 Using a single certificate for inter-node encryption on Cassandra
By : Richard Oduro
Date : March 29 2020, 07:55 AM
wish helps you I have inter-node encryption setup on a small Cassandra cluster (4 nodes), and each node has its own key pair. That means that I need to distribute a trusted keystore to all nodes that contains the public key for every other node in the cluster, which makes it a bit of a pain to update when I add nodes to the cluster. , Adding the CA cert to the truststore of each node is sufficient.
|
 Enable Cassandra client-to-node encryption with Spring Data Cassandra
By : Mohamed Taraouat
Date : March 29 2020, 07:55 AM
will be helpful for those in need TL;DR Set either the trust-store using System-properties outside the JVM (-Djavax.net.ssl.trustStore=…) or add a bean dependency on the System-Properties factory bean to make sure the properties are applied before the Cassandra client is initialized. Using ssl-options-ref requires more effort. code :
public class SslOptionsFactoryBean extends AbstractFactoryBean<SSLOptions> {
private Resource keyStore;
private String keyStorePassword;
private Resource trustStore;
private String trustStorePassword;
@Override
public Class<?> getObjectType() {
return SSLOptions.class;
}
@Override
protected SSLOptions createInstance() throws Exception {
KeyManager[] keyManagers = getKeyStore() != null
? createKeyManagerFactory(getKeyStore(), getKeyStorePassword()).getKeyManagers() : null;
TrustManager[] trustManagers = getTrustStore() != null
? createTrustManagerFactory(getTrustStore(), getTrustStorePassword()).getTrustManagers() : null;
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
return new SSLOptions(sslContext, SSLOptions.DEFAULT_SSL_CIPHER_SUITES);
}
private static KeyManagerFactory createKeyManagerFactory(Resource keystoreFile, String storePassword)
throws GeneralSecurityException, IOException {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream inputStream = keystoreFile.getInputStream()) {
keyStore.load(inputStream, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : null);
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : new char[0]);
return keyManagerFactory;
}
private static TrustManagerFactory createTrustManagerFactory(Resource trustFile, String storePassword)
throws GeneralSecurityException, IOException {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream inputStream = trustFile.getInputStream()) {
trustStore.load(inputStream, StringUtils.hasText(storePassword) ? storePassword.toCharArray() : null);
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return trustManagerFactory;
}
public Resource getKeyStore() {
return keyStore;
}
public void setKeyStore(Resource keyStore) {
this.keyStore = keyStore;
}
public String getKeyStorePassword() {
return keyStorePassword;
}
public void setKeyStorePassword(String keyStorePassword) {
this.keyStorePassword = keyStorePassword;
}
public Resource getTrustStore() {
return trustStore;
}
public void setTrustStore(Resource trustStore) {
this.trustStore = trustStore;
}
public String getTrustStorePassword() {
return trustStorePassword;
}
public void setTrustStorePassword(String trustStorePassword) {
this.trustStorePassword = trustStorePassword;
}
}
<bean id="sslOptions" class="x.y.SslOptionsFactoryBean" lazy-init="false">
<property name="trustStore" value="file:truststore.jks"/>
</bean>
<cassandra:cluster contact-points="localhost"
port="9042"
username="user"
password="pass"
ssl-enabled="true"
ssl-options-ref="sslOptions"
/>
Task com.datastax.driver.core.Connection$10$1@5c21d76e rejected from java.util.concurrent.ThreadPoolExecutor@78eaecc1[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
|
 How to use different network interface for Cassandra inter-node communication?
By : user3070560
Date : December 25 2020, 06:45 AM
This might help you Yes, you can do this. For inter-node communication you can specify IPs/interfaces via listen_address (or listen_interface, but not together) ( conf), and for client->Cassandra communication - rpc_address (or rpc_interface) ( conf)... If necessary, you may need to set broadcast_address & broadcast_rpc_address as well, but it depends on the topology of your cluster.
|
Turning cassandra inter-node encryption on causes "Unable to gossip with any seeds" exception
By : Soundarya Kumar
Date : March 29 2020, 07:55 AM
around this issue As usually the case, the problem was related to the environment configuration and not to the actual cassandra settings.
I am running cassandra instances isolated inside a docker containers on a coreos cluster. I forgot that the default etcd ssl port and cassandra's default ssl inter-node communication port are both 7001.
|
 Inter node DC delay in Cassandra
By : Axel Buechner
Date : October 01 2020, 10:00 AM
this one helps. In Cassandra there is a JMX metric that measures latency to the specific data center: org.apache.cassandra.metrics:type=Messaging,name={dc}-Latency (replace {dc} with the name of the data center.
There are also some tools for checking how fast data is replicated:
|
Related Posts :
code :
