Upgrading DataStax Enterprise 6.0 to 6.7 or 6.8

Instructions for upgrading DSE 6.0 to 6.7 or 6.8.

jvm.options

The location of the jvm.options file depends on the type of installation:

Package installations	/etc/dse/cassandra/jvm.options
Tarball installations	`installation_location`/resources/cassandra/conf/jvm.options


OpsCenter version	DSE version
6.8	6.8, 6.7, 6.0, 5.1
6.7	6.7, 6.0, 5.1
6.5	6.0, 5.1, 5.0 (EOL)
6.1	5.1, 5.0 (EOL), 4.8 (EOSL)
6.0	5.0 (EOL), 4.8 (EOSL), 4.7 (EOSL)

DataStax Enterprise and Apache Cassandra™ configuration files


Configuration file	Installer-Services and package installations	Installer-No Services and tarball installations
DataStax Enterprise configuration files
dse	/etc/default/dse (systemd) or /etc/init.d/ (SystemV)	N/A. Node type is set via command line flags.
byoh-env.sh	/etc/dse/byoh-env.sh	`install_location`/bin/byoh-env.sh
dse.yaml	/etc/dse/dse.yaml	`install_location`/resources/dse/conf/dse.yaml
logback.xml	/etc/dse/cassandra/logback.xml	`install_location`/resources/logback.xml
spark-env.sh	/etc/dse/spark/spark-env.sh	`install_location`/resources/spark/conf/spark-env.sh
spark-defaults.conf	/etc/dse/spark/spark-defaults.conf	`install_location`/resources/spark/conf/spark-defaults.conf
Cassandra configuration files
cassandra.yaml	/etc/dse/cassandra/cassandra.yaml	`install_location`/conf/cassandra.yaml
cassandra.in.sh	/usr/share/cassandra/cassandra.in.sh	`install_location`/bin/cassandra.in.sh
cassandra-env.sh	/etc/dse/cassandra/cassandra-env.sh	`install_location`/conf/cassandra-env.sh
cassandra-rackdc.properties	/etc/dse/cassandra/cassandra-rackdc.properties	`install_location`/conf/cassandra-rackdc.properties
cassandra-topology.properties	/etc/dse/cassandra/cassandra-topology.properties	`install_location`/conf/cassandra-topology.properties
jmxremote.password	/etc/cassandra/jmxremote.password	`install_location`/conf/jmxremote.password
Tomcat server configuration file
server.xml	/etc/dse/resources/tomcat/conf/server.xml	`install_location`/resources/tomcat/conf/server.xml

Upgrade order

Upgrade nodes in this order:

In multiple datacenter clusters, upgrade every node in one datacenter before upgrading another datacenter.
Upgrade the seed nodes within a datacenter first.
Upgrade nodes in this order:
1. DSE Analytics datacenters
2. Transactional/DSE Graph datacenters
3. DSE Search datacenters

cassandra.yaml

The location of the cassandra.yaml file depends on the type of installation:

Package installations	/etc/dse/cassandra/cassandra.yaml
Tarball installations	`installation_location`/resources/cassandra/conf/cassandra.yaml

dse.yaml

The location of the dse.yaml file depends on the type of installation:

Package installations	/etc/dse/dse.yaml
Tarball installations	`installation_location`/resources/dse/conf/dse.yaml

DataStax driver changes

DataStax drivers come in two types:

DataStax drivers for DataStax Enterprise — for use by DSE 4.8 and later
DataStax drivers for Apache Cassandra™ — for use by Apache Cassandra™ and DSE 4.7 and earlier

Note: While the DataStax drivers for Apache Cassandra drivers can connect to DSE 5.0 and later clusters, DataStax strongly recommends upgrading to the DSE drivers. The DSE drivers provide functionality for all DataStax Enterprise features.

dse-env.sh

The default location of the dse-env.sh file depends on the type of installation:

Package installations	/etc/dse/dse-env.sh
Tarball installations	`installation_location`/bin/dse-env.sh

The upgrade process for DataStax Enterprise provides minimal downtime (ideally zero). During this process, upgrade and restart one node at a time while other nodes continue to operate online. With a few exceptions, the cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

Warning: Due to a serious bug which affects DSE 6.8.7 and DSE 6.8.8, DataStax recommends against upgrading to those versions at this time. If you have already upgraded to these versions, please EITHER set zerocopy_streaming_enabled=false in and perform a rolling restart, AND/OR run upgradesstables on all nodes in your cluster before adding new nodes, running repair, or restoring from backups. This bug will be addressed in DSE 6.8.9.

