cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Podkowinski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9325) cassandra-stress requires keystore for SSL but provides no way to configure it
Date Wed, 30 Mar 2016 15:24:25 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15218137#comment-15218137
] 

Stefan Podkowinski commented on CASSANDRA-9325:
-----------------------------------------------

I've rebased and recreated the patch to make sure it applies cleanly from 2.1 up to trunk.
[~tjake], let me know if you need me to fire up cassci runs for the patch.

> cassandra-stress requires keystore for SSL but provides no way to configure it
> ------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-9325
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9325
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: J.B. Langston
>            Assignee: Stefan Podkowinski
>              Labels: lhf, stress
>             Fix For: 2.2.x
>
>         Attachments: 9325-2.1.patch
>
>
> Even though it shouldn't be required unless client certificate authentication is enabled,
the stress tool is looking for a keystore in the default location of conf/.keystore with the
default password of cassandra. There is no command line option to override these defaults
so you have to provide a keystore that satisfies the default. It looks for conf/.keystore
in the working directory, so you need to create this in the directory you are running cassandra-stress
from.It doesn't really matter what's in the keystore; it just needs to exist in the expected
location and have a password of cassandra.
> Since the keystore might be required if client certificate authentication is enabled,
we need to add -transport parameters for keystore and keystore-password.  Ideally, these should
be optional and stress shouldn't require the keystore unless client certificate authentication
is enabled on the server.
> In case it wasn't apparent, this is for Cassandra 2.1 and later's stress tool.  I actually
had even more problems getting Cassandra 2.0's stress tool working with SSL and gave up on
it.  We probably don't need to fix 2.0; we can just document that it doesn't support SSL and
recommend using 2.1 instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message