Upgrading DataStax Enterprise 6.7 to 6.8

Instructions for upgrading DSE 6.7 to 6.8.

DataStax Enterprise and Apache Cassandra™ configuration files


Configuration file	Installer-Services and package installations	Installer-No Services and tarball installations
DataStax Enterprise configuration files
dse	/etc/default/dse (systemd) or /etc/init.d/ (SystemV)	N/A. Node type is set via command line flags.
byoh-env.sh	/etc/dse/byoh-env.sh	`install_location`/bin/byoh-env.sh
dse.yaml	/etc/dse/dse.yaml	`install_location`/resources/dse/conf/dse.yaml
logback.xml	/etc/dse/cassandra/logback.xml	`install_location`/resources/logback.xml
spark-env.sh	/etc/dse/spark/spark-env.sh	`install_location`/resources/spark/conf/spark-env.sh
spark-defaults.conf	/etc/dse/spark/spark-defaults.conf	`install_location`/resources/spark/conf/spark-defaults.conf
Cassandra configuration files
cassandra.yaml	/etc/dse/cassandra/cassandra.yaml	`install_location`/conf/cassandra.yaml
cassandra.in.sh	/usr/share/cassandra/cassandra.in.sh	`install_location`/bin/cassandra.in.sh
cassandra-env.sh	/etc/dse/cassandra/cassandra-env.sh	`install_location`/conf/cassandra-env.sh
cassandra-rackdc.properties	/etc/dse/cassandra/cassandra-rackdc.properties	`install_location`/conf/cassandra-rackdc.properties
cassandra-topology.properties	/etc/dse/cassandra/cassandra-topology.properties	`install_location`/conf/cassandra-topology.properties
jmxremote.password	/etc/cassandra/jmxremote.password	`install_location`/conf/jmxremote.password
Tomcat server configuration file
server.xml	/etc/dse/resources/tomcat/conf/server.xml	`install_location`/resources/tomcat/conf/server.xml

dse-env.sh

The default location of the dse-env.sh file depends on the type of installation:

Package installations	/etc/dse/dse-env.sh
Tarball installations	`installation_location`/bin/dse-env.sh


OpsCenter version	DSE version
6.8	6.8, 6.7, 6.0, 5.1
6.7	6.7, 6.0, 5.1
6.5	6.0, 5.1, 5.0 (EOL)
6.1	5.1, 5.0 (EOL), 4.8 (EOSL)
6.0	5.0 (EOL), 4.8 (EOSL), 4.7 (EOSL)

DataStax driver changes

DataStax drivers come in two types:

DataStax drivers for DataStax Enterprise — for use by DSE 4.8 and later
DataStax drivers for Apache Cassandra™ — for use by Apache Cassandra™ and DSE 4.7 and earlier

Note: While the DataStax drivers for Apache Cassandra drivers can connect to DSE 5.0 and later clusters, DataStax strongly recommends upgrading to the DSE drivers. The DSE drivers provide functionality for all DataStax Enterprise features.

Upgrade order

Upgrade nodes in this order:

In multiple datacenter clusters, upgrade every node in one datacenter before upgrading another datacenter.
Upgrade the seed nodes within a datacenter first.
Upgrade nodes in this order:
1. DSE Analytics datacenters
2. Transactional/DSE Graph datacenters
3. DSE Search datacenters

The upgrade process for DataStax Enterprise provides minimal downtime (ideally zero). During this process, upgrade and restart one node at a time while other nodes continue to operate online. With a few exceptions, the cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

Tip: DataStax is offering a complimentary half-day Upgrade Assessment. This assessment is a DataStax Services engagement designed to assess the upgrade compatibility of your existing DSE deployment to later DSE versions, including 5.1, 6.0, 6.7, and 6.8. Contact the DataStax Services team to schedule your assessment.

Attention: Read and understand these instructions before upgrading. Carefully reviewing the planning and upgrade instructions can prevent errors and data loss. In addition, review the DSE 6.7 or DSE 6.8 release notes for all changes before upgrading.

Back up your existing installation

Warning: DataStax recommends backing up your data prior to any version upgrade.

A backup provides the ability to revert and restore all the data used in the previous version if necessary. For manual backup instructions, see Backing up and restoring DSE.

Tip: OpsCenter provides a Backup Service that manages enterprise-wide backup and restore operations for DataStax Enterprise clusters and is highly recommended over any manual backup procedure. Ensure you use a compatible version of OpsCenter for your DSE version.

Upgrade SSTables

Warning: Be certain to upgrade SSTables on your nodes both before and after upgrading. Failure to upgrade SSTables will result in severe performance penalties and possible data loss.

Version specific notes

Important: DSE Search changes: As of DSE 6.8.0, unbounded facet searches are no longer allowed using facet.limit=-1. The maximum facet limit value is 20,000 as set by solr.max.facet.limit.size. While the facet limit size can be overriden using -Dsolr.max.facet.limit.size in jvm[ 8 | 11 ]-server.options, depending upon your JVM version, it is not recommended.

