Enabling and configuring the DSE Backup and Restore Service (beta)

Get the DSE Backup and Restore Service up and running.

cassandra.yaml

The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra.yaml
Tarball installations installation_location/resources/cassandra/conf/cassandra.yaml
Important: The DSE Backup and Restore Service is currently in beta and is intended to be used by users provisioning DSE via the DataStax Cass Operator in a Kubernetes cluster.
To enable the DSE Backup and Restore Service:
  1. Edit the cassandra.yaml configuration file on each node in the cluster and uncomment: 
    backup_service:
    enabled: false
    Important: Retain the four spaces before enabled.
  2. Set the value of enabled: false to enabled: true.
  3. Optional: uncomment staging_directory: and point to a directory of your choice. That directory will hold the backup staging files. The default staging directory for package installations is /var/lib/cassandra/backups_staging. If the property is not set, the default staging directory is $CASSANDRA_HOME/data/backups_staging.
    Important: The directory must exist. Package DSE installations will automatically create the default staging directory whereas tarball installations will not.
  4. Optional: uncomment backups_max_retry_attempts: and set the number of times the backup process should retry after each failed attempt.
  5. Restart each node.
  6. Start cqlsh and verify that the DSE Backup and Restore Service is running:
    LIST BACKUP STORES;

 name | class | settings
------+-------+----------

(0 rows)

Enabling the DSE Backup and Restore Service cluster-wide

If you have many nodes in your DSE cluster, logging in to each one to make cassandra.yaml changes can be a tedious process. To streamline modifications, you can use the parallel-ssh utility to issue modification commands on multiple nodes using a single command.
Important: Because of variations between operating systems, the commands in this section may not work using copy/paste. Be prepared to make environment-specific modifications as required.
Important: The instructions in this section assume you are using the DSE package installation method. If you have installed DSE using tarballs, adjust the commands as required.

Prerequisites

Before continuing, make sure you meet the following prerequisites:

  • SSH access to every node in the cluster from an administration node
  • A version of parallel-ssh and sshpass installed on an administration node
  • An account on each node that has read/write access to DSE configuration files, specifically cassandra.yaml
  • The awk text processor installed on each node

Installing and configure parallel-ssh

Before continuing, configure a node you'll use to manage backup and restore operations:

  1. Install parallel-ssh and sshpass:
    • Debian Linux:
      sudo apt-get install pssh
      sudo apt-get install sshpass
    • RedHat Linux
      sudo yum install pssh
      sudo yum install sshpass
  2. Retrieve a list of DSE nodes and copy it to the parallel SSH hosts file:
    nodetool status | awk '/^(U|D)(N|L|J|M)/{print $2}' > ~/.pssh_hosts_files
  3. Generate an SSH keypair:
    ssh-keygen
  4. Copy your node password to a local file, password_file.
    Warning: Do not keep the password file any longer than it takes to complete the instructions in this section.
  5. Copy the key to each node in the cluster:
    cat ~/.pssh_hosts_files | while read line; do sshpass -f password_file ssh_copy-id -i ~/.ssh/ssh-key username@"$line"; done
  6. Verify that parallel SSH is working as expected by executing the date command on the node list:
    pssh -i -h ~/.pssh_hosts_file date
[1] 18:10:10 [SUCCESS] username@xxx.xxx.xxx.xxx
Mon Mar 16 18:10:10 MST 2020
[2] 18:10:10 [SUCCESS] username@xxx.xxx.xxx.xxx
Mon Mar 16 18:10:10 MST 2020
[3] 18:10:10 [SUCCESS] username@xxx.xxx.xxx.xxx
Mon Mar 16 18:10:10 MST 2020
[4] 18:10:10 [SUCCESS] username@xxx.xxx.xxx.xxx
Mon Mar 16 18:10:10 MST 2020
  7. Delete password_file:
    rm password_file

Enabling the DSE Backup and Restore Service on all nodes

Enable the backup and restore service on each node:

  1. Update cassandra.yaml to enable the DSE Backup and Restore Service:
    pssh -i -h ~/.pssh_hosts_file awk -i inplace \
                                '{ if (/backup_service:/) { \
                                     getline; getline; print "backup_service:\n    enabled: true" \
                                 } \
                                     else { print } \
                                 }' cassandra.yaml
  2. Restart the DSE nodes:
    pssh -i -h ~/.pssh_hosts_file sudo service dse restart

Assigning the backup role to a DSE user

You can run backups using the default cassandra superuser (or any other superuser); however, as a security best practice, you should assign the backup role to a non-superuser account.

To assign the backup role to a DSE user:
  1. Create a new user if required:
    CREATE ROLE IF NOT EXISTS username;
  2. Assign the backup role:
    GRANT dse_backup_operator TO username;
  3. Set a password:
    ALTER ROLE username WITH PASSWORD = 'password';

What to do next

With the DSE Backup and Restore Service enabled and running, and a user with assigned backup role rights, continue to Creating and managing backup stores (beta).