Tip: DataStax is offering a complimentary half-day Upgrade Assessment. This assessment is a DataStax Services engagement designed to assess the upgrade compatibility of your existing DSE deployment to later DSE versions, including 5.1, 6.0, 6.7, and 6.8. Contact the DataStax Services team to schedule your assessment.

Attention: Read and understand these instructions before upgrading. Carefully reviewing the planning and upgrade instructions can prevent errors and data loss. In addition, review the DSE 6.7 or DSE 6.8 release notes for all changes before upgrading.

Back up your existing installation

Warning: DataStax recommends backing up your data prior to any version upgrade.

A backup provides the ability to revert and restore all the data used in the previous version if necessary. For manual backup instructions, see Backing up and restoring DSE.

Tip: OpsCenter provides a Backup Service that manages enterprise-wide backup and restore operations for DataStax Enterprise clusters and is highly recommended over any manual backup procedure. Ensure you use a compatible version of OpsCenter for your DSE version.

Upgrade SSTables

Warning: Be certain to upgrade SSTables on your nodes both before and after upgrading. Failure to upgrade SSTables will result in severe performance penalties and possible data loss.

Version specific notes

Important: DSE Search changes: As of DSE 6.7.5, unbounded facet searches are no longer allowed using facet.limit=-1. The maximum facet limit value is 20,000 as set by solr.max.facet.limit.size. While the facet limit size can be overriden using -Dsolr.max.facet.limit.size in , or jvm[ 8 | 11 ]-server.options, depending upon your JVM version, if you are upgrading to DSE 6.8, it is not recommended.

Important: DSE Search changes: As of DSE 6.7.7 and later, the Solr timeAllowed parameter is enabled by default to prevent long running shard queries, such as complex facets and Boolean queries, from using system resources after they have timed out from the DSE Search coordinator. For details, see Limiting queries by time

Important: DSE Search changes: As of DSE 6.8.0, unbounded facet searches are no longer allowed using facet.limit=-1. The maximum facet limit value is 20,000 as set by solr.max.facet.limit.size. While the facet limit size can be overriden using -Dsolr.max.facet.limit.size in jvm[ 8 | 11 ]-server.options, depending upon your JVM version, it is not recommended.

Upgrade restrictions and limitations

Restrictions and limitations apply while a cluster is in a partially upgraded state. The cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

General restrictions

Do not enable new features.
Ensure OpsCenter compatibility. See the compatibility table.
Do not run nodetool repair.
Stop the OpsCenter Repair Service if enabled: 6.5 | 6.7 | 6.8.
During the upgrade, do not bootstrap new nodes or decommission existing nodes.
Do not issue TRUNCATE or DDL related queries during the upgrade process.
Do not alter schemas for any workloads.
Complete the cluster-wide upgrade before the expiration of gc_grace_seconds (approximately 13 days) to ensure any repairs complete successfully.
If the DSE Performance Service was disabled before the upgrade, do not enable it during the upgrade. See DSE Performance Service: 6.7 | 6.0 | 5.1 | 5.0 | OpsCenter 6.8 | OpsCenter 6.7 | OpsCenter 6.5.

Note: Nodes on different versions might show a schema disagreement during an upgrade.

Restrictions for nodes using security

Do not change security credentials or permissions until the upgrade is complete on all nodes.
If you are not already using Kerberos, do not set up Kerberos authentication before upgrading. First upgrade the cluster, and then set up Kerberos.

Restrictions for DSE Advanced Replication nodes

Upgrades are supported only for DSE Advanced Replication V2.

Driver version impacts

Be sure to check driver compatibility. Depending on the driver version, you might need to recompile your client application code. See DataStax driver changes.

During upgrades, you might experience driver-specific impact when clusters have mixed versions of drivers. If your cluster has mixed versions, the protocol version is negotiated with the first host to which the driver connects, although certain drivers, such as Java 4.x/2.x automatically select a protocol version that works across nodes. To avoid driver version incompatibility during upgrades, use one of these workarounds:

Protocol version: Set the protocol version explicitly in your application at start up. Switch to the Java driver to the new protocol version only after the upgrade is complete on all nodes in the cluster.
Initial contact points: Ensure that the list of initial contact points contains only hosts with the oldest DSE version or protocol version. For example, the initial contact points contain only protocol version 2.

