[CASSANDRA-7585] cassandra sstableloader connection refused with inter_node_encryption - ASF JIRA

Agile Board

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.0.10, 2.1.1
Component/s: Legacy/Tools
Labels:
None

Severity:
Normal

Description

cassandra sstableloader connection refused with inter_node_encryption

When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error

I am using

sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw <passwd> $fullpath/$table

Errors out with

Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
WARN 17:13:34,147 Failed attempt 1 to connect to

Similar problem reported in cassandra 2.0.8 by another user
http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
==================
Relevant cassandra.yaml snippet (with obfuscation)

server_encryption_options:
internode_encryption: all
keystore:/path/to/keystore
keystore_password: <passwd>
truststore:/path/to/truststore
truststore_password:<passwd>

More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
require_client_auth: true

enable or disable client/server encryption.
client_encryption_options:
enabled: true
keystore: /path/to/keystore
keystore_password: <truststorepasswd>
#require_client_auth: true
Set trustore and truststore_password if require_client_auth is true
truststore:/path/to/truststore
truststore_password: <truststorepasswd>
More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]

======================

Note that by setting inter-node encryption to "none" sstableloader works.. but setting it to "all" fails... It seems like sstableloader uses 7000 is my guess instead of using the ssl port 7001 for streaming/gossip.

Attachments

7585-2.0.txt
07/Aug/14 03:42
32 kB
Yuki Morishita
7585-2.0-v2.txt
14/Aug/14 22:23
38 kB
Yuki Morishita
sstableloader-help.txt
14/Aug/14 22:23
4 kB
Yuki Morishita

Issue Links

Add Link

relates to

CASSANDRA-13639 SSTableLoader always uses hostname to stream files from

Resolved

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Yuki Morishita Assign to me

Reporter:: Samphel Norden

Authors:: Yuki Morishita

Reviewers:: Marcus Eriksson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jul/14 14:28

Updated:: 16/Apr/19 09:31

Resolved:: 15/Aug/14 18:27

Agile

View on Board

cassandra sstableloader connection refused with inter_node_encryption

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment