Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-7585

cassandra sstableloader connection refused with inter_node_encryption

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • 2.0.10, 2.1.1
    • Legacy/Tools
    • None
    • Normal

    Description

      cassandra sstableloader connection refused with inter_node_encryption

      When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error

      I am using

      sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw <passwd> $fullpath/$table

      Errors out with

      Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
      WARN 17:13:34,147 Failed attempt 1 to connect to

      Similar problem reported in cassandra 2.0.8 by another user
      http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
      ==================
      Relevant cassandra.yaml snippet (with obfuscation)

      server_encryption_options:
      internode_encryption: all
      keystore:/path/to/keystore
      keystore_password: <passwd>
      truststore:/path/to/truststore
      truststore_password:<passwd>

      1. More advanced defaults below:
        protocol: TLS
        algorithm: SunX509
        store_type: JKS
        cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
        require_client_auth: true
      1. enable or disable client/server encryption.
        client_encryption_options:
        enabled: true
        keystore: /path/to/keystore
        keystore_password: <truststorepasswd>
        #require_client_auth: true
      2. Set trustore and truststore_password if require_client_auth is true
        truststore:/path/to/truststore
        truststore_password: <truststorepasswd>
      3. More advanced defaults below:
        protocol: TLS
        algorithm: SunX509
        store_type: JKS
        cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]

      ======================

      Note that by setting inter-node encryption to "none" sstableloader works.. but setting it to "all" fails... It seems like sstableloader uses 7000 is my guess instead of using the ssl port 7001 for streaming/gossip.

      Attachments

        1. 7585-2.0.txt
          32 kB
          Yuki Morishita
        2. 7585-2.0-v2.txt
          38 kB
          Yuki Morishita
        3. sstableloader-help.txt
          4 kB
          Yuki Morishita

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-13639 SSTableLoader always uses hostname to stream files from

          • Normal -
          • Resolved

          Activity

            People

              yukim Yuki Morishita
              samnor Samphel Norden
              Yuki Morishita
              Marcus Eriksson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: