正在使用它,如果要安裝其他任何版本的Apache Cassandra,則應相應更新repo檔案中的版本號,
為新安裝的Cassandra存盤庫構建yum快取,如果要求,請接受GPG密鑰,
[root@cassandra ~]# dnf makecache
Apache Cassandra 515 B/s | 833 B 00:01
Apache Cassandra 201 kB/s | 256 kB 00:01
Importing GPG key 0xF2833C93:
Userid : "Eric Evans <[email protected]>"
Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0x8D77295D:
Userid : "Eric Evans <[email protected]>"
Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0x2B5C1B00:
Userid : "Sylvain Lebresne (pcmanus) <[email protected]>"
Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0x0353B12C:
Userid : "T Jake Luciani <[email protected]>"
Fingerprint: 514A 2AD6 31A5 7A16 DD00 47EC 749D 6EEC 0353 B12C
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0xFE4B2BDA:
Userid : "Michael Shuler <[email protected]>"
Fingerprint: A26E 528B 271F 19B9 E5D8 E19E A278 B781 FE4B 2BDA
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0x7E3E87CB:
Userid : "Michael Semb Wever <[email protected]>"
Fingerprint: A4C4 65FE A0C5 5256 1A39 2A61 E913 35D7 7E3E 87CB
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0xB7F6840C:
Userid : "Alex Petrov <[email protected]>"
Fingerprint: 9E66 CEC6 106D 578D 0B1E B9BF F100 0962 B7F6 840C
From : https://downloads.apache.org/cassandra/KEYS
Importing GPG key 0xAF30F054:
Userid : "Jordan West <[email protected]>"
Fingerprint: C400 9872 C59B 4956 1310 D966 D006 2876 AF30 F054
From : https://downloads.apache.org/cassandra/KEYS
Apache Cassandra 1.6 kB/s | 3.6 kB 00:02
Dependencies resolved.
[root@cassandra ~]# dnf clean all
45 files removed
[root@cassandra ~]# dnf repolist
repo id repo name
AppStream CentOS-8 - AppStream - mirrors.tongdun.cn
base CentOS-8 - Base - mirrors.tongdun.cn
cassandra Apache Cassandra
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-debuginfo Extra Packages for Enterprise Linux 8 - x86_64 - Debug
epel-source Extra Packages for Enterprise Linux 8 - x86_64 - Source
extras CentOS-8 - Extras - mirrors.tongdun.cn
[root@cassandra ~]#
CentOS 8上已安裝Apache Cassandra 3.11 yum存盤庫,
第三步:CentOS 8上安裝Apache Cassandra
Apache Cassandra需要JVM(Java虛擬機)才能運行,雖然,我們可以在CentOS 8節點上顯式安裝Java,但是如果我們使用dnf命令安裝Cassandra ,它將自動安裝所有必需的依賴項,包括Java,
【1】我們使用dnf命令直接在CentOS 8上安裝Apache Cassandra ,
[root@cassandra src]# dnf install -y cassandra
Last metadata expiration check: 0:15:35 ago on Sun 20 Dec 2020 03:25:22 PM CST.
Dependencies resolved.
