cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Eriksson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
Date Wed, 13 Aug 2014 09:35:12 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095317#comment-14095317
] 

Marcus Eriksson commented on CASSANDRA-7585:
--------------------------------------------

Small comments;

* Could we make it possible to state the server_encryption_options on the command line as
well as via the config? The command will look horrible, but i think it makes it easier for
people to script stuff instead of having to ship a .yaml file.
* Perhaps highlight in the 'help'-output what the difference is between the two encryption
settings
* We can remove the 'peer'-parameter in StreamSession.createConnection (we are creating a
connection for the session, and session knows the peer already)

other than that, +1

> cassandra sstableloader connection refused with inter_node_encryption
> ---------------------------------------------------------------------
>
>                 Key: CASSANDRA-7585
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core, Tools
>            Reporter: Samphel Norden
>            Assignee: Yuki Morishita
>             Fix For: 2.0.10, 2.1.1
>
>         Attachments: 7585-2.0.txt
>
>
> cassandra sstableloader connection refused with inter_node_encryption
> When using sstableloader to import tables  (cassandra 2.0.5) with inter-node encryption
and client encryption enabled, I get a connection refused error
> I am using
> sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-st JKS  -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore  -tspw
<passwd> $fullpath/$table
> Errors out with
> Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
>  WARN 17:13:34,147 Failed attempt 1 to connect to
> Similar problem reported in cassandra 2.0.8 by another user
> http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
> ==================
> Relevant cassandra.yaml snippet (with obfuscation)
> server_encryption_options:                                                          
                                   
>     internode_encryption: all                                                       
                                  
>     keystore:/path/to/keystore                                                      
                
>     keystore_password: <passwd>                                               
                                        
>     truststore:/path/to/truststore                                                  
                  
>     truststore_password:<passwd>                                              
                                      
>     # More advanced defaults below:                                                 
                                   
>     protocol: TLS                                                                   
                                   
>     algorithm: SunX509                                                              
                                   
>     store_type: JKS                                                                 
                                   
>     cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
  
>     require_client_auth: true                                                       
                                   
>                                                                                     
                                   
> # enable or disable client/server encryption.                                       
                                   
> client_encryption_options:                                                          
                                   
>     enabled: true                                                                   
                                   
>     keystore: /path/to/keystore                                                     
                          
>     keystore_password: <truststorepasswd>                                     
                                                  
>     #require_client_auth: true                                                      
                                   
>     # Set trustore and truststore_password if require_client_auth is true           
                                   
>     truststore:/path/to/truststore                                                  
             
>     truststore_password: <truststorepasswd>                                   
                                                  
>     # More advanced defaults below:                                                 
                                   
>     protocol: TLS                                                                   
                                   
>     algorithm: SunX509                                                              
                                   
>     store_type: JKS                                                                 
                                   
>     cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]

> ======================
> Note that by setting inter-node encryption to "none" sstableloader works.. but setting
it to "all" fails... It seems like sstableloader uses 7000 is my guess instead of using the
ssl port 7001 for streaming/gossip.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message