Cassandra
Set the Server and Database connection properties to connect to Cassandra.
To connect to a distributed system, you can set Server to a comma-separated list of servers and ports, separated by colons. You will also need to set ConsistencyLevel.
The following sections detail connection properties for authentication, security, and data access.
1 Connecting to CosmosDB with the Cassandra API
To obtain the connection string needed to connect to a Cosmos DB account using the Cassandra API, log in to the Azure Portal, select Azure Cosmos DB, and select your account. In the Settings section, click Connection String and set the following values.
Server: Set this to the Host value, the FQDN of the server provisioned for your account. You can also specify the port here or in Port.
Port: Set this to the port.
Database: Set this to the database you want to read from and write to.
User: The Cosmos DB account name.
Password: The account key associated with the Cosmos DB account.
UseSSL: Set to True
You can use the following properties to gain greater control over Cassandra API features and the strategies the provider uses to surface them:
AllowFiltering: Set this property to allow the server to process slow-performing searches.
UseJsonFormat: Set this property to use CQL literals instead of JSON.
QueryPassthrough: This property enables you to use native CQL statements instead of SQL.
RowScanDepth: This property determines the number of rows that will be scanned to detect column data types when generating table metadata.
This property applies if you are working with the dynamic schemas generated from Automatic Schema Discovery or if you are using QueryPassthrough.
2 Securing Cassandra Connections
You can set UseSSL to negotiate SSL/TLS encryption when you connect. By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
3 Authenticating to Cassandra
The provider supports Basic authentication with login credentials and the additional authentication features of DataStax Enterprise (DSE) Cassandra. The following sections detail connection properties your authentication method may require.
You need to set AuthScheme to the value corresponding to the authenticator configured for your system. You specify the authenticator in the authenticator property in the cassandra.yaml file. This file is typically found in /etc/dse/cassandra. or through the DSE Unified Authenticator on DSE Cassandra.
3.1 Basic Authentication
Basic authentication is supported through Cassandra's built-in default PasswordAuthenticator.
Set the AuthScheme property to 'BASIC' and set the User and Password properties.
In the cassandra.yaml file, set the authenticator property to 'PasswordAuthenticator'.
3.2 Kerberos Authentication
Kerberos authentication is supported through DataStax Enterprise Unified Authentication.
Set the AuthScheme property to 'KERBEROS' and set the User and Password properties.
Set the KerberosKDC, KerberosRealm, and KerberosSPN properties.
In the cassandra.yaml file, set the authenticator property to "com.datastax.bdp.cassandra.auth.DseAuthenticator".
Modify the authentication_options section in the dse.yaml file, specifying the default_schema and other_schemas properties as 'kerberos'.
Modify the kerberos_options section in the dse.yaml file, specifying the keytab, service_principle, http_principle and qop properties
To authenticate to Cassandra using Kerberos, set the following properties:
AuthScheme: Set this to KERBEROS
KerberosKDC: Set this to the host name or IP Address of your Kerberos KDC machine.
KerberosSPN: Set this to the service and host of the Cassandra Kerberos Principal. This will be the value prior to the '@' symbol (for instance, hbase/MyHost) of the principal value (for instance, hbase/MyHost@EXAMPLE.COM).
You can use one of the following options to retrieve the required Kerberos ticket.
3.2.1 MIT Kerberos Credential Cache File
This option enables you to use the MIT Kerberos Ticket Manager or kinit command to get tickets. Note that you won't need to set the User or Password connection properties with this option.
Ensure that you have an environment variable created called KRB5CCNAME.
Set the KRB5CCNAME environment variable to a path pointing to your credential cache file (for instance, C:\krb_cache\krb5cc_0 or /tmp/krb5cc_0). This file will be created when generating your ticket with MIT Kerberos Ticket Manager.
To obtain a ticket, open the MIT Kerberos Ticket Manager application, click Get Ticket, enter your principal name and password, then click OK. If successful, ticket information will appear in Kerberos Ticket Manager and will now be stored in the credential cache file.
Now that the credential cache file has been created, the provider will use the cache file to obtain the kerberos ticket to connect to Cassandra.
As an alternative to setting the KRB5CCNAME environment variable, you can directly set the file path using the KerberosTicketCache property. When set, the provider will use the specified cache file to obtain the kerberos ticket to connect to Cassandra.
3.2.2 Keytab File
If the KRB5CCNAME environment variable has not been set, you can retrieve a Kerberos ticket using a Keytab File. To do this, set the User property to the desired username and set the KerberosKeytabFile property to a file path pointing to the keytab file associated with the user.
3.2.3 User and Password
If both the KRB5CCNAME environment variable and the KerberosKeytabFile property have not been set, you can retrieve a ticket using a User and Password combination. To do this, set the User and Password properties to the user/password combo that you use to authenticate with Cassandra.
