Open /etc/cassandra/cassandra.yaml and modify authenticator: from AllowAllAuthenticator to PasswordAuthenticator, so Cassandra will create a default user cassandra/cassandra.
To create own user : create dir /docker-entrypoint-initdb.d/ and create cql file init-query.cql with content (CREATE USER IF NOT EXISTS admin WITH PASSWORD 'vmware' SUPERUSER;) so it will create a user admin/vmware.
To execute the init-query.cql file on db startup, need to modify the docker-entrypoint.sh file, add the below content right before exec "[email protected]"
for f in docker-entrypoint-initdb.d/*; do case "$f" in *.sh) echo "$0: running $f"; . "$f" ;; *.cql) echo "$0: running $f" && until cqlsh --ssl -u cassandra -p cassandra -f "$f"; do >&2 echo "Cassandra is unavailable - sleeping"; sleep 2; done & ;; *) echo "$0: ignoring $f" ;; esac echo done
Here, cqlsh --ssl -u cassandra -p cassandra used to run *.cql file (if ssl is not enabled then remove --ssl option)
Modify the start_rpc: true in /etc/cassandra/cassandra.yaml file.
To enable the SSL : generate the self sign certificate(Run generateDbCert.sh file inside container) and modify the /etc/cassandra/cassandra.yaml file with below content
server_encryption_options:internode_encryption: allkeystore: /cassandra/certs/cassandra.keystorekeystore_password: vmwaretruststore: /cassandra/certs/cassandra.truststoretruststore_password: vmware# More advanced defaults below:protocol: TLSalgorithm: SunX509store_type: JKScipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]require_client_auth: false# require_endpoint_verification: false# enable or disable client/server encryptionclient_encryption_options:enabled: true# If enabled and optional is set to true encrypted and unencrypted connections are handled.optional: falsekeystore: /cassandra/certs/cassandra.keystorekeystore_password: vmwarerequire_client_auth: false# Set trustore and truststore_password if require_client_auth is truetruststore: /cassandra/certs/cassandra.truststoretruststore_password: vmware# More advanced defaults below:protocol: TLSalgorithm: SunX509store_type: JKScipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
To login cqlsh client : need to create a cqlshrc file and copy in /root/.cassandra/ and /home/cassandra/.cassandra/ folder
[authentication]username = cassandrapassword = cassandra[connection]hostname = 127.0.0.1port = 9042factory = cqlshlib.ssl.ssl_transport_factory[ssl]certfile = /cassandra/certs/fiaascocassandra_CLIENT.cer.pem# Optional, true by defaultvalidate = false# Next 2 lines must be provided when require_client_auth = true in the cassandra.yaml file# userkey = /cassandra/certs/fiaascocassandra_CLIENT.key.pem# usercert = /cassandra/certs/fiaascocassandra_CLIENT.cer.pem
Exit from the running container and restart the container.
Login : cqlsh --ssl -u cassandra -p cassandra .
See logs : /var/log/cassandra .
Attaching the required files which help to enable the authentication and ssl in Cassandra base image.
To download the Cassandra client as DevCenter from DevCenter.
