date:20180424

Re: Cassandra reaper

2018-04-24 Thread Joaquin Casares

Sure thing Abdul,

That's great to hear! Unfortunately, the JMX authentication needs to be in
the config file currently. And even if the JMX authentication was stored
within Cassandra, we would still need to store connection details within
the yaml and storing the JMX authentication credentials within Cassandra
may not be ideal from a security standpoint.

The UI keeps logs of all the previous repairs, to the best of my knowledge.
If you want to completely uninstall Reaper, you can perform a DROP KEYSPACE
reaper_db; from within cqlsh, but that would remove all schedules as well.

Cheers,

Joaquin

Joaquin Casares
Consultant
Austin, TX

Apache Cassandra Consulting
http://www.thelastpickle.com

On Tue, Apr 24, 2018 at 7:49 PM, Abdul Patel  wrote:

> Thanks Joaquin,
>
> Yes i used the same and worked fine ..only thing is i had to add userid
> password ..which is somewhat annoyoing to keep in comfig file ..can i get
> reed of it and still store on reaper_db keyspace?
> Also how to clean reaper_db by deleting completed reaper information from
> gui? Or any other cleanup is required?
>
>
> On Tuesday, April 24, 2018, Joaquin Casares 
> wrote:
>
>> Hello Abdul,
>>
>> Depending on what you want your backend to be stored on, you'll want to
>> use a different file.
>>
>> So if you want your Reaper state to be stored within a Cassandra cluster,
>> which I would recommend, use this file as your base file:
>>
>> https://github.com/thelastpickle/cassandra-reaper/blob/
>> master/src/packaging/resource/cassandra-reaper-cassandra.yaml
>>
>> Make a copy of the yaml and include your system-specific settings. Then
>> symlink it to the following location:
>>
>> /etc/cassandra-reaper/cassandra-reaper.yaml
>>
>> For completeness, this file is an example of how to use a Postgres server
>> to store the Reaper state:
>>
>> https://github.com/thelastpickle/cassandra-reaper/blob/
>> master/src/packaging/resource/cassandra-reaper.yaml
>>
>>
>> Hope that helped!
>>
>> Joaquin Casares
>> Consultant
>> Austin, TX
>>
>> Apache Cassandra Consulting
>> http://www.thelastpickle.com
>>
>> On Tue, Apr 24, 2018 at 7:07 PM, Abdul Patel  wrote:
>>
>>> Thanks
>>>
>>> But the differnce here is cassandra-reaper-caasandra has more paramters
>>> than the cassandra-reaper.yaml
>>> Can i just use the 1 file with all details or it looks for one specific
>>> file?
>>>
>>>
>>> On Tuesday, April 24, 2018, Joaquin Casares 
>>> wrote:
>>>
 Hello Abdul,

 You'll only want one:

 The yaml file used by the service is located at
 /etc/cassandra-reaper/cassandra-reaper.yaml and alternate config
 templates can be found under /etc/cassandra-reaper/configs. It is
 recommended to create a new file with your specific configuration and
 symlink it as /etc/cassandra-reaper/cassandra-reaper.yaml to avoid
 your configuration from being overwritten during upgrades.

 Adapt the config file to suit your setup and then run `sudo service
 cassandra-reaper start`.

 Source: http://cassandra-reaper.io/docs/download/install/#service-co
 nfiguration

 Hope that helps!

 Joaquin Casares
 Consultant
 Austin, TX

 Apache Cassandra Consulting
 http://www.thelastpickle.com

 On Tue, Apr 24, 2018 at 6:51 PM, Abdul Patel 
 wrote:

> Hi All,
>
> For reaper do we need both file or only one?
>
> Cassandra.reaper.yaml
> Cassandra-reaper-cassandra.yaml
>

>>

Re: Cassandra reaper

2018-04-24 Thread Abdul Patel

Thanks Joaquin,

Yes i used the same and worked fine ..only thing is i had to add userid
password ..which is somewhat annoyoing to keep in comfig file ..can i get
reed of it and still store on reaper_db keyspace?
Also how to clean reaper_db by deleting completed reaper information from
gui? Or any other cleanup is required?