Upgrade restrictions and limitations

Restrictions and limitations apply while a cluster is in a partially upgraded state. The cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

General restrictions

Do not enable new features.
Ensure OpsCenter compatibility. See the compatibility table.
Do not run nodetool repair.
Stop the OpsCenter Repair Service if enabled: 6.5 | 6.7 | 6.8.
During the upgrade, do not bootstrap new nodes or decommission existing nodes.
Do not issue TRUNCATE or DDL related queries during the upgrade process.
Do not alter schemas for any workloads.
Complete the cluster-wide upgrade before the expiration of gc_grace_seconds (approximately 13 days) to ensure any repairs complete successfully.
If the DSE Performance Service was disabled before the upgrade, do not enable it during the upgrade. See DSE Performance Service: 6.7 | 6.0 | 5.1 | 5.0 | OpsCenter 6.8 | OpsCenter 6.7 | OpsCenter 6.5.

Note: Nodes on different versions might show a schema disagreement during an upgrade.

Restrictions for nodes using security

Do not change security credentials or permissions until the upgrade is complete on all nodes.
If you are not already using Kerberos, do not set up Kerberos authentication before upgrading. First upgrade the cluster, and then set up Kerberos.

Restrictions for DSE Advanced Replication nodes

Upgrades are supported only for DSE Advanced Replication V2.

Driver version impacts

Be sure to check driver compatibility. Depending on the driver version, you might need to recompile your client application code. See DataStax driver changes.

During upgrades, you might experience driver-specific impact when clusters have mixed versions of drivers. If your cluster has mixed versions, the protocol version is negotiated with the first host to which the driver connects, although certain drivers, such as Java 4.x/2.x automatically select a protocol version that works across nodes. To avoid driver version incompatibility during upgrades, use one of these workarounds:

Protocol version: Set the protocol version explicitly in your application at start up. Switch to the Java driver to the new protocol version only after the upgrade is complete on all nodes in the cluster.
Initial contact points: Ensure that the list of initial contact points contains only hosts with the oldest DSE version or protocol version. For example, the initial contact points contain only protocol version 2.

For details on protocol version negotiation, see protocol versions with mixed clusters in the Java driver version you're using, for example, Java driver.

Attention: Starting January 2020, you can use the same DataStax driver for Apache Cassandra™ (OSS), DataStax Enterprise, and DataStax Distribution of Apache Cassandra™ (DDAC). DataStax has unified drivers to avoid user confusion and enhance the OSS drivers with some of the features in the DSE drivers. For more information, see the Better Drivers for Cassandra™ blog.

Preparing to upgrade

Follow these steps to prepare each node for the upgrade:

Note: These steps are performed in your current version and use DSE 6.0 documentation.

Upgrade to the latest patch release on your current version. Fixes included in the latest patch release can simplify the upgrade process.
Get the current DSE version:
```
bin/dse -v
current_dse_version
```
Familiarize yourself with the changes and features in the new release:
- DataStax Enterprise 6.8 release notes.
- General upgrading advice for any version. Be sure to read 6.8 NEWS.txt all the way back to your current version.
- DataStax Enterprise changes in 6.8 CHANGES.txt.
- DataStax driver changes.
Before upgrading, be sure that each node has adequate free disk space.
Determine current DSE data disk space usage:
```
sudo du -sh /var/lib/cassandra/data/
3.9G	/var/lib/cassandra/data/
```
Determine available disk space:
```
sudo df -hT /
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4   59G   16G   41G  28% /
```
Important: The required space depends on the compaction strategy. See Disk space
Upgrade the SSTables on each node to ensure that all SSTables are on the current version:
```
nodetool upgradesstables
```
Warning: Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage.

Tip: Use the --jobs option to set the number of SSTables that upgrade simultaneously. The default setting is 2, which minimizes impact on the cluster. Set to 0 to use all available compaction threads. DataStax recommends running the upgradesstables command on one node at a time or when using racks, one rack at a time.

If the SSTables are already on the current version, the command returns immediately and no action is taken.

Ensure that keyspace replication factors are correct for your environment:

cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'replication_factor': '3'}  AND durable_writes = true;

Check the keyspace replication factor for analytics keyspaces.
Check the keyspace replication factor for system_auth and dse_security keyspaces.

Verify the Java runtime version and upgrade to the recommended version.
```
java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
```
- Recommended: OpenJDK 8 (1.8.0_151 minimum)
  Note: Recommendation changed due to the end of public updates for Oracle JRE/JDK 8. See Oracle Java SE Support Roadmap.
- Supported: Oracle Java SE 8 (JRE or JDK) (1.8.0_151 minimum)
Important: Although Oracle JRE/JDK 8 is supported, DataStax does more extensive testing on OpenJDK 8.
Run nodetool repair to ensure that data on each replica is consistent with data on other nodes:
```
nodetool repair -pr
```
Back up any customized configuration files since they may be overwritten with default values during installation of the new version.
Tip: If you backed up your installation using instructions in Backing up and restoring DSE, your original configuration files are included in the archive.