For details on protocol version negotiation, see protocol versions with mixed clusters in the Java driver version you're using, for example, Java driver.

Attention: Starting January 2020, you can use the same DataStax driver for Apache Cassandra™ (OSS), DataStax Enterprise, and DataStax Distribution of Apache Cassandra™ (DDAC). DataStax has unified drivers to avoid user confusion and enhance the OSS drivers with some of the features in the DSE drivers. For more information, see the Better Drivers for Cassandra™ blog.

Preparing to upgrade

Follow these steps to prepare each node for the upgrade:

Note: These steps are performed in your current version and use DSE 6.0 documentation.

Upgrade to the latest patch release on your current version. Fixes included in the latest patch release can simplify the upgrade process.
Get the current DSE version:
```
bin/dse -v
current_dse_version
```
Familiarize yourself with the changes and features in the new release:
- DataStax Enterprise 6.7 release notes | 6.8 release notes.
- General upgrading advice for any version. Be sure to read 6.7 NEWS.txt | 6.8 NEWS.txt all the way back to your current version.
- DataStax Enterprise changes in 6.7 CHANGES.txt | 6.8 CHANGES.txt.
- DataStax driver changes.
Before upgrading, be sure that each node has adequate free disk space.
Determine current DSE data disk space usage:
```
sudo du -sh /var/lib/cassandra/data/
3.9G	/var/lib/cassandra/data/
```
Determine available disk space:
```
sudo df -hT /
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4   59G   16G   41G  28% /
```
Important: The required space depends on the compaction strategy. See Disk space
Replace ITriggers and custom interfaces.
All custom implementations, including the following interfaces, must be replaced with supported implementations when upgrading to DSE 6.x:
- The org.apache.cassandra.triggers.ITrigger interface was modified from augment to augmentNonBlocking for non-blocking internal architecture. Updated trigger implementations must be provided on upgraded nodes. If unsure, drop all existing triggers before upgrading. To check for existing triggers:
```
SELECT * FROM system_schema.triggers;
```
```
DROP TRIGGER trigger_name ON keyspace_name.table_name;
```
- The org.apache.cassandra.index.Index interface was modified to comply with the core storage engine changes. Updated implementations are required. If unsure, drop all existing custom secondary indexes before upgrading, except DSE Search indexes, which do not need to be replaced. To check for existing indexes:
```
SELECT * FROM system_schema.indexes;
```
```
DROP INDEX index_name;
```
- The org.apache.cassandra.cql3.QueryHandler, org.apache.cassandra.db.commitlog.CommitLogReadHandler, and other extension points have been changed. See QueryHandlers.
Tip: For help contact the DataStax Services team.
Support for Thrift-compatible tables (COMPACT STORAGE) is dropped. Before upgrading, migrate all non-system tables that have COMPACT STORAGE to CQL table format:
```
cqlsh -e 'DESCRIBE FULL SCHEMA;' > schema_file
```
```
cat schema_file | while read -d $';\n' line ; do
  if echo "$line"|grep 'COMPACT STORAGE' 2>&1 > /dev/null ; then
    TBL="`echo $line|sed -e 's|^CREATE TABLE $[^ ]*$ .*$|\1|'`"
    if echo "$TBL"|egrep -v '^system' 2>&1 > /dev/null; then
      echo "ALTER TABLE $TBL DROP COMPACT STORAGE;" >> schema-drop-list
    fi
  fi
done
```
```
cqlsh -f schema-drop-list
```
Note: The script above dumps the complete DSE schema to schema_file, uses grep to find lines containing COMPACT STORAGE, and then writes only those table names to schema-drop-list along with the required ALTER TABLE commands. The schema-drop-list file is then read by cqlsh which runs the ALTER TABLE commands contained therein.
Warning: DSE will not start if tables using COMPACT STORAGE are present.
Upgrade the SSTables on each node to ensure that all SSTables are on the current version:
```
nodetool upgradesstables
```
Warning: Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage.

Tip: Use the --jobs option to set the number of SSTables that upgrade simultaneously. The default setting is 2, which minimizes impact on the cluster. Set to 0 to use all available compaction threads. DataStax recommends running the upgradesstables command on one node at a time or when using racks, one rack at a time.

