From 31666dd7db669d098befe837d0cb41f996e20ae8 Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Tue, 3 Aug 2021 01:11:01 +0200 Subject: [PATCH 1/6] Add an Apache Cassandra egg --- database/nosql/cassandra/README.md | 56 +++++++++++++++++ .../nosql/cassandra/egg-apache-cassandra.json | 60 +++++++++++++++++++ database/nosql/cassandra/start.sh | 35 +++++++++++ 3 files changed, 151 insertions(+) create mode 100644 database/nosql/cassandra/README.md create mode 100644 database/nosql/cassandra/egg-apache-cassandra.json create mode 100644 database/nosql/cassandra/start.sh diff --git a/database/nosql/cassandra/README.md b/database/nosql/cassandra/README.md new file mode 100644 index 00000000..15b9309a --- /dev/null +++ b/database/nosql/cassandra/README.md @@ -0,0 +1,56 @@ +# Apache Cassandra + +### From the [Apache Cassandra](https://cassandra.apache.org/) website +Apache Cassandra is an open source NoSQL distributed database trusted by thousands of companies for scalability and high availability without compromising performance. +Linear scalability and proven fault-tolerance on commodity hardware or cloud infrastructure make it the perfect platform for mission-critical data. + +### Installation +Follow the common egg installation guide to install the egg on your Pterodactyl instance. +You have to specifiy the Cassandra version to install using the "Cassandra Version" variable. +By default, version 4.0.0 will be installed. + +The version to install has to be available on the mirrors.ae-online.de mirror - which is one of the official mirrors. + +You can choose between a Java 11/Python 3 (Cassandra >= 4.0.0) and Java 8/Python 2 (Cassandra < 4.0.0) image + +### Security + +#### Authentication +The automated configuration of the egg won't allow disable authentication for Cassandra. + +The default credentials are: + - Username: cassandra + - Password: cassandra + +The first thing you should do after the first start is changing this password or creating an entirely new user +while removing the default one. Especially if your instance is exposed to the internet! +Don't forget to update the login credentials for the default user in the eggs variables after changing them +for the server to work properly! + +**Not changing the password right after the first startup is a big security flaw!** + +Example command you can enter into the Pterodactyl console after CQLSH is connected to change the password: +``` +ALTER USER cassandra WITH PASSWORD 'SomePasswordYouShouldSpecifyOnYourOwn!'; +``` + +#### Inernet Access +Cassandra recommends to not expose the service to the internet. +Therefore, it is recommended to run this egg in an internal network or behind a firewall, +that is properly configured to restrict access to the service from outside of your network. +Note that Docker bypasses IPTables (and because of this also UFW) by default and needs additional configuration! + +If you still want to expose the Cassandra service to the internet, configure Cassandra to use an encrypted connection! + +### Update support +The egg _should_ keep the `conf` and `data` folder when reinstalling, to prevent destroying the configuration by accident. + +If you want to reset the server completly, remove the `conf` and `data` directory manually before reinstalling. + +### Server Ports + +Ports required to run the server in a table format. + +| Port | default | +| ----------------------------- | ------- | +| Cassandra CQL Native Tansport | 9042 | diff --git a/database/nosql/cassandra/egg-apache-cassandra.json b/database/nosql/cassandra/egg-apache-cassandra.json new file mode 100644 index 00000000..db47ed72 --- /dev/null +++ b/database/nosql/cassandra/egg-apache-cassandra.json @@ -0,0 +1,60 @@ +{ + "_comment": "DO NOT EDIT: FILE GENERATED AUTOMATICALLY BY PTERODACTYL PANEL - PTERODACTYL.IO", + "meta": { + "version": "PTDL_v1", + "update_url": null + }, + "exported_at": "2021-08-03T21:09:15+02:00", + "name": "Apache Cassandra", + "author": "p.zarrad@outlook.de", + "description": "Apache Cassandra is an open source NoSQL distributed database trusted by thousands of companies for scalability and high availability without compromising performance. Linear scalability and proven fault-tolerance on commodity hardware or cloud infrastructure make it the perfect platform for mission-critical data.", + "features": null, + "images": [ + "ghcr.io\/parkervcp\/yolks:cassandra_java11_python3", + "ghcr.io\/parkervcp\/yolks:cassandra_java8_python2" + ], + "file_denylist": [], + "startup": "nohup .\/bin\/cassandra -R -p \/home\/container\/cassandra.pid -f &\r\n while ! .\/bin\/cqlsh -e 'describe cluster' 127.0.0.1 $SERVER_PORT; do\r\n \tsleep 10;\r\ndone\r\n.\/bin\/cqlsh -t 127.0.0.1 $SERVER_PORT", + "config": { + "files": "{\r\n \"conf\/jvm-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/jvm11-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/jvm8-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/cassandra.yaml\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"native_transport_port\": \"native_transport_port: {{server.build.default.port}}\",\r\n \"# rpc_address\": \"rpc_address: 0.0.0.0\",\r\n \"rpc_address\": \"rpc_address: 0.0.0.0\",\r\n \"# broadcast_rpc_address\": \"broadcast_rpc_address: {{server.build.default.ip}}\",\r\n \"broadcast_rpc_address\": \"broadcast_rpc_address: {{server.build.default.ip}}\",\r\n \"authenticator: AllowAllAuthenticator\": \"authenticator: PasswordAuthenticator\",\r\n \"authorizer: AllowAllAuthorizer\": \"authorizer: CassandraAuthorizer\"\r\n }\r\n }\r\n}", + "startup": "{\r\n \"done\": \"Connected to\"\r\n}", + "logs": "{}", + "stop": "EXIT;" + }, + "scripts": { + "installation": { + "script": "#!\/bin\/sh\r\n# Switch to mounted directory\r\ncd \/mnt\/server\r\n# Cleanup previous install if available\r\nfind . -maxdepth 1 ! -name \"conf\" ! -name \"data\" ! -name . -exec rm -rf {} \\;\r\nif [ -d \"conf\" ]; then mv conf conf.bak; fi\r\n# Download and extract Cassandra\r\ncurl -L https:\/\/mirrors.ae-online.de\/apache\/cassandra\/${CASSANDRA_VERSION}\/apache-cassandra-${CASSANDRA_VERSION}-bin.tar.gz --output cassandra.tar.gz\r\ntar -zxvf cassandra.tar.gz\r\nmv -n apache-cassandra-*\/* .\/\r\nrm -rf cassandra.tar.gz apache-cassandra*\r\n# Create startup script\r\ncurl -L https:\/\/raw.githubusercontent.com\/parkervcp\/eggs\/master\/database\/nosql\/cassandra\/start.sh --output start.sh\r\nchmod 755 start.sh\r\n# Restore custom config\r\nif [ -d \"conf.bak\" ]; then rm -rf conf; mv conf.bak conf; rm -rf conf.bak; fi", + "container": "ghcr.io\/pterodactyl\/installers:alpine", + "entrypoint": "ash" + } + }, + "variables": [ + { + "name": "Cassandra Version", + "description": "The version of Cassandra to install. By default the latest version is being installed.", + "env_variable": "CASSANDRA_VERSION", + "default_value": "4.0.0", + "user_viewable": true, + "user_editable": true, + "rules": "required|string|max:20" + }, + { + "name": "Cassandra Username", + "description": "The username used when connecting to the started Cassandra, to make a CQLSH available in the Pterodactyl console. This value must be set to an existing user for the egg to work properly. You can create a custom user and enter it here instead of using the default one.", + "env_variable": "CASSANDRA_USER", + "default_value": "cassandra", + "user_viewable": true, + "user_editable": true, + "rules": "required|string|max:32" + }, + { + "name": "Cassandra Password", + "description": "The password used when connecting to the started Cassandra, to make a CQLSH available in the Pterodactyl console. This value must be set to the password of the user specified using the \"Cassandra Username\" variable. It