Cassandra

Set the Server and Database connection properties to connect to Cassandra.

To connect to a distributed system, you can set Server to a comma-separated list of servers and ports, separated by colons. You will also need to set ConsistencyLevel.

The following sections detail connection properties for authentication, security, and data access.

1 Connecting to CosmosDB with the Cassandra API

To obtain the connection string needed to connect to a Cosmos DB account using the Cassandra API, log in to the Azure Portal, select Azure Cosmos DB, and select your account. In the Settings section, click Connection String and set the following values.

  • Server: Set this to the Host value, the FQDN of the server provisioned for your account. You can also specify the port here or in Port.

  • Port: Set this to the port.

  • Database: Set this to the database you want to read from and write to.

  • User: The Cosmos DB account name.

  • Password: The account key associated with the Cosmos DB account.

  • UseSSL: Set to True

You can use the following properties to gain greater control over Cassandra API features and the strategies the provider uses to surface them:

  • AllowFiltering: Set this property to allow the server to process slow-performing searches.

  • UseJsonFormat: Set this property to use CQL literals instead of JSON.

  • QueryPassthrough: This property enables you to use native CQL statements instead of SQL.

  • RowScanDepth: This property determines the number of rows that will be scanned to detect column data types when generating table metadata.

This property applies if you are working with the dynamic schemas generated from Automatic Schema Discovery or if you are using QueryPassthrough.

2 Securing Cassandra Connections

You can set UseSSL to negotiate SSL/TLS encryption when you connect. By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.

3 Authenticating to Cassandra

The provider supports Basic authentication with login credentials and the additional authentication features of DataStax Enterprise (DSE) Cassandra. The following sections detail connection properties your authentication method may require.

You need to set AuthScheme to the value corresponding to the authenticator configured for your system. You specify the authenticator in the authenticator property in the cassandra.yaml file. This file is typically found in /etc/dse/cassandra. or through the DSE Unified Authenticator on DSE Cassandra.

3.1 Basic Authentication

Basic authentication is supported through Cassandra's built-in default PasswordAuthenticator.

  • Set the AuthScheme property to 'BASIC' and set the User and Password properties.

  • In the cassandra.yaml file, set the authenticator property to 'PasswordAuthenticator'.

3.2 Kerberos Authentication

Kerberos authentication is supported through DataStax Enterprise Unified Authentication.

  • Set the AuthScheme property to 'KERBEROS' and set the User and Password properties.

  • Set the KerberosKDC, KerberosRealm, and KerberosSPN properties.

  • In the cassandra.yaml file, set the authenticator property to "com.datastax.bdp.cassandra.auth.DseAuthenticator".

  • Modify the authentication_options section in the dse.yaml file, specifying the default_schema and other_schemas properties as 'kerberos'.

  • Modify the kerberos_options section in the dse.yaml file, specifying the keytab, service_principle, http_principle and qop properties

To authenticate to Cassandra using Kerberos, set the following properties:

  • AuthScheme: Set this to KERBEROS

  • KerberosKDC: Set this to the host name or IP Address of your Kerberos KDC machine.

  • KerberosSPN: Set this to the service and host of the Cassandra Kerberos Principal. This will be the value prior to the '@' symbol (for instance, hbase/MyHost) of the principal value (for instance, hbase/MyHost@EXAMPLE.COM).

You can use one of the following options to retrieve the required Kerberos ticket.

3.2.1 MIT Kerberos Credential Cache File

This option enables you to use the MIT Kerberos Ticket Manager or kinit command to get tickets. Note that you won't need to set the User or Password connection properties with this option.

  1. Ensure that you have an environment variable created called KRB5CCNAME.

  2. Set the KRB5CCNAME environment variable to a path pointing to your credential cache file (for instance, C:\krb_cache\krb5cc_0 or /tmp/krb5cc_0). This file will be created when generating your ticket with MIT Kerberos Ticket Manager.

  3. To obtain a ticket, open the MIT Kerberos Ticket Manager application, click Get Ticket, enter your principal name and password, then click OK. If successful, ticket information will appear in Kerberos Ticket Manager and will now be stored in the credential cache file.

  4. Now that the credential cache file has been created, the provider will use the cache file to obtain the kerberos ticket to connect to Cassandra.

As an alternative to setting the KRB5CCNAME environment variable, you can directly set the file path using the KerberosTicketCache property. When set, the provider will use the specified cache file to obtain the kerberos ticket to connect to Cassandra.

3.2.2 Keytab File

If the KRB5CCNAME environment variable has not been set, you can retrieve a Kerberos ticket using a Keytab File. To do this, set the User property to the desired username and set the KerberosKeytabFile property to a file path pointing to the keytab file associated with the user.

3.2.3 User and Password

If both the KRB5CCNAME environment variable and the KerberosKeytabFile property have not been set, you can retrieve a ticket using a User and Password combination. To do this, set the User and Password properties to the user/password combo that you use to authenticate with Cassandra.

3.2.4 Cross-Realm Authentication

More complex Kerberos environments may require cross-realm authentication where multiple realms and KDC servers are used (e.g. where one realm/KDC is used for user authentication and another realm/KDC used for obtaining the service ticket).

In such an environment, the KerberosRealm and KerberosKDC properties can be set to the values required for user authentication. The KerberosServiceRealm and KerberosServiceKDC properties can be set to the values required to obtain the service ticket.

3.3 LDAP Authentication

LDAP authentication is supported through DataStax Enterprise Unified Authentication.

  • Set the AuthScheme property to 'LDAP' and set the User and Password properties.

  • In the cassandra.yaml file, set the authenticator property to "com.datastax.bdp.cassandra.auth.DseAuthenticator".

  • Modify the authentication_options section in the dse.yaml file, specifying the default_schema and other_schemas properties as 'ldap'.

  • Modify the ldap_options section in the dse.yaml file, specifying the server_host, server_port, search_dn, search_password, user_search_base, and user_search_filter properties

3.4 Using PKI

You can specify a client certificate to authenticate the provider with SSLClientCert, SSLClientCertType, SSLClientCertSubject, and SSLClientCertPassword.

The following are the connection properties for Cassandra. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Property

Description

Authentication

AuthScheme

The scheme used for authentication. Accepted entries are BASIC, DSE, KERBEROS, and LDAP.

DefaultLDAPUser

The default LDAP user used to connect to and communicate with the server, it must be set if the LDAP server do not allow anonymous bind.

LDAPPassword

The password of the default LDAP user. It must be set if the LDAP server do not allow anonymous bind.

LDAPPort

The port for the LDAP server.

LDAPServer

The host name or IP address of the LDAP server.

Password

The password used to authenticate with Cassandra.

Port

The port for the Cassandra database.

SearchBase

The search base for your LDAPServer, used to look up users.

SearchFilter

The search filter for looking up usernames in LDAP. The default setting is (uid=), When using Active Directory set the filter to (sAMAccountName=).

Server

The host name or IP address of the server hosting the Cassandra database.

User

The username used to authenticate with Cassandra.

UseSSL

This field sets whether SSL is enabled.

Database

Database

The name of the Cassandra keyspace.

Firewall

FirewallPassword

A password used to authenticate to a proxy-based firewall.

FirewallPort

The TCP port for a proxy-based firewall.

FirewallServer

The name or IP address of a proxy-based firewall.

FirewallType

The protocol used by a proxy-based firewall.

FirewallUser

The user name to use to authenticate with a proxy-based firewall.

Kerberos

KerberosKDC

The Kerberos Key Distribution Center (KDC) service used to authenticate the user.

KerberosRealm

The Kerberos Realm used to authenticate the user with.

KerberosSPN

The service principal name (SPN) for the Kerberos Domain Controller.

Logging

Logfile

A path to the log file.

MaxLogFileCount

A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.

MaxLogFileSize

A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.

Verbosity

The verbosity level that determines the amount of detail included in the log file.

Misc

AggregationsSupported

Whether or not to support aggregations in the Cassandra server. Note that in queries to the provider, you must use single quotes to define strings.

AllowFiltering

When true, slow-performing queries are processed on the server.

CaseSensitivity

Enable case sensitivity to the CQL sending to the server, if set to True, the identifiers in the CQL will be enclosed in double quotation marks.

ConnectionLifeTime

The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.

ConnectionString

***

ConsistencyLevel

The consistency level determines how many of the replicas of the data you are interacting with need to respond for the query to be considered a success.

FlattenArrays

By default, nested arrays are returned as strings of JSON. The FlattenArrays property can be used to flatten the elements of nested arrays into columns of their own. Set FlattenArrays to the number of elements you want to return from nested arrays.

FlattenObjects

Set FlattenObjects to true to flatten object properties into columns of their own. Otherwise, objects nested in arrays are returned as strings of JSON.

MaxRows

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

NullToUnset

Use unset instead of NULL in CQL query when performing INSERT operations.

Other

These hidden properties are used only in specific use cases.

Pagesize

The maximum number of results to return per page from Cassandra Server.

PoolIdleTimeout

The allowed idle time for a connection before it is closed.

PoolMaxSize

The maximum connections in the pool.

PoolMinSize

The minimum number of connections in the pool.

PoolWaitTime

The max seconds to wait for an available connection.

PseudoColumns

This property indicates whether or not to include pseudo columns as columns to the table.

QueryPassthrough

This option passes the query to the Cassandra server as is.

Readonly

You can use this property to enforce read-only access to Cassandra from the provider.

RowScanDepth

The maximum number of rows to scan to look for the columns available in a table. Set this property to gain more control over how the provider applies data types to collections.

SSLServerCert

The certificate to be accepted from the server when connecting using TLS/SSL.

SupportEnhancedSQL

This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.

Timeout

The value in seconds until the timeout error is thrown, canceling the operation.

UseConnectionPooling

This property enables connection pooling.

UseJsonFormat

Whether to submit and return the JSON encoding for CQL data types.

VarintToString

Map Cassandra VARINT to String value.

SSL

SSLClientCert

The TLS/SSL client certificate store for SSL Client Authentication (2-way SSL).

SSLClientCertPassword

The password for the TLS/SSL client certificate.

SSLClientCertSubject

The subject of the TLS/SSL client certificate.

SSLClientCertType

The type of key store containing the TLS/SSL client certificate.

PreviousNoSQLNextCassandra Advanced Settings

Last updated