Upgrading DataStax Enterprise 6.0 to 6.7 or 6.8

The upgrade process for DataStax Enterprise (DSE) provides minimal downtime (ideally zero). During this process, upgrade and restart one node at a time while other nodes continue to operate online. With a few exceptions, the cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

Due to a serious bug which affects DSE 6.8.7 and DSE 6.8.8, DataStax recommends against upgrading to those versions at this time. If you have already upgraded to these versions, please EITHER set zerocopy_streaming_enabled=false in cassandra.yaml and perform a rolling restart, OR run upgradesstables on all nodes in your cluster before adding new nodes, running repair, or restoring from backups, or do BOTH. This bug is addressed in DSE 6.8.9.

Read and understand these instructions before upgrading. Carefully reviewing the planning and upgrade instructions can prevent errors and data loss. In addition, review the DSE 6.8 release notes for all changes before upgrading.

DSE 6.8 has a new metadata_directory property that holds information about the local node and all peers. metadata_directory keeps the same information that system.local and system.peers had.

Upgrade order

Upgrade nodes in this order:

In multiple datacenter clusters, upgrade every node in one datacenter before upgrading another datacenter.
Upgrade the seed nodes within a datacenter first.
DSE Analytics datacenters
1. For DSE Analytics nodes using DSE Hadoop, upgrade the Job Tracker node first. Then upgrade Hadoop nodes, followed by Spark nodes.
Transactional/DSE Graph datacenters
DSE Search nodes or datacenters

Back up your Existing Installation

DataStax recommends backing up your data prior to any version upgrade.

A backup provides the ability to revert and restore all the data used in the previous version if necessary. For manual backup instructions, see Backing up and restoring DSE.

OpsCenter provides a Backup Service that manages enterprise-wide backup and restore operations for DataStax Enterprise clusters and is highly recommended over any manual backup procedure. Ensure you use a compatible version of OpsCenter for your DSE version.

Upgrade SSTables

Be certain to upgrade SSTables on your nodes both before and after upgrading. Failure to upgrade SSTables results in severe performance penalties and possible data loss.

Version-Specific Notes

DSE Search changes: As of DSE 6.7.5, unbounded facet searches are no longer allowed using facet.limit=-1. The maximum facet limit value is 20,000 as set by solr.max.facet.limit.size. While the facet limit size can be overriden using -Dsolr.max.facet.limit.size in jvm.options, or jvm[ 8 | 11 ]-server.options, depending upon your JVM version, if you are upgrading to DSE 6.8, it is not recommended.

DSE Search changes: As of DSE 6.7.7 and later, the Solr timeAllowed parameter is enabled by default to prevent long running shard queries, such as complex facets and Boolean queries, from using system resources after they have timed out from the DSE Search coordinator. For details, see Limiting queries by time.

DSE Search changes: As of DSE 6.8.0, unbounded facet searches are no longer allowed using facet.limit=-1. The maximum facet limit value is 20,000 as set by solr.max.facet.limit.size. While the facet limit size can be overriden using -Dsolr.max.facet.limit.size in jvm[ 8 | 11 ]-server.options, depending upon your JVM version, it is not recommended.

Upgrade Restrictions and Limitations

Restrictions and limitations apply while a cluster is in a partially upgraded state. The cluster continues to work as though it were on the earlier version of DataStax Enterprise until all of the nodes in the cluster are upgraded.

General Restrictions

Do not enable new features.
Ensure OpsCenter compatibility.

Compatibility

OpsCenter version DSE version

6.8

6.8, 6.7, 6.0, 5.1

6.7

DSE 6.0

6.5

6.0, 5.1, 5.0 (EOL)

6.1

5.1, 5.0, 5.0 (EOL)

6.0

5.0 (EOL), 4.8 (EOSL), 4.7 (EOSL)
Do not run nodetool repair.
Stop the OpsCenter Repair Service if enabled: 6.8.
During the upgrade, do not bootstrap new nodes or decommission existing nodes.
Do not issue TRUNCATE or DDL related queries during the upgrade process.
Do not alter schemas for any workloads.
Complete the cluster-wide upgrade before the expiration of gc_grace_seconds (default 10 days) to ensure any repairs complete successfully.
If the DSE Performance Service was disabled before the upgrade, do not enable it during the upgrade. See DSE Performance Service: 5.1 | OpsCenter 6.8.

