Troubleshooting Cassandra

Troubleshooting DataStax Enterprise (DSE) Cassandra for Vulnerability Assessment (VA).

Troubleshooting data refresh issues

Issue

A new table or data is added or changed to the Cassandra database but is not reflected in the VA assessment results. You get an error in your test result or the datasource connection fails after the change is made.

Example: [DataDirect][Cassandra JDBC Driver][Cassandra]The server failed to respond to the connection request. Please verify the host and port specified. The non-thrift based Cassandra client port should be used, which on default Cassandra installs is 9042.

Possible cause

The local DataDirect Cassandra JDBC driver schema map file is corrupted or not up-to-date.

Description

To support SQL access to a noSQL Cassandra database, the DataDirect driver maps the Cassandra data model to a relational schema. The schema map files are saved in the location that is specified by the SchemaMap connection property. The driver looks for this file when it connects to the server. If the file does not exist, the driver creates one.

For Guardium, the SchemaMap is set to /var/log/guard/db_driver/datastax/ <IP address>.config on the Guardium system.

Solution
  1. In the Datasource Definition screen, set the Connection Property to CreateMap=forceNew.

    When CreateMap is set to forceNew, the driver deletes the group of internal files that are specified by SchemaMap and creates a new group of these files at the same location. These internal files are required for a relational view of the native data, but they do not include schema map configuration file.

    Guardium also runs the SQL extension refresh map when the CreateMap is set to forceNew. The refresh map statement adds newly discovered objects to your relational view of native data. It also incorporates configuration changes that are made to your relational view by reloading the schema map configuration file.

  2. Test the connection to ensure that it is successful.
  3. Remove the CreateMap=forceNew from your datasource connection property.
    Note: This property forces the rebuild of internal files and involves the discovery of native data. If the size of your database is large, the schema maps can take time to build causing performance issues.
  4. Save the datasource and run the assessment again.

Troubleshooting consistency level issues

Issue
The error Cassandra code 4096 - Cannot achieve consistency level quorum appears in assessment report for some of the VA tests.
Possible causes
  • Replication factors are not configured correctly for DSE security in production environments.
  • Not all nodes in the cluster are up.
Solutions
Solution 1
  1. Ensure that all nodes in the clusters are up and running.
  2. Configure replication factors by changing the replication class to NetworkTopologyStrategy. Set the replication factor in the range 3 - 5 for the following security keyspaces. Do not set the replication factor greater than the number of nodes in the data center.
    • system_auth
    • dse_security
  3. Run nodetool repair on the security keyspaces to repair the keyspace on all nodes to sync with each other. For more information, see the DSE administrator guide on the DataStax web page.
    • nodetool repair --full system_auth
    • nodetool repair --full dse_security
  4. Run the assessment again.
Solution 2
  1. In the Datasource Definition screen, set the Connection Property to ReadConsistency=one.

    When ReadConsistency is set to one, data is returned from the closest replica.

  2. Save the datasource and run the assessment again.