============================================================================================
Package Arch Version Repository Size
============================================================================================
Installing:
cassandra noarch 3.11.9-1 cassandra 29 M
Installing dependencies:
copy-jdk-configs noarch 3.7-1.el8 AppStream 27 k
java-1.8.0-openjdk x86_64 1:1.8.0.272.b10-1.el8_2 AppStream 326 k
java-1.8.0-openjdk-headless x86_64 1:1.8.0.272.b10-1.el8_2 AppStream 34 M
javapackages-filesystem noarch 5.3.0-1.module_el8.0.0+11+5b8c10bd AppStream 30 k
lksctp-tools x86_64 1.0.18-3.el8 base 100 k
ttmkfdir x86_64 3.0.9-54.el8 AppStream 62 k
tzdata-java noarch 2020d-1.el8 AppStream 190 k
xorg-x11-fonts-Type1 noarch 7.5-19.el8 AppStream 522 k
Enabling module streams:
javapackages-runtime 201801
Transaction Summary
============================================================================================
Install 9 Packages
Total download size: 64 M
Installed size: 158 M
Downloading Packages:
(1/9): lksctp-tools-1.0.18-3.el8.x86_64.rpm 4.9 MB/s | 100 kB 00:00
(2/9): copy-jdk-configs-3.7-1.el8.noarch.rpm 1.0 MB/s | 27 kB 00:00
(3/9): java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2.x86_64.rpm 7.9 MB/s | 326 kB 00:00
(4/9): javapackages-filesystem-5.3.0-1.module_el8.0.0+11+5b 1.9 MB/s | 30 kB 00:00
(5/9): ttmkfdir-3.0.9-54.el8.x86_64.rpm 7.4 MB/s | 62 kB 00:00
(6/9): tzdata-java-2020d-1.el8.noarch.rpm 12 MB/s | 190 kB 00:00
(7/9): xorg-x11-fonts-Type1-7.5-19.el8.noarch.rpm 17 MB/s | 522 kB 00:00
(8/9): java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el8_2.x8 66 MB/s | 34 MB 00:00
(9/9): cassandra-3.11.9-1.noarch.rpm 89 kB/s | 29 MB 05:36
Installed:
cassandra-3.11.9-1.noarch
copy-jdk-configs-3.7-1.el8.noarch
java-1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2.x86_64
java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el8_2.x86_64
javapackages-filesystem-5.3.0-1.module_el8.0.0+11+5b8c10bd.noarch
lksctp-tools-1.0.18-3.el8.x86_64
ttmkfdir-3.0.9-54.el8.x86_64
tzdata-java-2020d-1.el8.noarch
xorg-x11-fonts-Type1-7.5-19.el8.noarch
Complete!
cqlsh(Cassandra查詢語言外殼)需要Python才能運行,因此,我們也需要安裝Python,
【2】Apache Cassandra僅與Python 2.7兼容,因此,我們在CentOS 8節點上安裝了相同的組件,
[root@cassandra ~]# dnf install -y python2
Last metadata expiration check: 0:26:10 ago on Sun 20 Dec 2020 03:25:22 PM CST.
Dependencies resolved.
============================================================================================
Package Arch Version Repository Size
============================================================================================
.............
Installed:
python2-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64
python2-libs-2.7.17-1.module_el8.2.0+381+9a5b3c3b.x86_64
python2-pip-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch
python2-pip-wheel-9.0.3-16.module_el8.2.0+381+9a5b3c3b.noarch
python2-setuptools-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
python2-setuptools-wheel-39.0.1-11.module_el8.2.0+381+9a5b3c3b.noarch
Complete!