If the SSTables are already on the current version, the command returns immediately and no action is taken.
Ensure that keyspace replication factors are correct for your environment:
```
cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'replication_factor': '3'}  AND durable_writes = true;
```
- Check the keyspace replication factor for analytics keyspaces (6.7) | analytics keyspaces (6.8).
- Check the keyspace replication factor for system_auth and dse_security (6.7) | system_auth and dse_security (6.8) keyspaces.
Verify the Java runtime version and upgrade to the recommended version.
```
java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
```
- Recommended: OpenJDK 8 (1.8.0_151 minimum)
  Note: Recommendation changed due to the end of public updates for Oracle JRE/JDK 8. See Oracle Java SE Support Roadmap.
- Supported: Oracle Java SE 8 (JRE or JDK) (1.8.0_151 minimum)
Important: Although Oracle JRE/JDK 8 is supported, DataStax does more extensive testing on OpenJDK 8.
Run nodetool repair to ensure that data on each replica is consistent with data on other nodes:
```
nodetool repair -pr
```
Install the libaio package for optimal performance.
RHEL platforms:
```
sudo yum install libaio
```
Debian:
```
sudo apt-get install libaio1
```
Back up any customized configuration files since they may be overwritten with default values during installation of the new version.
Tip: If you backed up your installation using instructions in Backing up and restoring DSE, your original configuration files are included in the archive.

Upgrade steps

Follow these steps on each node in the recommended . The upgrade process requires upgrading and restarting one node at a time.

Note: These steps are performed in your upgraded version and use DSE 6.7 or DSE 6.8 documentation depending upon your target version.

Flush the commit log of the current installation:
```
nodetool drain
```
Stop the node:
- Package installations:
```
sudo service dse stop
```
- Tarball installations:
```
installation_dir/bin/dse cassandra-stop
```
Use the appropriate method to install the new product version on a supported platform:
Warning: Install the new product version using the same installation type that is on the system, otherwise problems might result.

To configure the new version:

Compare changes in the new files with the backup configuration files after the upgrade but before restarting, remove deprecated settings, and update any new settings if required.

Warning: Do not simply replace new configuration files with old. Rather compare your old files to the new files and make any required changes.

Tip: Use the DSE yaml_diff tool (6.7) | yaml_diff tool (6.8) to compare backup YAML files with the upgraded YAML files:

cd /usr/share/dse/tools/yamls

./yaml_diff path/to/yaml-file-old path/to/yaml-file-new
...
 CHANGES 
=========
authenticator:
- AllowAllAuthenticator
+ com.datastax.bdp.cassandra.auth.DseAuthenticator

authorizer:
- AllowAllAuthorizer
+ com.datastax.bdp.cassandra.auth.DseAuthorizer

roles_validity_in_ms:
- 2000
+ 120000
...

cassandra.yaml changes

Table 1. Memtable settings
Deprecated cassandra.yaml settings:
memtable_heap_space_in_mb memtable_offheap_space_in_mb
Replacement setting:
memtable_space_in_mb
Changed setting
memtable_allocation_type: offheap_objects

Table 2. User-defined function (UDF) settings
Deprecated cassandra.yaml settings:
user_defined_function_warn_timeout user_defined_function_fail_timeout
Replacement settings:
user_defined_function_warn_micros: 500 user_defined_function_fail_micros: 10000 user_defined_function_warn_heap_mb: 200 user_defined_function_fail_heap_mb: 500 user_function_timeout_policy: die Settings are in microseconds. The new timeouts are not equivalent to the deprecated settings.

Table 3. Internode encryption settings
Deprecated cassandra.yaml setting:
server_encryption_options: store_type: JKS
Replacement settings:
server_encryption_options: keystore_type: JKS truststore_type: JKS Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for `keystore_type`, and JKS, JCEKS, or PKCS12 for `truststore_type`.

Important: For security reasons, DSE 6.8 only allows the TLS encryption option protocol:

server_encryption_options:
    ...
    protocol: TLS

See https://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html#newft for details.

Table 4. Client-to-node encryption settings
Deprecated cassandra.yaml setting:
client_encryption_options: store_type: JKS
Replacement settings:
client_encryption_options: keystore_type: JKS truststore_type: JKS Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for `keystore_type`, and JKS, JCEKS, or PKCS12 for `truststore_type`.

Important: For security reasons, DSE 6.8 only allows the TLS encryption option protocol:

client_encryption_options:
    ...
    protocol: TLS

See https://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html#newft for details.

dse.yaml changes

Table 5. Spark resource and encryption options
Deprecated dse.yaml setting:
spark_ui_options: server_encryption_options: store_type: JKS
Replacement settings:
spark_ui_options_options: server_encrption_options: keystore_type: JKS truststore_type: JKS Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for `keystore_type`, and JKS, JCEKS, or PKCS12 for `truststore_type`.

