Is there a way to disable TDE once enabled in DSE 6.7.7 version ?
We have already followed the steps from https://docs.datastax.com/en/security/6.7/security/secEncryptEnable.html
But we would like to revert the key creation and disable TDE on the tables. What happens to the existing data once we disable the TDE will we be able to query that data without any issues ?
You can actually just ALTER TABLE to change the "WITH COMPRESSION" settings and remove the encryption that was previously configured.
After that, run "nodetool upgradesstables -a keyspace table".
Related
I am working on a cassandra backup and recovery strategy for our cassandra system and am trying to understand how the backup and sstable recovery works in cassandra. Here are of my observations and related questions (my need is to setup a standby/backup cluster which would become active if the primary cluster goes down.. so I want to keep them in sync in terms of data, so I want to take periodic backups at my active cluster and recover to the standby cluster)
Took a snapshot backup. Dropped a table in cassandra. Stopped cassandra, recovered from the snapshot backup (copied the sstables to the data/ folder), started cassandra. Ran cqlsh on the node, and I still do not see the table created. Should this work? Am I missing any step ?
In the above scenario, I then tried to re-setup the schema (I take backup of the schema in the snapshot) using the cql commant source . This created the table for me. However it creates a "new version" of table for me. When I recover the snapshot has the older version (different uuid labelled folders for table). After recovery, I still see no data in the table. Possibly because I created a new table?
I was finally able to recover data after running nodetool repair and using sstableloader to restore table data from another node in the cluster.
My question is
a. what is the right way to setup a new (blank- no schema) cluster from a snapshot? How do you setup the schema and recover data?
b. how do you restore a cluster from a backup with table alterations. How do you bring a cluster running an older version of schema to a newer version of schema when recovering from a backup (snapshot or incremental)?
(NOTE: cassandra newbie here)
So if you want to restore a snapshot, you need to copy the snapshot files back to the sstable directory and then run: nodetool refresh. You can read:
https://docs.datastax.com/en/dse/5.1/dse-admin/datastax_enterprise/operations/opsBackupSnapshotRestore.html
for more information. Also, there are 3rd party tools that can back up your data and then restore it as it was at the time of the backup. We use a tool: Cohesity (formally Talena/Imanis). It has a lot of capabilities (refreshing A to B, restore/rename, etc.). There are other popular ones as well. All of them have costs associated with them.
Hopefully that helps?
-Jim
I use the community edition of Cassandra (not DSE). Earlier I used to use a tool called descanter. when I click "clone" in descanter on an existing table. it used to give me the CQL necessary to re-create the existing table.
Now on my new MacOS (High Sierra) the devcenter tool is broken. I searched on the forums and found that DataStax has no intention of maintaining the tool.
So I am now using the command line CQLSH. Now in CQLSH if I have an existing table. How to generate the query to clone an existing table?
I only need the table structure. I don't need any data.
I cannot physically login to the Cassandra server. So everything needs to be done by connecting to Cassandra remotely using CQLSH.
DESCRIBE command should help you
I am restoring Cassandra[3.10] backup using the snapshots. I have taken the backup of all the keyspaces, but there are additional keyspaces in Cassandra like system_distributed,system_auth,system_schema, system.
My question is while restoring do we also need this to be restored?
Below is the link that I followed
http://docs.datastax.com/en/cassandra/2.1/cassandra/operations/ops_backup_snapshot_restore_t.html#ops_backup_snapshot_restore_t
You should NOT restore system keyspaces, except for the system_auth keyspace (you need this for the logins to work). You can run into issues by doing so. I supported recently a production system which had that type of problems because they backed up and restored the system keyspaces. I can't remember what the issue was, but I remember it had to do with the restore of these tables that kept values which should not be "recycled."
Cassandra will create the system keyspaces on startup if they don't exist already.
Equally important is to backup a schema version. You will need the schema corresponding to the backup that you are restoring. Otherwise, if your schema changed since your last backup, the restore will not go well.
I am using DSE version 5.09 and Opscenter version 6.08.
Opscenter restore process seems to be failing when node-to-node encryption is enabled on C* nodes. It works successfully when I disable TLS on all nodes and carry out restore process.
Has anyone faced similar issue or Is there a way around to get the restore successfully done without disabling TLS?
Also SSTableloader seems to be failing with node-to-node encryption enabled.
Is DSE restore process using SSTableloader/Opscenter isn't feasible with TLS enabled? Any opinions/comments would be appreciated. Thanks in advance
DataStax OpsCenter engineer here.
This is a known issue and is tracked internally via the ticket id's DSP-14202 and OPSC-12334, if you have support or access to a sales engineer they can check the status of these tickets for you. I'm not on the DSE team, but my sense is that progress has been made on this issue and that it should be addressed in the next round of patch-releases for DSE.
In the meantime, I think you simply won't be able to use OpsCenter to perform your restores with this configuration. You'd have either disable node-to-node encryption or do restores outside of OpsCenter and pass in extra TLS options like:
JVM_OPTS="$JVM_OPTS -Dssl.keystore=$2 -Dssl.enabled=true";
JVM_OPTS="$JVM_OPTS -Dssl.keystore.password=$2";
JVM_OPTS="$JVM_OPTS -Dssl.truststore=$2 -Dssl.enabled=true";
JVM_OPTS="$JVM_OPTS -Dssl.truststore.password=$2";
I have Cassandra cluster (ver 2.0.12) and Datastax Agents 5.0.1. Also I using OpsCenter 5.1.0. In "Explorer" tab I see no keyspaces.
Query from CLI:
SELECT keyspace_name FROM system.schema_keyspaces;
show my keyspaces. I try URL:
http://<cluster_url>:8888/<cluster_name>/keyspaces
that show me JSON output which conatain keyspaces info(i think), but "Explorer" tab still empty.
Opscenter does not necessarily automatically connects to the local node to get the cluster information. You can review this piece of documentation to check what is in your configuration files, and update them properly. There can be multiple reasons why OpsCenter can't connect to your local instance.
Or you can use the wizard to add a cluster to manage. This should populate data properly into the config files.