On Tuesday, April 24, 2018, Joaquin Casares 
wrote:

> Hello Abdul,
>
> Depending on what you want your backend to be stored on, you'll want to
> use a different file.
>
> So if you want your Reaper state to be stored within a Cassandra cluster,
> which I would recommend, use this file as your base file:
>
> https://github.com/thelastpickle/cassandra-reaper/blob/master/src/
> packaging/resource/cassandra-reaper-cassandra.yaml
>
> Make a copy of the yaml and include your system-specific settings. Then
> symlink it to the following location:
>
> /etc/cassandra-reaper/cassandra-reaper.yaml
>
> For completeness, this file is an example of how to use a Postgres server
> to store the Reaper state:
>
> https://github.com/thelastpickle/cassandra-reaper/blob/master/src/
> packaging/resource/cassandra-reaper.yaml
>
>
> Hope that helped!
>
> Joaquin Casares
> Consultant
> Austin, TX
>
> Apache Cassandra Consulting
> http://www.thelastpickle.com
>
> On Tue, Apr 24, 2018 at 7:07 PM, Abdul Patel  wrote:
>
>> Thanks
>>
>> But the differnce here is cassandra-reaper-caasandra has more paramters
>> than the cassandra-reaper.yaml
>> Can i just use the 1 file with all details or it looks for one specific
>> file?
>>
>>
>> On Tuesday, April 24, 2018, Joaquin Casares 
>> wrote:
>>
>>> Hello Abdul,
>>>
>>> You'll only want one:
>>>
>>> The yaml file used by the service is located at
>>> /etc/cassandra-reaper/cassandra-reaper.yaml and alternate config
>>> templates can be found under /etc/cassandra-reaper/configs. It is
>>> recommended to create a new file with your specific configuration and
>>> symlink it as /etc/cassandra-reaper/cassandra-reaper.yaml to avoid your
>>> configuration from being overwritten during upgrades.
>>>
>>> Adapt the config file to suit your setup and then run `sudo service
>>> cassandra-reaper start`.
>>>
>>>
>>> Source: http://cassandra-reaper.io/docs/download/install/#service-co
>>> nfiguration
>>>
>>>
>>> Hope that helps!
>>>
>>> Joaquin Casares
>>> Consultant
>>> Austin, TX
>>>
>>> Apache Cassandra Consulting
>>> http://www.thelastpickle.com
>>>
>>> On Tue, Apr 24, 2018 at 6:51 PM, Abdul Patel 
>>> wrote:
>>>
 Hi All,

 For reaper do we need both file or only one?

 Cassandra.reaper.yaml
 Cassandra-reaper-cassandra.yaml

>>>
>>>
>

Re: Cassandra reaper

2018-04-24 Thread Joaquin Casares

Hello Abdul,

Depending on what you want your backend to be stored on, you'll want to use
a different file.

So if you want your Reaper state to be stored within a Cassandra cluster,
which I would recommend, use this file as your base file:

https://github.com/thelastpickle/cassandra-reaper/blob/master/src/packaging/resource/cassandra-reaper-cassandra.yaml

Make a copy of the yaml and include your system-specific settings. Then
symlink it to the following location:

/etc/cassandra-reaper/cassandra-reaper.yaml

For completeness, this file is an example of how to use a Postgres server
to store the Reaper state:

https://github.com/thelastpickle/cassandra-reaper/blob/master/src/packaging/resource/cassandra-reaper.yaml


Hope that helped!

Joaquin Casares
Consultant
Austin, TX

Apache Cassandra Consulting
http://www.thelastpickle.com

On Tue, Apr 24, 2018 at 7:07 PM, Abdul Patel  wrote:

> Thanks
>
> But the differnce here is cassandra-reaper-caasandra has more paramters
> than the cassandra-reaper.yaml
> Can i just use the 1 file with all details or it looks for one specific
> file?
>
>
> On Tuesday, April 24, 2018, Joaquin Casares 
> wrote:
>
>> Hello Abdul,
>>
>> You'll only want one:
>>
>> The yaml file used by the service is located at
>> /etc/cassandra-reaper/cassandra-reaper.yaml and alternate config
>> templates can be found under /etc/cassandra-reaper/configs. It is
>> recommended to create a new file with your specific configuration and
>> symlink it as /etc/cassandra-reaper/cassandra-reaper.yaml to avoid your
>> configuration from being overwritten during upgrades.
>>
>> Adapt the config file to suit your setup and then run `sudo service
>> cassandra-reaper start`.
>>
>>
>> Source: http://cassandra-reaper.io/docs/download/install/#service-
>> configuration
>>
>>
>> Hope that helps!
>>
>> Joaquin Casares
>> Consultant
>> Austin, TX
>>
>> Apache Cassandra Consulting
>> http://www.thelastpickle.com
>>
>> On Tue, Apr 24, 2018 at 6:51 PM, Abdul Patel  wrote:
>>
>>> Hi All,
>>>
>>> For reaper do we need both file or only one?
>>>
>>> Cassandra.reaper.yaml
>>> Cassandra-reaper-cassandra.yaml
>>>
>>
>>

Re: Cassandra reaper

2018-04-24 Thread Abdul Patel

Thanks

But the differnce here is cassandra-reaper-caasandra has more paramters
than the cassandra-reaper.yaml
Can i just use the 1 file with all details or it looks for one specific
file?

On Tuesday, April 24, 2018, Joaquin Casares 
wrote:

> Hello Abdul,
>
> You'll only want one:
>
> The yaml file used by the service is located at 
> /etc/cassandra-reaper/cassandra-reaper.yaml
> and alternate config templates can be found under
> /etc/cassandra-reaper/configs. It is recommended to create a new file with
> your specific configuration and symlink it as 
> /etc/cassandra-reaper/cassandra-reaper.yaml
> to avoid your configuration from being overwritten during upgrades.
>
> Adapt the config file to suit your setup and then run `sudo service
> cassandra-reaper start`.
>
>
> Source: http://cassandra-reaper.io/docs/download/install/#
> service-configuration
>
>
> Hope that helps!
>
> Joaquin Casares
> Consultant
> Austin, TX
>
> Apache Cassandra Consulting
> http://www.thelastpickle.com
>
> On Tue, Apr 24, 2018 at 6:51 PM, Abdul Patel  wrote:
>
>> Hi All,
>>
>> For reaper do we need both file or only one?
>>
>> Cassandra.reaper.yaml
>> Cassandra-reaper-cassandra.yaml
>>
>
>

Re: Cassandra reaper

2018-04-24 Thread Joaquin Casares

Hello Abdul,

You'll only want one:

The yaml file used by the service is located at
/etc/cassandra-reaper/cassandra-reaper.yaml and alternate config templates
can be found under /etc/cassandra-reaper/configs. It is recommended to
create a new file with your specific configuration and symlink it as
/etc/cassandra-reaper/cassandra-reaper.yaml to avoid your configuration
from being overwritten during upgrades.

Adapt the config file to suit your setup and then run `sudo service
cassandra-reaper start`.

Source:
http://cassandra-reaper.io/docs/download/install/#service-configuration

Hope that helps!

Joaquin Casares
Consultant
Austin, TX

Apache Cassandra Consulting
http://www.thelastpickle.com

On Tue, Apr 24, 2018 at 6:51 PM, Abdul Patel  wrote:

> Hi All,
>
> For reaper do we need both file or only one?
>
> Cassandra.reaper.yaml
> Cassandra-reaper-cassandra.yaml
>

Cassandra reaper

2018-04-24 Thread Abdul Patel

Hi All,

For reaper do we need both file or only one?

Cassandra.reaper.yaml
Cassandra-reaper-cassandra.yaml

Re: copy from one table to another

2018-04-24 Thread Kyrylo Lebediev

Thank you,  Rahul!

From: Rahul Singh 
Sent: Saturday, April 21, 2018 3:02:11 PM
To: user@cassandra.apache.org
Subject: Re: copy from one table to another

That’s correct.

On Apr 21, 2018, 5:05 AM -0400, Kyrylo Lebediev , 
wrote:

You mean that correct table UUID should be specified as suffix in directory 
name?
For example:

Table:

cqlsh> select id from system_schema.tables where keyspace_name='test' and 
table_name='usr';

 id
--
 ea2f6da0-f931-11e7-8224-43ca70555242

Directory name:
./data/test/usr-ea2f6da0f93111e7822443ca70555242

Correct?

Regards,

Kyrill

From: Rahul Singh 
Sent: Thursday, April 19, 2018 10:53:11 PM
To: user@cassandra.apache.org
Subject: Re: copy from one table to another

Each table has a different Guid — doing a hard link may work as long as the 
sstable dir’s guid is he same as the newly created table in the system schema.

--
Rahul Singh
rahul.si...@anant.us

Anant Corporation

On Apr 19, 2018, 10:41 AM -0500, Kyrylo Lebediev , 
wrote:

The table is too large to be copied fast/effectively , so I'd like to leverage 
immutableness  property of SSTables.

My idea is to:

1) create new empty table (NewTable) with the same structure as existing one 
(OldTable)
2) at some time run simultaneous 'nodetool snapshot -t ttt  OldTable' 
on all nodes -- this will create point in time state of OldTable

3) on each node run:
   for each file in OldTable ttt snapshot directory:

 ln 
//OldTable-/snapshots/ttt/_OldTable_xx 
.//Newtable/_NewTable_x

 then:
 nodetool refresh  NewTable

4) nodetool repair NewTable
5) Use OldTable and NewTable independently (Read/Write)

Are there any issues with using hardlinks (ln) instead of copying (cp) in this 
case?

