cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brandon Williams (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
Date Tue, 22 Jul 2014 16:42:38 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070481#comment-14070481
] 

Brandon Williams commented on CASSANDRA-7585:
---------------------------------------------

bq. Maybe write custom config loader that just use part of cassandra.yaml is the way to go.

Couldn't we just add an option to specify the storage port?  IIRC, the main reason we had
to avoid yaml loading was the static init caused all kinds of other problems.

> cassandra sstableloader connection refused with inter_node_encryption
> ---------------------------------------------------------------------
>
>                 Key: CASSANDRA-7585
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core, Tools
>            Reporter: Samphel Norden
>            Assignee: Yuki Morishita
>
> cassandra sstableloader connection refused with inter_node_encryption
> When using sstableloader to import tables  (cassandra 2.0.5) with inter-node encryption
and client encryption enabled, I get a connection refused error
> I am using
> sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-st JKS  -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore  -tspw
<passwd> $fullpath/$table
> Errors out with
> Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
>  WARN 17:13:34,147 Failed attempt 1 to connect to
> Similar problem reported in cassandra 2.0.8 by another user
> http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
> ==================
> Relevant cassandra.yaml snippet (with obfuscation)
> server_encryption_options:                                                          
                                   
>     internode_encryption: all                                                       
                                  
>     keystore:/path/to/keystore                                                      
                
>     keystore_password: <passwd>                                               
                                        
>     truststore:/path/to/truststore                                                  
                  
>     truststore_password:<passwd>                                              
                                      
>     # More advanced defaults below:                                                 
                                   
>     protocol: TLS                                                                   
                                   
>     algorithm: SunX509                                                              
                                   
>     store_type: JKS                                                                 
                                   
>     cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
  
>     require_client_auth: true                                                       
                                   
>                                                                                     
                                   
> # enable or disable client/server encryption.                                       
                                   
> client_encryption_options:                                                          
                                   
>     enabled: true                                                                   
                                   
>     keystore: /path/to/keystore                                                     
                          
>     keystore_password: <truststorepasswd>                                     
                                                  
>     #require_client_auth: true                                                      
                                   
>     # Set trustore and truststore_password if require_client_auth is true           
                                   
>     truststore:/path/to/truststore                                                  
             
>     truststore_password: <truststorepasswd>                                   
                                                  
>     # More advanced defaults below:                                                 
                                   
>     protocol: TLS                                                                   
                                   
>     algorithm: SunX509                                                              
                                   
>     store_type: JKS                                                                 
                                   
>     cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]

> ======================
> Note that by setting inter-node encryption to "none" sstableloader works.. but setting
it to "all" fails... It seems like sstableloader uses 7000 is my guess instead of using the
ssl port 7001 for streaming/gossip.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message