Compatibility
OpsCenter version	DSE version
6.8	6.8, 6.7, 6.0, 5.1
6.7	DSE 6.0
6.5	6.0, 5.1, 5.0 (EOL)
6.1	5.1, 5.0, 5.0 (EOL)
6.0	5.0 (EOL), 4.8 (EOSL), 4.7 (EOSL)

Nodes on different versions might show a schema disagreement during an upgrade.

Restrictions for Nodes Using Security

Do not change security credentials or permissions until the upgrade is complete on all nodes.
If you are not already using Kerberos, do not set up Kerberos authentication before upgrading. First upgrade the cluster, and then set up Kerberos.

Restrictions for DSE Analytics Nodes

Spark versions change between major DSE versions. DSE release notes [5.x | 6.8.x] indicate which version of Spark is used.

When upgrading to a major version of DSE, all nodes in a DSE datacenter that run Spark must be on the same version of Spark and the Spark jobs must be compiled for that version. Each datacenter acting as a Spark cluster must be on the same upgraded DSE version before reinitiating Spark jobs.

In the case where Spark jobs run against Graph keyspaces, you must update all of the nodes in the cluster first to avoid Spark jobs failing.

Restrictions for DSE Advanced Replication Nodes

Upgrades are supported only for DSE Advanced Replication V2.

Driver Version Impacts

Be sure to check driver compatibility. Depending on the driver version, you might need to recompile your client application code.

DataStax drivers come in two types:

DataStax drivers for DataStax Enterprise — for use by DSE 4.8 and later

DataStax drivers for Apache Cassandra® — for use by Apache Cassandra and DSE 4.7 and earlier

While the DataStax drivers for Apache Cassandra drivers can connect to DSE 5.0 and later clusters, DataStax strongly recommends upgrading to the DSE drivers. The DSE drivers provide functionality for all DataStax Enterprise features.

During upgrades, you might experience driver-specific impact when clusters have mixed versions of drivers. If your cluster has mixed versions, the protocol version is negotiated with the first host to which the driver connects, although certain drivers, such as Java 4.x/2.x automatically select a protocol version that works across nodes. To avoid driver version incompatibility during upgrades, use one of these workarounds:

Protocol version: Set the protocol version explicitly in your application at start up. Switch to the Java driver to the new protocol version only after the upgrade is complete on all nodes in the cluster.
Initial contact points: Ensure that the list of initial contact points contains only hosts with the oldest DSE version or protocol version. For example, the initial contact points contain only protocol version 2.

For details on protocol version negotiation, see protocol versions with mixed clusters in the Java driver version you’re using, for example, Java driver.

Starting January 2020, you can use the same DataStax driver for Apache Cassandra® (OSS) and DataStax Enterprise. DataStax has unified drivers to avoid user confusion and enhance the OSS drivers with some of the features in the DSE drivers. For more information, see the Better Drivers for Cassandra blog.

Preparing to Upgrade

Follow these steps to prepare each node for the upgrade:

These steps are performed in your current version and use DSE 6.0 documentation.

Upgrade to the latest patch release on your current version. Fixes included in the latest patch release can simplify the upgrade process.

Get the current DSE version:
```
bin/dse -v
current_dse_version
```

Familiarize yourself with the changes and features in the new release:

DataStax Enterprise 6.8 release notes.
General upgrading advice for any version. Be sure to read 6.8 NEWS.txt all the way back to your current version.
DataStax Enterprise changes in 6.8 CHANGES.txt.

DataStax driver changes.

DataStax drivers come in two types:

DataStax drivers for DataStax Enterprise — for use by DSE 4.8 and later

DataStax drivers for Apache Cassandra — for use by Apache Cassandra and DSE 4.7 and earlier

Before upgrading, be sure that each node has adequate free disk space.