is highly recommended to change the password of the default Cassandra user right after the first start. After updating the password on the server, update this variable too for the egg to work properly!", + "env_variable": "CASSANDRA_PASSWORD", + "default_value": "cassandra", + "user_viewable": true, + "user_editable": true, + "rules": "required|string|max:128" + } + ] +} diff --git a/database/nosql/cassandra/start.sh b/database/nosql/cassandra/start.sh new file mode 100644 index 00000000..c3b3c77e --- /dev/null +++ b/database/nosql/cassandra/start.sh @@ -0,0 +1,35 @@ +#!/bin/ash +# Start Cassandra +echo "Starting Cassandra..." +./bin/cassandra -R -p cassandra.pid +# Wait for successful startup +while ! ./bin/cqlsh -u "$CASSANDRA_USER" -p "$CASSANDRA_PASSWORD" -e 'describe cluster' 127.0.0.1 $SERVER_PORT; do + echo "Still awaiting Cassandra satrtup..." + sleep 10; + if ! kill -0 $(cat cassandra.pid); then + echo "It seems Cassandra has crashed!" + exit 1 + fi +done +# Connect with CQLSH +echo "Launching CQLSH..." +if [ "$CASSANDRA_PASSWORD" = 'cassandra' ]; then + echo "" + echo "" + echo "" + echo "IMPORTANT:" + echo "YOUR CASSANDRA PASSWORD SEEMS TO BE THE DEFAULT ONE, PLEASE CHANGE IT!" + echo "" + echo "" + echo "" +fi +./bin/cqlsh -u "$CASSANDRA_USER" -p "$CASSANDRA_PASSWORD" -t 127.0.0.1 $SERVER_PORT +# Stop server when CQLSH is stopped +echo "Stopping Cassandra gracefully..." +cassandraPid=$(cat cassandra.pid) +kill $cassandraPid +while kill -0 $cassandraPid; do + echo "Still waiting for Cassandra to exit..." + sleep 5; +done +echo "Cassandra exited gracefully!" From 03eb96b5b8feb8908ebaef83a29883c7ac0c71e9 Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Tue, 3 Aug 2021 22:04:28 +0200 Subject: [PATCH 2/6] Add Cassandra to README --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 969f2d05..b11bb643 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Parkers Pterodactyl eggs repo +# Parkers Pterodactyl eggs repo I am working on adding a large collection of public eggs for the Pterodactyl community. @@ -57,6 +57,7 @@ If you are reading this it looks like you are looking to add an egg to your serv ### noSQL * [mongoDB](/database/nosql/mongodb) +* [cassandra](/database/nosql/cassandra) ### SQL Databases * [MariaDB](/database/sql/mariadb) @@ -244,4 +245,4 @@ If you are reading this it looks like you are looking to add an egg to your serv ### Grafana * [Grafana](/software/grafana) ### haste-server -* [haste-server](/software/haste-server) \ No newline at end of file +* [haste-server](/software/haste-server) From ba1a427b3d3cc564aaff2458e493cf5f55eacd45 Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Tue, 3 Aug 2021 22:13:14 +0200 Subject: [PATCH 3/6] Update startup command --- database/nosql/cassandra/egg-apache-cassandra.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/database/nosql/cassandra/egg-apache-cassandra.json b/database/nosql/cassandra/egg-apache-cassandra.json index db47ed72..614911d4 100644 --- a/database/nosql/cassandra/egg-apache-cassandra.json +++ b/database/nosql/cassandra/egg-apache-cassandra.json @@ -4,7 +4,7 @@ "version": "PTDL_v1", "update_url": null }, - "exported_at": "2021-08-03T21:09:15+02:00", + "exported_at": "2021-08-03T22:11:40+02:00", "name": "Apache Cassandra", "author": "p.zarrad@outlook.de", "description": "Apache Cassandra is an open source NoSQL distributed database trusted by thousands of companies for scalability and high availability without compromising performance. Linear scalability and proven fault-tolerance on commodity hardware or cloud infrastructure make it the perfect platform for mission-critical data.", @@ -14,7 +14,7 @@ "ghcr.io\/parkervcp\/yolks:cassandra_java8_python2" ], "file_denylist": [], - "startup": "nohup .\/bin\/cassandra -R -p \/home\/container\/cassandra.pid -f &\r\n while ! .