When upgrading DSE to versions earlier than 5.1.16, 6.0.8, or 6.7.4 inclusive, if any tables are using DSE Tiered Storage, remove all txn_compaction log files from second-level tiers and lower. For example, given the following dse.yaml configuration, remove txn_compaction log files from /mnt2 and /mnt3 directories:
```
tiered_storage_options:
    strategy1:
        tiers:
            - paths:
                - /mnt1
            - paths:
                - /mnt2
            - paths:
                - /mnt3
```
The following example removes the files using the find command:
```
find /mnt2 -name "*_txn_compaction_*.log" -type f -delete &&
find /mnt3 -name "*_txn_compaction_*.log" -type f -delete
```
Warning: Failure to complete this step may result in data loss.
Remove any previously installed JTS JAR files from the CLASSPATHS in your DSE installation. JTS (Java Topology Suite) is distributed with DSE 6.7.
Start the node.
- Package installations (6.7) | Package installations (6.8):
```
sudo service dse start
```
- Tarball installations (6.7) | Tarball installations (6.8):
```
installation_dir/bin/dse cassandra
```
Verify that the upgraded datacenter names match the datacenter names in the keyspace schema definition:
- Get the node's datacenter name:
```
nodetool status | grep "Datacenter"
Datacenter: datacenter-name
```
- Verify that the node's datacenter name matches the datacenter name for a keyspace:
```
cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'datacenter-name': '3'};
```
Review the logs for warnings, errors, and exceptions:
```
grep -w 'WARNING\|ERROR\|exception' /var/log/cassandra/*.log
```
Warnings, errors, and exceptions are frequently found in the logs when starting an upgraded node. Some of these log entries are informational to help you execute specific upgrade-related steps. If you find unexpected warnings, errors, or exceptions, contact DataStax Support.
Tip: Non standard log locations are configured in dse-env.sh.
Repeat the upgrade process on each node in the cluster following the recommended order.
After the entire cluster upgrade is complete: upgrade the SSTables on one node at a time or, when using racks, one rack at a time.
Warning: Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage and possible data loss. Upgrading is not complete until the SSTables are upgraded.
```
nodetool upgradesstables
```
Tip: Use the --jobs option to set the number of SSTables that upgrade simultaneously. The default setting is 2, which minimizes impact on the cluster. Set to 0 to use all available compaction threads. DataStax recommends running the upgradesstables command on one node at a time or when using racks, one rack at a time.

Important: You can run the upgradesstables command before all the nodes are upgraded as long as you run the command on only one node at a time or when using racks, one rack at a time. Running upgradesstables on too many nodes at once will degrade performance.

General post upgrade steps

After all nodes are upgraded:

If you use the OpsCenter Repair Service, turn on the Repair Service (6.7) | turn on the Repair Service (6.8).
If you encounter serialization-header errors, stop the node and repair them using the sstablescrub -e option:
```
sstablescrub -e fix-only keyspace table
```
For more details on serialization-header errors and repairs, see DSE 5.0 SSTables with UDTs corrupted after upgrading to DSE 5.1, 6.0, or 6.7
DSE 6.7 introduces, and enables by default, the DSE Metrics Collector, a diagnostics information aggregator used to help facilitate DSE problem resolution. For more information on the DSE Metrics Collector, or to disable metrics collection, see DataStax Enterprise Metrics Collector (6.7) | DataStax Enterprise Metrics Collector (6.8).
Spark Jobserver uses DSE custom version 8.0.4.45. Ensure that applications use the compatible Spark Jobserver API from the DataStax repository.

Locking DSE package versions

If you have upgraded a DSE package installation, you can prevent future unintended upgrades.

RHEL yum installations

To hold a package at the current version:

Install yum-versionlock (one-time operation):
```
sudo yum install yum-versionlock
```
Lock the current DSE version:
```
sudo yum versionlock dse-*
```

To clear the version lock and enable upgrades:

sudo yum versionlock clear

For details on the versionlock command, see http://man7.org/linux/man-pages/man1/yum-versionlock.1.html.

Debian apt-get installations

To hold a package at the current version:

sudo apt-mark hold dse-*

To remove the version hold:

sudo apt-mark unhold dse-*

For details on the apt-mark command, see http://manpages.ubuntu.com/manpages/bionic/man8/apt-mark.8.html.