3.2.4 Cross-Realm Authentication
More complex Kerberos environments may require cross-realm authentication where multiple realms and KDC servers are used (e.g. where one realm/KDC is used for user authentication and another realm/KDC used for obtaining the service ticket).
In such an environment, the KerberosRealm and KerberosKDC properties can be set to the values required for user authentication. The KerberosServiceRealm and KerberosServiceKDC properties can be set to the values required to obtain the service ticket.
3.3 LDAP Authentication
LDAP authentication is supported through DataStax Enterprise Unified Authentication.
Set the AuthScheme property to 'LDAP' and set the User and Password properties.
In the cassandra.yaml file, set the authenticator property to "com.datastax.bdp.cassandra.auth.DseAuthenticator".
Modify the authentication_options section in the dse.yaml file, specifying the default_schema and other_schemas properties as 'ldap'.
Modify the ldap_options section in the dse.yaml file, specifying the server_host, server_port, search_dn, search_password, user_search_base, and user_search_filter properties
3.4 Using PKI
You can specify a client certificate to authenticate the provider with SSLClientCert, SSLClientCertType, SSLClientCertSubject, and SSLClientCertPassword.
The following are the connection properties for Cassandra. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Property
|
Description
|
Authentication | |
AuthScheme | The scheme used for authentication. Accepted entries are BASIC, DSE, KERBEROS, and LDAP. |
DefaultLDAPUser | The default LDAP user used to connect to and communicate with the server, it must be set if the LDAP server do not allow anonymous bind. |
LDAPPassword | The password of the default LDAP user. It must be set if the LDAP server do not allow anonymous bind. |
LDAPPort | The port for the LDAP server. |
LDAPServer | The host name or IP address of the LDAP server. |
Password | The password used to authenticate with Cassandra. |
Port | The port for the Cassandra database. |
SearchBase | The search base for your LDAPServer, used to look up users. |
SearchFilter | The search filter for looking up usernames in LDAP. The default setting is (uid=), When using Active Directory set the filter to (sAMAccountName=). |
Server | The host name or IP address of the server hosting the Cassandra database. |
User | The username used to authenticate with Cassandra. |
UseSSL | This field sets whether SSL is enabled. |
Database | |
Database | The name of the Cassandra keyspace. |
Firewall | |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
Kerberos | |
KerberosKDC | The Kerberos Key Distribution Center (KDC) service used to authenticate the user. |
KerberosRealm | The Kerberos Realm used to authenticate the user with. |
KerberosSPN | The service principal name (SPN) for the Kerberos Domain Controller. |
Logging | |
Logfile | A path to the log file. |
MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. |
MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. |
Verbosity | The verbosity level that determines the amount of detail included in the log file. |
Misc | |
AggregationsSupported | Whether or not to support aggregations in the Cassandra server. Note that in queries to the provider, you must use single quotes to define strings. |
AllowFiltering | When true, slow-performing queries are processed on the server. |
CaseSensitivity | Enable case sensitivity to the CQL sending to the server, if set to True, the identifiers in the CQL will be enclosed in double quotation marks. |
ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. |
ConnectionString | *** |
ConsistencyLevel | The consistency level determines how many of the replicas of the data you are interacting with need to respond for the query to be considered a success. |
FlattenArrays | By default, nested arrays are returned as strings of JSON. The FlattenArrays property can be used to flatten the elements of nested arrays into columns of their own. Set FlattenArrays to the number of elements you want to return from nested arrays. |
FlattenObjects | Set FlattenObjects to true to flatten object properties into columns of their own. Otherwise, objects nested in arrays are returned as strings of JSON. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
NullToUnset | Use unset instead of NULL in CQL query when performing INSERT operations. |
Other | These hidden properties are used only in specific use cases. |
Pagesize | The maximum number of results to return per page from Cassandra Server. |
PoolIdleTimeout | The allowed idle time for a connection before it is closed. |
PoolMaxSize | The maximum connections in the pool. |
PoolMinSize | The minimum number of connections in the pool. |
PoolWaitTime | The max seconds to wait for an available connection. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
QueryPassthrough | This option passes the query to the Cassandra server as is. |
Readonly | You can use this property to enforce read-only access to Cassandra from the provider. |
RowScanDepth | The maximum number of rows to scan to look for the columns available in a table. Set this property to gain more control over how the provider applies data types to collections. |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UseConnectionPooling | This property enables connection pooling. |
UseJsonFormat | Whether to submit and return the JSON encoding for CQL data types. |
VarintToString | Map Cassandra VARINT to String value. |
SSL | |
SSLClientCert | The TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). |
SSLClientCertPassword | The password for the TLS/SSL client certificate. |
SSLClientCertSubject | The subject of the TLS/SSL client certificate. |
SSLClientCertType | The type of key store containing the TLS/SSL client certificate. |
Last updated