【3】Cassandra服務基于SystemV,因此,我們必須使用舊命令來啟用和啟動它,
[root@cassandra ~]# service cassandra start
Reloading systemd: [ OK ]
Starting cassandra (via systemctl): [ OK ]
[root@cassandra ~]# chkconfig cassandra on
【4】驗證cassandra.service的狀態,
[root@cassandra ~]# systemctl status cassandra.service
● cassandra.service - LSB: distributed storage system for structured data
Loaded: loaded (/etc/rc.d/init.d/cassandra; generated)
Active: active (running) since Sun 2020-12-20 15:52:58 CST; 56s ago
Docs: man:systemd-sysv-generator(8)
Main PID: 36189 (java)
Tasks: 64 (limit: 49642)
Memory: 2.3G
CGroup: /system.slice/cassandra.service
└─36189 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2.x86_64/jre/bin/jav>
Dec 20 15:52:54 cassandra.liangglab.cn systemd[1]: Starting LSB: distributed storage system>
Dec 20 15:52:54 cassandra.liangglab.cn runuser[36112]: pam_unix(runuser:session): session o>
Dec 20 15:52:58 cassandra.liangglab.cn runuser[36112]: pam_unix(runuser:session): session c>
或者
[root@cassandra ~]# service cassandra status
● cassandra.service - LSB: distributed storage system for structured data
Loaded: loaded (/etc/rc.d/init.d/cassandra; generated)
Active: active (running) since Sun 2020-12-20 15:52:58 CST; 38s ago
Docs: man:systemd-sysv-generator(8)
Main PID: 36189 (java)
Tasks: 64 (limit: 49642)
Memory: 2.3G
CGroup: /system.slice/cassandra.service
└─36189 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2.x86_64/jre/bin/jav>
Dec 20 15:52:54 cassandra.liangglab.cn systemd[1]: Starting LSB: distributed storage system>
Dec 20 15:52:54 cassandra.liangglab.cn runuser[36112]: pam_unix(runuser:session): session o>
Dec 20 15:52:58 cassandra.liangglab.cn runuser[36112]: pam_unix(runuser:session): session c>
Dec 20 15:52:58 cassandra.liangglab.cn cassandra[36100]: Starting Cassandra: OK
Dec 20 15:52:58 cassandra.liangglab.cn systemd[1]: Started LSB: distributed storage system
【5】查看cassandra.service的埠監聽資訊,
[root@cassandra conf]# ss -anplt| grep java
LISTEN 0 16384 127.0.0.1:9042 0.0.0.0:* users:(("java",pid=37328,fd=128))
LISTEN 0 500 127.0.0.1:7000 0.0.0.0:* users:(("java",pid=37328,fd=108))
LISTEN 0 50 127.0.0.1:7199 0.0.0.0:* users:(("java",pid=37328,fd=75))
LISTEN 0 50 127.0.0.1:7621 0.0.0.0:* users:(("java",pid=37328,fd=76))
[root@cassandra conf]# netstat -anptl| grep java
tcp 0 0 127.0.0.1:9042 0.0.0.0:* LISTEN 37328/java
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 37328/java
tcp 0 0 127.0.0.1:7199 0.0.0.0:* LISTEN 37328/java
tcp 0 0 127.0.0.1:7621 0.0.0.0:* LISTEN 37328/java
[root@cassandra conf]#
說明:
7199 JMX監控埠
7000 節點間群集
9042 CQL本地傳輸埠
9160 Thrift客戶端API
1024--65355 JMX所需的隨機埠,
【6】使用nodetool命令來驗證Cassandra集群的狀態,
[root@cassandra ~]# nodetool status
Datacenter: datacenter1
=======================
Status=Up/Down
|/ State=Normal/Leaving/Joining/Moving
-- Address Load Tokens Owns (effective) Host ID Rack
UN 127.0.0.1 70.73 KiB 256 100.0% 1e86a261-9df5-49a5-ad76-a6b87f2b7364 rack1
Apache Cassandra已安裝在CentOS 8節點上,
第四步:配置Apache Cassandra節點安全性
Apache Cassandra的組態檔位于/etc/cassandra/conf目錄中,安全的做法是在開始編輯原始組態檔之前先對其進行備份,
創建原始cassandra.yaml組態檔的副本,如下所示,