Determine current DSE data disk space usage:
```
sudo du -sh /var/lib/cassandra/data/
3.9G	/var/lib/cassandra/data/
```
Determine available disk space:
```
sudo df -hT /
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4   59G   16G   41G  28% /
```
The required space depends on the compaction strategy. See Disk space.
Replace ITriggers and custom interfaces.

All custom implementations, including the following interfaces, must be replaced with supported implementations when upgrading to DSE 6.x:
- The org.apache.cassandra.triggers.ITrigger interface was modified from augment to augmentNonBlocking for non-blocking internal architecture. Updated trigger implementations must be provided on upgraded nodes. If unsure, drop all existing triggers before upgrading. To check for existing triggers:
  SELECT * FROM system_schema.triggers;
  DROP TRIGGER trigger_name ON keyspace_name.table_name;
- The org.apache.cassandra.index.Index interface was modified to comply with the core storage engine changes. Updated implementations are required. If unsure, drop all existing custom secondary indexes before upgrading, except DSE Search indexes, which do not need to be replaced. To check for existing indexes:
  SELECT * FROM system_schema.indexes;
  DROP INDEX index_name;
- The org.apache.cassandra.cql3.QueryHandler, org.apache.cassandra.db.commitlog.CommitLogReadHandler, and other extension points have been changed. See QueryHandlers.
  
  For help contact the DataStax Support team.

Support for Thrift-compatible tables (COMPACT STORAGE) is dropped. Before upgrading, migrate all non-system tables that have COMPACT STORAGE to CQL table format:

cqlsh -e 'DESCRIBE FULL SCHEMA;' > schema_file

cat schema_file | while read -d $';\n' line ; do
  if echo "$line"|grep 'COMPACT STORAGE' 2>&1 > /dev/null ; then
    TBL="`echo $line|sed -e 's|^CREATE TABLE \([^ ]*\) .*$|\1|'`"
    if echo "$TBL"|egrep -v '^system' 2>&1 > /dev/null; then
      echo "ALTER TABLE $TBL DROP COMPACT STORAGE;" >> schema-drop-list
    fi
  fi
done

cqlsh -f schema-drop-list

The script above dumps the complete DSE schema to schema_file, uses grep to find lines containing COMPACT STORAGE, and then writes only those table names to schema-drop-list along with the required ALTER TABLE commands. The schema-drop-list file is then read by cqlsh which runs the ALTER TABLE commands contained therein.

DSE will not start if tables using COMPACT STORAGE are present.

Upgrade the SSTables on each node to ensure that all SSTables are on the current version:

nodetool upgradesstables

Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage.

Use the --jobs option to set the number of SSTables that upgrade simultaneously. The default setting is 2, which minimizes impact on the cluster. Set to 0 to use all available compaction threads. DataStax recommends running the upgradesstables command on one node at a time or, when using racks, one rack at a time.

If the SSTables are already on the current version, the command returns immediately and no action is taken.

Ensure that keyspace replication factors are correct for your environment:
```
cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'replication_factor': '3'}  AND durable_writes = true;
```
- Check the keyspace replication factor for analytics keyspaces (6.8).
- Check the keyspace replication factor for system_auth and dse_security (6.8) keyspaces.
Verify the Java runtime version and upgrade to the recommended version.
```
java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
```
- Recommended: OpenJDK 8 (1.8.0_151 minimum)
  
  Recommendation changed due to the end of public updates for Oracle JRE/JDK 8. See Oracle Java SE Support Roadmap.
- Supported: Oracle Java SE 8 (JRE or JDK) (1.8.0_151 minimum)
  
  Although Oracle JRE/JDK 8 is supported, DataStax does more extensive testing on OpenJDK 8.
Run nodetool repair to ensure that data on each replica is consistent with data on other nodes:
```
nodetool repair -pr
```
Install the libaio package for optimal performance.

RHEL platforms:
```
sudo yum install libaio
```
Debian:
```
sudo apt-get install libaio1
```
Back up any customized configuration files because they may be overwritten with default values during installation of the new version.

If you backed up your installation using instructions in Backing up and restoring DSE, your original configuration files are included in the archive.

Upgrade Steps

Follow these steps on each node in the recommended order. The upgrade process requires upgrading and restarting one node at a time.

