Book Image

Learning Apache Cassandra

By : Matthew Brown
4 (1)
Book Image

Learning Apache Cassandra

4 (1)
By: Matthew Brown

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Apache Cassandra
Matthew Brown
Feb, 2015 | 246 pages
No titles found
Table of Contents (19 chapters)
Learning Apache Cassandra
Learning Apache Cassandra
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Up and Running with Cassandra
Getting Up and Running with Cassandra
What Cassandra offers, and what it doesn't
Installing Cassandra
Bootstrapping the project
Creating a keyspace
Summary
2
The First Table
The First Table
Creating the users table
Inserting data
Selecting data
Developing a mental model for Cassandra
Summary
3
Organizing Related Data
Organizing Related Data
A table for status updates
Working with status updates
Anatomy of a compound primary key
Beyond two columns
Compound keys represent parent-child relationships
Coupling parents and children using static columns
Refining our mental model
Summary
4
Beyond Key-Value Lookup
Beyond Key-Value Lookup
Looking up rows by partition
Retrieving status updates for a specific time range
Paginating over rows in a partition
Reversing the order of rows
Paginating over multiple partitions
Building an autocomplete function
Summary
5
Establishing Relationships
Establishing Relationships
Modeling follow relationships
Storing follow relationships
Looking up follow relationships
Unfollowing users
Using secondary indexes to avoid denormalization
Summary
6
Denormalizing Data for Maximum Performance
Denormalizing Data for Maximum Performance
A normalized approach
Partial denormalization
Fully denormalizing the home timeline
Write complexity and data integrity
Summary
7
Expanding Your Data Model
Expanding Your Data Model
Viewing a table schema in cqlsh
Adding columns to tables
Deleting columns
Updating the existing rows
Removing a value from a column
Inserts, updates, and upserts
Lightweight transactions have a cost
Summary
8
Collections, Tuples, and User-defined Types
Collections, Tuples, and User-defined Types
The problem with concurrent updates
Collection columns and concurrent updates
Using lists for ordered, nonunique values
Using maps to store key-value pairs
Collections in inserts
Collections and secondary indexes
The limitations of collections
Working with tuples
User-defined types
Choosing between tuples and user-defined types
Comparing data structures
Summary
9
Aggregating Time-Series Data
Aggregating Time-Series Data
Recording discrete analytics observations
Recording aggregate analytics observations
Recording analytics observations
Summary
10
How Cassandra Distributes Data
How Cassandra Distributes Data
Data distribution in Cassandra
Data replication in Cassandra
Consistency
Handling conflicting data
Distributed deletion
Summary
Peeking Under the Hood
Peeking Under the Hood
Using cassandra-cli
The structure of a simple primary key table
Compound primary keys in column families
Collection columns in column families
Summary
Authentication and Authorization
Authentication and Authorization
Enabling authentication and authorization
Setting up a user
Controlling access
Authorization in action
Security beyond authentication and authorization
Summary
Wrapping up
Index
Index

Enabling authentication and authorization

By default, Cassandra does not require user authentication when clients connect to the cluster, and it also does not place any restriction on the ability of clients to perform operations on the database. To change this, we will need to make a couple of minor modifications to our Cassandra instance's configuration file. Since modifications to the configuration file are typically a concern of deployment engineers, we haven't interacted with it in this book, so you may be wondering where to find it. Where it's located depends on your platform; the table below assumes you installed Cassandra using the instructions for your platform in the Installing Cassandra section of Chapter 1, Getting Up and Running with Cassandra. The following table gives you the location of the cassandra.yaml file on the respective platforms.

Platform

Configuration file location

Mac OS X

/usr/local/etc/cassandra/cassandra.yaml

Ubuntu

/etc/cassandra/cassandra.yaml

Windows

C:\Program Files\DataStax Community\apache-cassandra\conf\cassandra.yaml

You will need to make two changes to the cassandra.yaml file. First, find the line that begins with authenticator: and change it to:

authenticator: PasswordAuthenticator

This change tells Cassandra to require a username and password when clients connect to the cluster. It does not, however, restrict access based on which user is logged in; to do that, we'll need to enable authorization. Find the line beginning with authorizer: and change it to:

authorizer: CassandraAuthorizer

Now our cluster will restrict the access of the logged in user based on the permissions that user has been granted. You will need to restart your Cassandra instance for the settings to take effect.

Authentication, authorization, and fault tolerance

Using the PasswordAuthenticator and CassandraAuthorizer strategies for authentication and authorization respectively, user credentials and granted permissions are stored in Cassandra itself. This means that, if the authentication data becomes unavailable, no clients will be able to access the cluster. For that reason, you will always want to set the replication factor for your system_auth keyspace to the total number of nodes in your cluster. Since our development cluster consists of only a single node, we don't need to make any changes; in production, however, you will almost certainly have many nodes in your cluster, and you'll want to make sure credentials and permissions are stored locally on every one of them.

Note

For further information on configuring Cassandra authentication, including best practices when configuring authentication in a production cluster, see the DataStax Cassandra documentation at http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/security_config_native_authenticate_t.html.

For more information on configuring authorization, see http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/secure_config_native_authorize_t.html.

Authentication with cqlsh

Now that we've enabled authentication on our development cluster, we will need to reconnect our cqlsh session with a username and password. By default, Cassandra has a superuser account whose username and password are both cassandra, so we can use that:

$ cqlsh -u cassandra -p cassandra

In a production cluster, of course, we would not want to have a superuser account with such an easily guessable password; however, for our purposes, this will work fine.

Authentication in your application

The details differ from language to language, but the CQL driver for your platform should provide a mechanism for authenticated connections. Consult your driver's documentation for more information.

Previous Section
End of Section
Next Section