Upgrade steps

Follow these steps on each node in the recommended . The upgrade process requires upgrading and restarting one node at a time.

Note: These steps are performed in your upgraded version and use DSE 6.7 or DSE 6.8 documentation depending upon your target version.

Flush the commit log of the current installation:
```
nodetool drain
```
Stop the node:
- Package installations:
```
sudo service dse stop
```
- Tarball installations:
```
installation_dir/bin/dse cassandra-stop
```
Use the appropriate method to install the new product version on a supported platform:
To configure the new version:
1. Compare changes in the new configuration files with the backup configuration files after the upgrade but before restarting, remove deprecated settings, and update any new settings if required.
  
  Warning: Do not simply replace new configuration files with old. Rather compare your old files to the new files and make any required changes.
  Tip: Use the DSE yaml_diff tool to compare backup YAML files with the upgraded YAML files:
```
cd /usr/share/dse/tools/yamls
```
```
./yaml_diff path/to/yaml-file-old path/to/yaml-file-new
...
 CHANGES 
=========
authenticator:
- AllowAllAuthenticator
+ com.datastax.bdp.cassandra.auth.DseAuthenticator

authorizer:
- AllowAllAuthorizer
+ com.datastax.bdp.cassandra.auth.DseAuthorizer

roles_validity_in_ms:
- 2000
+ 120000
...
```
  cassandra.yaml changes
  
  Internode encryption settings
  Important: For security reasons, DSE 6.8 only allows the TLS encryption option protocol:
```
server_encryption_options:
    ...
    protocol: TLS
```
  See https://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html#newft for details.
  Client encryption settings
  Important: For security reasons, DSE 6.8 only allows the TLS encryption option protocol:
```
client_encryption_options:
    ...
    protocol: TLS
```
  See https://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html#newft for details.
Start the node.
- Package installations:
```
sudo service dse start
```
- Tarball installations:
```
installation_dir/bin/dse cassandra
```
Verify that the upgraded datacenter names match the datacenter names in the keyspace schema definition:
- Get the node's datacenter name:
```
nodetool status | grep "Datacenter"
Datacenter: datacenter-name
```
- Verify that the node's datacenter name matches the datacenter name for a keyspace:
```
cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'datacenter-name': '3'};
```
Review the logs for warnings, errors, and exceptions:
```
grep -w 'WARNING\|ERROR\|exception' /var/log/cassandra/*.log
```
Warnings, errors, and exceptions are frequently found in the logs when starting an upgraded node. Some of these log entries are informational to help you execute specific upgrade-related steps. If you find unexpected warnings, errors, or exceptions, contact DataStax Support.
Tip: Non standard log locations are configured in dse-env.sh.
Repeat the upgrade process on each node in the cluster following the recommended order.
After the entire cluster upgrade is complete: upgrade the SSTables on one node at a time or, when using racks, one rack at a time.
Warning: Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage and possible data loss. Upgrading is not complete until the SSTables are upgraded.
```
nodetool upgradesstables
```
Tip: Use the --jobs option to set the number of SSTables that upgrade simultaneously. The default setting is 2, which minimizes impact on the cluster. Set to 0 to use all available compaction threads. DataStax recommends running the upgradesstables command on one node at a time or when using racks, one rack at a time.

Important: You can run the upgradesstables command before all the nodes are upgraded as long as you run the command on only one node at a time or when using racks, one rack at a time. Running upgradesstables on too many nodes at once will degrade performance.

General post upgrade steps

After all nodes are upgraded:

If you use the OpsCenter Repair Service, turn on the Repair Service.
DSE 6.7 introduces, and enables by default, the DSE Metrics Collector, a diagnostics information aggregator used to help facilitate DSE problem resolution. For more information on the DSE Metrics Collector, or to disable metrics collection, see DataStax Enterprise Metrics Collector.
Spark Jobserver uses DSE custom version 8.0.4.45. Ensure that applications use the compatible Spark Jobserver API from the DataStax repository.

Locking DSE package versions

If you have upgraded a DSE package installation, you can prevent future unintended upgrades.

RHEL yum installations

To hold a package at the current version:

Install yum-versionlock (one-time operation):
```
sudo yum install yum-versionlock
```
Lock the current DSE version:
```
sudo yum versionlock dse-*
```

To clear the version lock and enable upgrades:

sudo yum versionlock clear

For details on the versionlock command, see http://man7.org/linux/man-pages/man1/yum-versionlock.1.html.

Debian apt-get installations

To hold a package at the current version:

sudo apt-mark hold dse-*

To remove the version hold:

sudo apt-mark unhold dse-*

For details on the apt-mark command, see http://manpages.ubuntu.com/manpages/bionic/man8/apt-mark.8.html.