These steps are performed in your upgraded version and use DSE 6.7 or DSE 6.8 documentation depending upon your target version.

Flush the commit log of the current installation:
```
nodetool drain
```

Stop the node:

Package installations:
```
sudo service dse stop
```
Tarball installations:
```
installation_dir/bin/dse cassandra-stop
```

Use the appropriate method to install the new product version on a supported platform:
- Package installer using YUM (6.8)
- Package installer using APT (6.8)
- Binary tarball installer (6.8)
  
  Install the new product version using the same installation type that is on the system, otherwise problems might result.

To configure the new version:

Compare changes in the new configuration files with the backup configuration files after the upgrade but before restarting, remove deprecated settings, and update any new settings if required.

You must use the new configuration files that are generated from the upgrade installation. Copy any parameters needed from your old configuration files into these new files.

Do not replace the newly-generated configuration files with the old files.

Use the DSE yaml_diff tool (6.7) | yaml_diff tool (6.8) to compare backup YAML files with the upgraded YAML files:

cd /usr/share/dse/tools/yamls

./yaml_diff path/to/yaml-file-old path/to/yaml-file-new
...
 CHANGES
=========
authenticator:
- AllowAllAuthenticator
+ com.datastax.bdp.cassandra.auth.DseAuthenticator

authorizer:
- AllowAllAuthorizer
+ com.datastax.bdp.cassandra.auth.DseAuthorizer

roles_validity_in_ms:
- 2000
+ 120000
...

cassandra.yaml changes

The location of the cassandra.yaml file depends on the type of installation:

Package installations

/etc/dse/cassandra/cassandra.yaml

Tarball installations

<installation_location>/resources/cassandra/conf/cassandra.yaml

Memtable settings Deprecated cassandra.yaml settings:

memtable_heap_space_in_mb
emtable_offheap_space_in_mb

Replacement settings:

memtable_space_in_mb

Changed setting:

memtable_allocation_type:
offheap_objects

Deprecated cassandra.yaml settings:

user_defined_function_warn_timeout
user_defined_function_fail_timeout

Replacement settings:

user_defined_function_warn_micros: 500
user_defined_function_fail_micros: 10000
user_defined_function_warn_heap_mb: 200
user_defined_function_fail_heap_mb: 500
user_function_timeout_policy: die        `

Settings are in microseconds. The new timeouts are not equivalent to the deprecated settings.

Deprecated cassandra.yaml setting:

server_encryption_options:
  store_type: JKS

Replacement settings:

server_encryption_options:
  keystore_type: JKS
  truststore_type: JKS        `

Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for keystore_type, and JKS, JCEKS, or PKCS12 for truststore_type.

For security reasons, DSE 6.8 only allows the TLS encryption option protocol:

    server_encryption_options:
        ...
        protocol: TLS

See Oracle’s 8u31 Update Release Notes - New Features and Changes for details.

Deprecated cassandra.yaml setting:

client_encryption_options:
store_type: JKS

Replacement settings:

client_encryption_options:
  keystore_type: JKS
  truststore_type: JKS

Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for keystore_type, and JKS, JCEKS, or PKCS12 for truststore_type.

For security reasons, DSE 6.8 only allows the TLS encryption option protocol:

    client_encryption_options:
        ...
        protocol: TLS

See Oracle’s 8u31 Update Release Notes - New Features and Changes for details.

dse.yaml changes

Spark resource and encryption options

Deprecated dse.yaml setting:

spark_ui_options:
server_encryption_options:
store_type: JKS

Replacement settings:

spark_ui_options_options:
server_encrption_options:
  keystore_type: JKS
  truststore_type: JKS

Valid type options are JKS, JCEKS, PKCS11, or PKCS12 for keystore_type, and JKS, JCEKS, or PKCS12 for truststore_type.