Thanks,

Kyrill

From: Rahul Singh 
Sent: Wednesday, April 18, 2018 2:07:17 AM
To: user@cassandra.apache.org
Subject: Re: copy from one table to another

1. Make a new table with the same schema.
For each node
2. Shutdown node
3. Copy data from Source sstable dir to new sstable dir.

This will do what you want.

--
Rahul Singh
rahul.si...@anant.us

Anant Corporation

On Apr 16, 2018, 4:21 PM -0500, Kyrylo Lebediev , 
wrote:
Thanks,  Ali.
I just need to copy a large table in production without actual copying by using 
hardlinks. After this both tables should be used independently (RW). Is this a 
supported way or not?

Regards,
Kyrill

From: Ali Hubail 
Sent: Monday, April 16, 2018 6:51:51 PM
To: user@cassandra.apache.org
Subject: Re: copy from one table to another

If you want to copy a portion of the data to another table, you can also use 
sstable cql writer. It is more of an advanced feature and can be tricky, but 
doable.
once you write the new sstables, you can then use the sstableloader to stream 
the new data into the new table.
check this out:
https://www.datastax.com/dev/blog/using-the-cassandra-bulk-loader-updated

I have recently used this to clean up 500 GB worth of sstable data in order to 
purge tombstones that were mistakenly generated by the client.
obviously this is not as fast as hardlinks + refresh, but it's much faster and 
more efficient than using cql to copy data accross the tables.
take advantage of CQLSSTableWriter.builder.sorted() if you can, and utilize 
writetime if you have to.

Ali Hubail

Confidentiality warning: This message and any attachments are intended only for 
the persons to whom this message is addressed, are confidential, and may be 
privileged. If you are not the intended recipient, you are hereby notified that 
any review, retransmission, conversion to hard copy, copying, modification, 
circulation or other use of this message and any attachments is strictly 
prohibited. If you receive this message in error, please notify the sender 
immediately by return email, and delete this message and any attachments from 
your system. Petrolink International Limited its subsidiaries, holding 
companies and affiliates disclaims all responsibility from and accepts no 
liability whatsoever for the consequences of any unauthorized person acting, or 
refraining from acting, on any information contained in this message. For 
security purposes, staff training, to assist in resolving complaints and to 
improve our customer service, email communications may be monitored and 
telephone calls may be recorded.

Kyrylo Lebediev 

04/16/2018 10:37 AM

Please respond to
user@cassandra.apache.org

To
"user@cassandra.apache.org" ,
cc

Subject
Re: copy from one table to another

Any issues if we:

1) create an new empty table with the same structure as

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Stefan Podkowinski

The hard-coded protocol selection has been remove in one of the 3.x
releases. You may want to consider updating to the latest 3.11 release.


On 24.04.18 19:21, Lou DeGenaro wrote:
> Here's is what I was told by IBM JVM Support:
>
> ...the string "SSLv2Hello" is not supported in IBM JVM but more
> importantly, the protocol SSLv2 is no longer a valid protocol in
> our JVM. We don't even have SSLv3 enabled by default due to the
> HIGH severity vulnerabilities this protocol has.
>
> Is there anything I can do to use IBM JVM and Cassandra with encryption?
>
> Thanks.
>
> Lou.
>
> On Tue, Apr 24, 2018 at 12:41 PM, Michael Shuler
> > wrote:
>
> Correct!
>
> Thanks for the trace, Lou.
>
> SSLFactory.java:67 specifies a list of protocols, including
> SSLv2Hello.
>
> "It [IBM JSSE] does not support specifying SSLv2Hello."
> 
> https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/knowndiffsun.html
> 
> 
>
> Apache Cassandra is tested on Oracle JDK and OpenJDK. Use a supported
> version of either of those, and this problem should go away.
> Alternatively, do a custom build of Cassandra, if you must run a
> little-used JDK?
>
> Also, just for a little additional info, SSLv2Hello != SSLv2, so I do
> not believe that there is a worry about some weak protocol here.
> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4915862
> 
>
> -- 
> Kind regards,
> Michael
>
> On 04/24/2018 11:23 AM, Marcus Haarmann wrote:
> > OK, this is IBM JDK. The options might differ. I have been
> searching for
> > Oracle Java options.
> > You will need to consult the IBM documentation in this case.
> >
> > Marcus Haarmann
> >
> >
> 
> > *Von: *"Lou DeGenaro"  >
> > *An: *"user"  >
> > *Gesendet: *Dienstag, 24. April 2018 16:08:06
> > *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
> >
> > Thanks for your suggestions.  I tried using the -D shown below:
> >
> >     degenaro@bluej421:/users/degenaro/cassandra/bluej421>
> ./bin/cassandra
> >     degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> >     --interleave=all /share/ibm-jdk1.8/bin/java
> >     -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello
> >     -Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC
> >     -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> >     -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> >     -XX:CMSInitiatingOccupancyFraction=75
> >     -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSWaitDuration=1...
> >     ...
> >     WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> >     TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> >     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> >     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> >     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by
> the socket
> >     Exception (java.lang.IllegalArgumentException) encountered
> during
> >     startup: SSLv2Hello is not a recognized protocol.
> >     java.lang.IllegalArgumentException: SSLv2Hello is not a
> recognized
> >     protocol.
> >     at com.ibm.jsse2.S.a(S.java:112)
> >     at com.ibm.jsse2.S.b(S.java:136)
> >     at com.ibm.jsse2.S.(S.java:177)
> >     at com.ibm.jsse2.as
> .setEnabledProtocols(as.java:2)
> >     at
> >   
>  
> org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67)
> >     at
> >     org.apache.cassandra.net
> 
> .MessagingService.getServerSockets(MessagingService.java:514)
> >     at
> >     org.apache.cassandra.net
> 
> .MessagingService.listen(MessagingService.java:498)
> >     at
> >     org.apache.cassandra.net
> 
> .MessagingService.listen(MessagingService.java:482)
> >     at
> >   
>  
> org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)
> >     at
> >   
>  
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:654)
> >     at
> >   
>  
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:534)
> >     at
> >   
>  
>

