logo
down
shadow

Setting up inter-node encryption in Cassandra


Setting up inter-node encryption in Cassandra

By : Putra Helmi
Date : November 29 2020, 01:01 AM
this will help I am new to Cassandra and looking to setup internode encryption in Cassandra 1.2.8. , Read the exception carefully:
code :


Share : facebook icon twitter icon
Using a single certificate for inter-node encryption on Cassandra

Using a single certificate for inter-node encryption on Cassandra


By : Richard Oduro
Date : March 29 2020, 07:55 AM
wish helps you I have inter-node encryption setup on a small Cassandra cluster (4 nodes), and each node has its own key pair. That means that I need to distribute a trusted keystore to all nodes that contains the public key for every other node in the cluster, which makes it a bit of a pain to update when I add nodes to the cluster. , Adding the CA cert to the truststore of each node is sufficient.
Enable Cassandra client-to-node encryption with Spring Data Cassandra

Enable Cassandra client-to-node encryption with Spring Data Cassandra


By : Mohamed Taraouat
Date : March 29 2020, 07:55 AM
will be helpful for those in need TL;DR
Set either the trust-store using System-properties outside the JVM (-Djavax.net.ssl.trustStore=…) or add a bean dependency on the System-Properties factory bean to make sure the properties are applied before the Cassandra client is initialized. Using ssl-options-ref requires more effort.
code :
public class SslOptionsFactoryBean extends AbstractFactoryBean<SSLOptions> {

    private Resource keyStore;
    private String keyStorePassword;
    private Resource trustStore;
    private String trustStorePassword;

    @Override
    public Class<?> getObjectType() {
        return SSLOptions.class;
    }

    @Override
    protected SSLOptions createInstance() throws Exception {

        KeyManager[] keyManagers = getKeyStore() != null
                ? createKeyManagerFactory(getKeyStore(), getKeyStorePassword()).getKeyManagers() : null;

        TrustManager[] trustManagers = getTrustStore() != null
                ? createTrustManagerFactory(getTrustStore(), getTrustStorePassword()).getTrustManagers() : null;

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);

        return new SSLOptions(sslContext, SSLOptions.DEFAULT_SSL_CIPHER_SUITES);
    }

    private static KeyManagerFactory createKeyManagerFactory(Resource keystoreFile, String storePassword)
            throws GeneralSecurityException, IOException {

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

        try (InputStream inputStream = keystoreFile.getInputStream()) {
            keyStore.load(inputStream, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : null);
        }

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : new char[0]);

        return keyManagerFactory;
    }

    private static TrustManagerFactory createTrustManagerFactory(Resource trustFile, String storePassword)
            throws GeneralSecurityException, IOException {

        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());

        try (InputStream inputStream = trustFile.getInputStream()) {
            trustStore.load(inputStream, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : null);
        }

        TrustManagerFactory trustManagerFactory = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);

        return trustManagerFactory;
    }

    public Resource getKeyStore() {
        return keyStore;
    }

    public void setKeyStore(Resource keyStore) {
        this.keyStore = keyStore;
    }

    public String getKeyStorePassword() {
        return keyStorePassword;
    }

    public void setKeyStorePassword(String keyStorePassword) {
        this.keyStorePassword = keyStorePassword;
    }

    public Resource getTrustStore() {
        return trustStore;
    }

    public void setTrustStore(Resource trustStore) {
        this.trustStore = trustStore;
    }

    public String getTrustStorePassword() {
        return trustStorePassword;
    }

    public void setTrustStorePassword(String trustStorePassword) {
        this.trustStorePassword = trustStorePassword;
    }
}
<bean id="sslOptions" class="x.y.SslOptionsFactoryBean" lazy-init="false">
    <property name="trustStore" value="file:truststore.jks"/>
</bean>

<cassandra:cluster contact-points="localhost"
               port="9042"
               username="user"
               password="pass"
               ssl-enabled="true"
               ssl-options-ref="sslOptions"
/>
Task com.datastax.driver.core.Connection$10$1@5c21d76e rejected from java.util.concurrent.ThreadPoolExecutor@78eaecc1[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
How to use different network interface for Cassandra inter-node communication?

How to use different network interface for Cassandra inter-node communication?


By : user3070560
Date : December 25 2020, 06:45 AM
This might help you Yes, you can do this. For inter-node communication you can specify IPs/interfaces via listen_address (or listen_interface, but not together) (conf), and for client->Cassandra communication - rpc_address (or rpc_interface) (conf)...
If necessary, you may need to set broadcast_address & broadcast_rpc_address as well, but it depends on the topology of your cluster.
Turning cassandra inter-node encryption on causes "Unable to gossip with any seeds" exception

Turning cassandra inter-node encryption on causes "Unable to gossip with any seeds" exception


By : Soundarya Kumar
Date : March 29 2020, 07:55 AM
around this issue As usually the case, the problem was related to the environment configuration and not to the actual cassandra settings.
I am running cassandra instances isolated inside a docker containers on a coreos cluster. I forgot that the default etcd ssl port and cassandra's default ssl inter-node communication port are both 7001.
Inter node DC delay in Cassandra

Inter node DC delay in Cassandra


By : Axel Buechner
Date : October 01 2020, 10:00 AM
this one helps. In Cassandra there is a JMX metric that measures latency to the specific data center: org.apache.cassandra.metrics:type=Messaging,name={dc}-Latency (replace {dc} with the name of the data center.
There are also some tools for checking how fast data is replicated:
shadow
Privacy Policy - Terms - Contact Us © ourworld-yourmove.org