Secure the TMP directory
Enterprise security policies often require mounting the /tmp directory with the no execution (noexec) flag.
By default, Cassandra Java Native Access (JNA) is mapped to /tmp;
JNA requires an executable directory to start.
Remap JNA to a different (executable) directory and change permissions to allow full access to the user that runs the DSE service.
There are three files that control Java Virtual Machine options:
-
jvm-server.options: options independent of any particular JVM -
jvm8-server.options: options particular to JVM 8 -
jvm11-server.options: options particular to JVM 11
The location of the JVM options file depends on your installation type.
-
Package installations:
/etc/hcd/cassandra/jvm [8 \| 11] -server.options -
Tarball installations:
INSTALLATION_LOCATION/resources/cassandra/conf/jvm [8 \| 11] -server.options
Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
Procedure
-
Create a directory and grant full access to the Cassandra user.
-
Map the JNA temporary directory; in jvm-server.options file, add the following flag with the path to the new directory:
-Djna.tmpdir=<JNA_startup_directory>
-
If HCD fails to start because the JNA startup directory is not available, the following error may appear in the system log:
tail -3 /var/log/cassandra/system.logThe error is similar to:
ERROR main 2024-07-28 09:57:00,879 CassandraDaemon.java:213 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so. INFO Thread-2 2024-07-28 09:57:00,880 DseDaemon.java:418 - HCD shutting down... INFO Thread-2 2024-07-28 09:57:00,881 PluginManager.java:103 - All plugins are stopped.