When upgrading DSE to versions earlier than 5.1.16, 6.0.8, or 6.7.4 inclusive, if any tables are using DSE Tiered Storage, remove all txn_compaction log files from second-level tiers and lower. For example, given the following dse.yaml configuration, remove txn_compaction log files from /mnt2 and /mnt3 directories:
```
tiered_storage_options:
    strategy1:
        tiers:
            - paths:
                - /mnt1
            - paths:
                - /mnt2
            - paths:
                - /mnt3
```
The following example removes the files using the find command:
```
find /mnt2 -name "*_txn_compaction_*.log" -type f -delete &&
find /mnt3 -name "*_txn_compaction_*.log" -type f -delete
```
Failure to complete this step may result in data loss.
Remove any previously installed JTS JAR files from the CLASSPATHS in your DSE installation. JTS (Java Topology Suite) is distributed with DSE 6.7.
Start the node.
- Package installations (6.8):
  sudo service dse start
- Tarball installations (6.8):
  installation_dir/bin/dse cassandra

Verify that the upgraded datacenter names match the datacenter names in the keyspace schema definition:

Get the node’s datacenter name:

nodetool status | grep "Datacenter"
Datacenter: datacenter-name

Verify that the node’s datacenter name matches the datacenter name for a keyspace:

cqlsh --execute "DESCRIBE KEYSPACE keyspace-name;" | grep "replication"
CREATE KEYSPACE keyspace-name WITH replication = {'class': 'NetworkTopologyStrategy, 'datacenter-name': '3'};

Review the logs for warnings, errors, and exceptions:
```
grep -w 'WARNING\|ERROR\|exception' /var/log/cassandra/*.log
```
Warnings, errors, and exceptions are frequently found in the logs when starting an upgraded node. Some of these log entries are informational to help you execute specific upgrade-related steps. If you find unexpected warnings, errors, or exceptions, contact DataStax Support.

Non-standard log locations are configured in dse-env.sh.
Repeat the upgrade process on each node in the cluster following the recommended order.

After the entire cluster upgrade is complete: upgrade the SSTables on one node at a time or, when using racks, one rack at a time.

Failure to upgrade SSTables when required results in a significant performance impact and increased disk usage and possible data loss. Upgrading is not complete until the SSTables are upgraded.

nodetool upgradesstables

You can run the upgradesstables command before all the nodes are upgraded as long as you run the command on only one node at a time or, when using racks, one rack at a time. Running upgradesstables on too many nodes at once degrades performance.

General Post-Upgrade Steps

After all nodes are upgraded:

If you use the OpsCenter Repair Service, turn on the Repair Service (6.8).
If you encounter serialization-header errors, stop the node and repair them using the sstablescrub -e option:
```
sstablescrub -e fix-only keyspace table
```
For more details on serialization-header errors and repairs, see DSE 5.0 SSTables with UDTs corrupted after upgrading to DSE 5.1, 6.0, or 6.7.
DSE 6.7 introduces, and enables by default, the DSE Metrics Collector, a diagnostics information aggregator used to help facilitate DSE problem resolution. For more information on the DSE Metrics Collector, or to disable metrics collection, see DataStax Enterprise Metrics Collector (6.8).
Spark Jobserver uses DSE custom version 8.0.4.45. Ensure that applications use the compatible Spark Jobserver API from the DataStax repository.

Locking DSE Package Versions

If you have upgraded a DSE package installation, then you can prevent future unintended upgrades.

RHEL yum installations

To hold a package at the current version:

Install yum-versionlock (one-time operation):
```
sudo yum install yum-versionlock
```
Lock the current DSE version:
```
sudo yum versionlock dse-*
```

To clear the version lock and enable upgrades:

sudo yum versionlock clear

For details, see the versionlock command.

Debian apt-get installations

To hold a package at the current version:

sudo apt-mark hold dse-*

To remove the version hold:

sudo apt-mark unhold dse-*

For details, see the apt-mark command.

Upgrading DataStax Enterprise 6.0 to 6.7 or 6.8

Upgrade order

Back up your Existing Installation

Upgrade SSTables

Version-Specific Notes

Upgrade Restrictions and Limitations

General Restrictions

Restrictions for Nodes Using Security

Restrictions for DSE Analytics Nodes

Restrictions for DSE Advanced Replication Nodes

Driver Version Impacts

Preparing to Upgrade

Upgrade Steps

General Post-Upgrade Steps

Locking DSE Package Versions

Was this helpful?

Give Feedback