[root@cassandra ~]# cd /etc/cassandra/conf/
[root@cassandra conf]# cp cassandra.yaml cassandra.yaml.bak
【1】使用vim編輯器編輯該檔案,
[root@cassandra conf]# vi /etc/cassandra/conf/cassandra.yaml
【2】在此檔案中找到以下引數,配置密碼認證器
authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer
roles_validity_in_ms: 2000
permissions_validity_in_ms: 2000
【3】如下更新它們的值,
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
roles_validity_in_ms: 0
permissions_validity_in_ms: 0
【3】引數描述:參考-Cassandra 管理員指南
authenticator
后端認證,實作IAuthenticator;用于標識用戶,Cassandra提供了org.apache.cassandra.auth,{AllowAllAuthenticator,PasswordAuthenticator},
AllowAllAuthenticator不執行任何檢查 - 將其設定為禁用身份驗證,
PasswordAuthenticator依賴用戶名/密碼對來驗證用戶,它將用戶名和散列密碼保存在system_auth.credentials表中,如果使用此驗證器,請增加system_auth鍵空間復制因子,如果使用PasswordAuthenticator,還必須使用CassandraRoleManager(見下文)
默認值: AllowAllAuthenticator
authorizer
后端授權,實作IAuthorizer;用于限制訪問/提供權限,Cassandra提供了org.apache.cassandra.auth,{AllowAllAuthorizer,CassandraAuthorizer},
AllowAllAuthorizer 允許任何用戶的任何操作 - 將其設定為禁用授權,
CassandraAuthorizer 在system_auth.permissions表中存盤權限,如果使用此授權器,請增加system_auth鍵空間復制因子,
默認值: AllowAllAuthorizer
roles_validity_in_ms
角色快取的有效期(獲取授權角色可能是一個昂貴的操作,取決于角色管理器,CassandraRoleManager是一個示例)授予的角色快取為AuthenticatedUser中的已驗證會話,并在此處指定的時間段后成為資格(async)重新加載,默認為2000,設定為0以完全禁用快取,將自動禁用AllowAllAuthenticator,
默認值: 2000
permissions_validity_in_ms
權限快取的有效期(獲取權限可以是一個昂貴的操作,取決于授權人,CassandraAuthorizer isone示例),默認為2000,設定為0以禁用,將為AllowAllAuthorizer自動禁用,
默認值: 2000
【4】檢查一下我們修改的配置內容中,
[root@cassandra conf]# cat /etc/cassandra/conf/cassandra.yaml |egrep "^authenticator|^authorizer|^roles_validity_in_ms|^permissions_validity_in_ms"
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
roles_validity_in_ms: 0
permissions_validity_in_ms: 0
[root@cassandra conf]#
【5】重新啟動Cassandra服務以使更改生效,
[root@cassandra conf]# systemctl restart cassandra.service
第五步:Apache Cassandra創建一個Admin用戶
【1】使用Cassandra默認用戶名/密碼連接到cqlsh提示符,
[root@cassandra conf]# cqlsh -u cassandra -p cassandra
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.9 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
【2】使用以下命令創建一個管理員用戶,從cqlsh提示符退出,
cassandra@cqlsh> CREATE ROLE lianglab WITH PASSWORD = 'lianglab@123' AND SUPERUSER = true AND LOGIN = true;
cassandra@cqlsh> exit
【3】使用新的管理員用戶連接到cqlsh,
[root@cassandra conf]# cqlsh -u lianglab -p lianglab@123
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.9 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
【4】為了獲得更好的安全性,建議洗掉/禁用默認用戶,請撤銷cassendra用戶的管理員角色和登錄權限,
lianglab@cqlsh> ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false;
【5】撤消cassendra用戶的所有權限,
lianglab@cqlsh> REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;
【6】將所有權限授予新的管理員用戶,
lianglab@cqlsh> GRANT ALL PERMISSIONS ON ALL KEYSPACES TO lianglab;
【7】從cqlsh提示符退出,
lianglab@cqlsh> exit
[root@cassandra conf]#
【8】Apache Cassandra節點已配置,
結論:
在以上指南中,您學習了如何在CentOS 8上安裝Apache Cassandra節點,我們還配置了建議的安全性配置,Cassandra: The Definitive Guide: Distributed Data at Web Scale 2nd Edition由杰夫·卡彭特是一本非常好的書,建議看看一下,
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/237954.html
標籤:其它
上一篇:這份《高性能MySQL》適合資料庫管理員(DBA)閱讀,也適合開發人員參考學習
下一篇:mysql的索引下推理解和實踐