cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raimund Klein <chessra...@gmail.com>
Subject Securing a Cassandra 2.2.6 Cluster
Date Sun, 30 Oct 2016 18:11:55 GMT
Hi everyone,

We've managed to set up a Cassandra 2.2.6 cluster of two physical nodes
(nodetool sees both of them, so I'm quite certain the cluster is indeed
active). My steps to create the cluster were (this applies to both
machines):

 - Empty listen_address and rpc_address.
 - Define a cluster_name.
 - Define both machines as seeds.
 - Open ports 9042, 7000 and 7001 for external communication.



Now I want to secure access to the cluster in all forms:

 - define a different database user with a new password
 - encrypt communication bet ween clients and the cluster including client
verification
 - encrypt communication between the nodes including verification

What is the best order of steps and correct way to achieve this? I wanted
to start with defining a different user, but cqlsh refuses to connect after
enforcing user/password authentication:

cqlsh -u cassandra -p cassandra
Connection error: ('Unable to connect to any servers', {'127.0.0.1':
error(111, "Tried connecting to [('127.0.0.1', 9042)]. Last error:
Connection refused")})



This happens when I run the command on either of the two machines. Any help
would be greatly appreciated.

Mime
View raw message