\/bin\/cqlsh -e 'describe cluster' 127.0.0.1 $SERVER_PORT; do\r\n \tsleep 10;\r\ndone\r\n.\/bin\/cqlsh -t 127.0.0.1 $SERVER_PORT", + "startup": ".\/start.sh", "config": { "files": "{\r\n \"conf\/jvm-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/jvm11-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/jvm8-server.options\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#-Xms\": \"-Xms128M\",\r\n \"#-Xmx\": \"-Xmx{{server.build.memory}}M\"\r\n }\r\n },\r\n \"conf\/cassandra.yaml\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"native_transport_port\": \"native_transport_port: {{server.build.default.port}}\",\r\n \"# rpc_address\": \"rpc_address: 0.0.0.0\",\r\n \"rpc_address\": \"rpc_address: 0.0.0.0\",\r\n \"# broadcast_rpc_address\": \"broadcast_rpc_address: {{server.build.default.ip}}\",\r\n \"broadcast_rpc_address\": \"broadcast_rpc_address: {{server.build.default.ip}}\",\r\n \"authenticator: AllowAllAuthenticator\": \"authenticator: PasswordAuthenticator\",\r\n \"authorizer: AllowAllAuthorizer\": \"authorizer: CassandraAuthorizer\"\r\n }\r\n }\r\n}", "startup": "{\r\n \"done\": \"Connected to\"\r\n}", From af494da46e702f8b0f79ef553ea0200ac0e7e335 Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Tue, 3 Aug 2021 22:23:34 +0200 Subject: [PATCH 4/6] Fix typo --- database/nosql/cassandra/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/nosql/cassandra/README.md b/database/nosql/cassandra/README.md index 15b9309a..750eea1a 100644 --- a/database/nosql/cassandra/README.md +++ b/database/nosql/cassandra/README.md @@ -34,7 +34,7 @@ Example command you can enter into the Pterodactyl console after CQLSH is connec ALTER USER cassandra WITH PASSWORD 'SomePasswordYouShouldSpecifyOnYourOwn!'; ``` -#### Inernet Access +#### Internet Access Cassandra recommends to not expose the service to the internet. Therefore, it is recommended to run this egg in an internal network or behind a firewall, that is properly configured to restrict access to the service from outside of your network. From 9c7d1e510212393b2b6fdae00ecdc242cfa96018 Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Fri, 6 Aug 2021 14:16:36 +0200 Subject: [PATCH 5/6] Fix typo --- database/nosql/cassandra/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/nosql/cassandra/start.sh b/database/nosql/cassandra/start.sh index c3b3c77e..f0653684 100644 --- a/database/nosql/cassandra/start.sh +++ b/database/nosql/cassandra/start.sh @@ -4,7 +4,7 @@ echo "Starting Cassandra..." ./bin/cassandra -R -p cassandra.pid # Wait for successful startup while ! ./bin/cqlsh -u "$CASSANDRA_USER" -p "$CASSANDRA_PASSWORD" -e 'describe cluster' 127.0.0.1 $SERVER_PORT; do - echo "Still awaiting Cassandra satrtup..." + echo "Still awaiting Cassandra startup..." sleep 10; if ! kill -0 $(cat cassandra.pid); then echo "It seems Cassandra has crashed!" From f206280eba6e2d35ddc9aab1ce2b9208717d4a1b Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Thu, 19 Aug 2021 20:21:45 +0200 Subject: [PATCH 6/6] docs: add general usage note --- database/nosql/cassandra/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/database/nosql/cassandra/README.md b/database/nosql/cassandra/README.md index 750eea1a..490f307c 100644 --- a/database/nosql/cassandra/README.md +++ b/database/nosql/cassandra/README.md @@ -15,6 +15,11 @@ You can choose between a Java 11/Python 3 (Cassandra >= 4.0.0) and Java 8/Python ### Security +#### General usage +Allowing general users to use this egg is potentially dangerous as the user can modify the Cassandra startup script, +which is a simple shell script located in the mounted `/home/container` directory. Only trusted users +should have access to a Cassandra server hosted with this egg to prevent malicious use! + #### Authentication The automated configuration of the egg won't allow disable authentication for Cassandra.