Cassandra
  1. Cassandra
  2. CASSANDRA-9325

cassandra-stress requires keystore for SSL but provides no way to configure it

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Fix Version/s: 2.2.6, 3.0.5, 3.5
    • Component/s: Tools
    • Labels:

      Description

      Even though it shouldn't be required unless client certificate authentication is enabled, the stress tool is looking for a keystore in the default location of conf/.keystore with the default password of cassandra. There is no command line option to override these defaults so you have to provide a keystore that satisfies the default. It looks for conf/.keystore in the working directory, so you need to create this in the directory you are running cassandra-stress from.It doesn't really matter what's in the keystore; it just needs to exist in the expected location and have a password of cassandra.

      Since the keystore might be required if client certificate authentication is enabled, we need to add -transport parameters for keystore and keystore-password. Ideally, these should be optional and stress shouldn't require the keystore unless client certificate authentication is enabled on the server.

      In case it wasn't apparent, this is for Cassandra 2.1 and later's stress tool. I actually had even more problems getting Cassandra 2.0's stress tool working with SSL and gave up on it. We probably don't need to fix 2.0; we can just document that it doesn't support SSL and recommend using 2.1 instead.

      1. 9325-2.1.patch
        5 kB
        Stefan Podkowinski

        Activity

        Hide
        Stefan Podkowinski added a comment -

        Can be reproduced using e.g. the following stress tool options:
        ./bin/cassandra-stress "write n=100k cl=ONE no-warmup" -transport truststore=$HOME/truststore.jks truststore-password=cassandra

        Show
        Stefan Podkowinski added a comment - Can be reproduced using e.g. the following stress tool options: ./bin/cassandra-stress "write n=100k cl=ONE no-warmup" -transport truststore=$HOME/truststore.jks truststore-password=cassandra
        Hide
        Stefan Podkowinski added a comment -

        I've rebased and recreated the patch to make sure it applies cleanly from 2.1 up to trunk. T Jake Luciani, let me know if you need me to fire up cassci runs for the patch.

        Show
        Stefan Podkowinski added a comment - I've rebased and recreated the patch to make sure it applies cleanly from 2.1 up to trunk. T Jake Luciani , let me know if you need me to fire up cassci runs for the patch.
        Hide
        T Jake Luciani added a comment -

        Yes please do. Stefan Podkowinski. 2.1 if effectively frozen so will put into 2.2+

        Show
        T Jake Luciani added a comment - Yes please do. Stefan Podkowinski . 2.1 if effectively frozen so will put into 2.2+
        Hide
        Stefan Podkowinski added a comment -

        cassci test results:

        2.2 3.0 trunk
        branch branch branch
        dtest dtest dtest
        testall testall testall
        Show
        Stefan Podkowinski added a comment - cassci test results: 2.2 3.0 trunk branch branch branch dtest dtest dtest testall testall testall
        Hide
        T Jake Luciani added a comment -

        committed

        Show
        T Jake Luciani added a comment - committed

          People

          • Assignee:
            Stefan Podkowinski
            Reporter:
            J.B. Langston
            Reviewer:
            T Jake Luciani
          • Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development