README
¶
The FireCamp Cassandra container is based on the official Cassandra image. The data volume will be mounted to the /data directory inside container. All Cassandra data, including data file, commit log, hints, and the key cache, will be stored under /data directory.
Topology
Cassandra Ec2Snitch could load the AWS region and availability zone from the EC2 API. But Ec2Snitch could not support other clouds, such as Google or Microsoft Cloud. So the GossipingPropertyFileSnitch is used to teach Cassandra about the topology. Every member will record the region as dc, and the availability zone as rack.
Only one region is supported currently. The multi-regions Cassandra will be supported in the future.
Security
The FireCamp Cassandra follows the official security guide. The Authentication and Authorization are enabled by default.
The TLS/SSL encryption is not enabled to avoid the possible impact on performance. This would not be a big security risk. The Cassandra cluster on the FireCamp platform could only be accessed by the nodes running on the AppAccessSecurityGroup and the same VPC. And both Authentication and Authorization are enabled. Even if someone hacks to the application node, he/she will need to know the username and password to access the Cassandra cluster.
After the Cassandra cluster is initialized, please login to create a new superuser and disable the default "cassandra" superuser. For example, cluster name is t1, cassandra service name is mycas. The steps are:
-
Login to the cluster: cqlsh mycas-0.t1-firecamp.com -u cassandra -p cassandra
-
Create a new superuser: CREATE ROLE newsuperuser WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = 'super';
-
Log out.
-
Login to the cluster with the new superuser: cqlsh mycas-0.t1-firecamp.com -u newsuperuser -p super
-
Disable the default superuser: ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;
-
Finally, set up the roles and credentials for your application users with CREATE ROLE statements.
Cache
The Cassandra key cache is enabled, and the row cache is disabled. The key cache size is automatically calculated based on the total memory of the node.
Note: the FireCamp Cassandra assumes the whole node is only used by Cassandra. We may consider to limit the max cpu and memory for Cassandra container in the future.
Logging
The Cassandra logs are sent to the Cloud Logs, such as AWS CloudWatch logs.
Set JVM TTL for Java CQL driver
By default, JVM caches a successful DNS lookup forever. If you use Cassandra Java CQL driver, please set JVM TTL to a reasonable value such as 60 seconds. So when Cassandra container moves to another node, Java CQL driver could lookup the new address.
Refs:
Documentation
¶
Index ¶
- Constants
- func GenDefaultCreateServiceRequest(platform string, region string, azs []string, cluster string, service string, ...) *manage.CreateServiceRequest
- func GenDefaultInitTaskRequest(req *manage.ServiceCommonRequest, logConfig *cloudlog.LogConfig, ...) *containersvc.RunTaskOptions
- func GenInitTaskEnvKVPairs(region string, cluster string, service string, manageurl string) []*common.EnvKeyValuePair
- func GenReplicaConfigs(platform string, region string, cluster string, service string, azs []string, ...) []*manage.ReplicaConfig
Constants ¶
const ( // ContainerImage is the main Cassandra running container. ContainerImage = common.ContainerNamePrefix + "cassandra:" + common.Version // InitContainerImage initializes the Cassandra cluster. InitContainerImage = common.ContainerNamePrefix + "cassandra-init:" + common.Version )
Variables ¶
This section is empty.
Functions ¶
func GenDefaultCreateServiceRequest ¶
func GenDefaultCreateServiceRequest(platform string, region string, azs []string, cluster string, service string, replicas int64, volSizeGB int64, res *common.Resources) *manage.CreateServiceRequest
GenDefaultCreateServiceRequest returns the default service creation request.
func GenDefaultInitTaskRequest ¶
func GenDefaultInitTaskRequest(req *manage.ServiceCommonRequest, logConfig *cloudlog.LogConfig, serviceUUID string, manageurl string) *containersvc.RunTaskOptions
GenDefaultInitTaskRequest returns the default Cassandra init task request.
func GenInitTaskEnvKVPairs ¶
func GenInitTaskEnvKVPairs(region string, cluster string, service string, manageurl string) []*common.EnvKeyValuePair
GenInitTaskEnvKVPairs generates the environment key-values for the init task.
func GenReplicaConfigs ¶
func GenReplicaConfigs(platform string, region string, cluster string, service string, azs []string, replicas int64) []*manage.ReplicaConfig
GenReplicaConfigs generates the replica configs.
Types ¶
This section is empty.
Source Files