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro

Here's is what I was told by IBM JVM Support:

...the string "SSLv2Hello" is not supported in IBM JVM but
> more importantly, the protocol SSLv2 is no longer a valid protocol in
> our JVM.
> We don't even have SSLv3 enabled by default due to the HIGH severity
> vulnerabilities this protocol has.
>
> Is there anything I can do to use IBM JVM and Cassandra with encryption?

Thanks.

Lou.

On Tue, Apr 24, 2018 at 12:41 PM, Michael Shuler 
wrote:

> Correct!
>
> Thanks for the trace, Lou.
>
> SSLFactory.java:67 specifies a list of protocols, including SSLv2Hello.
>
> "It [IBM JSSE] does not support specifying SSLv2Hello."
> https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.
> 0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/
> knowndiffsun.html
>
> Apache Cassandra is tested on Oracle JDK and OpenJDK. Use a supported
> version of either of those, and this problem should go away.
> Alternatively, do a custom build of Cassandra, if you must run a
> little-used JDK?
>
> Also, just for a little additional info, SSLv2Hello != SSLv2, so I do
> not believe that there is a worry about some weak protocol here.
> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4915862
>
> --
> Kind regards,
> Michael
>
> On 04/24/2018 11:23 AM, Marcus Haarmann wrote:
> > OK, this is IBM JDK. The options might differ. I have been searching for
> > Oracle Java options.
> > You will need to consult the IBM documentation in this case.
> >
> > Marcus Haarmann
> >
> > 
> > *Von: *"Lou DeGenaro" 
> > *An: *"user" 
> > *Gesendet: *Dienstag, 24. April 2018 16:08:06
> > *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
> >
> > Thanks for your suggestions.  I tried using the -D shown below:
> >
> > degenaro@bluej421:/users/degenaro/cassandra/bluej421>
> ./bin/cassandra
> > degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> > --interleave=all /share/ibm-jdk1.8/bin/java
> > -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello
> > -Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC
> > -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> > -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> > -XX:CMSInitiatingOccupancyFraction=75
> > -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSWaitDuration=1...
> > ...
> > WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the
> socket
> > Exception (java.lang.IllegalArgumentException) encountered during
> > startup: SSLv2Hello is not a recognized protocol.
> > java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> > protocol.
> > at com.ibm.jsse2.S.a(S.java:112)
> > at com.ibm.jsse2.S.b(S.java:136)
> > at com.ibm.jsse2.S.(S.java:177)
> > at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
> > at
> > org.apache.cassandra.security.SSLFactory.getServerSocket(
> SSLFactory.java:67)
> > at
> > org.apache.cassandra.net.MessagingService.getServerSockets(
> MessagingService.java:514)
> > at
> > org.apache.cassandra.net.MessagingService.listen(
> MessagingService.java:498)
> > at
> > org.apache.cassandra.net.MessagingService.listen(
> MessagingService.java:482)
> > at
> > org.apache.cassandra.service.StorageService.prepareToJoin(
> StorageService.java:765)
> > at
> > org.apache.cassandra.service.StorageService.initServer(
> StorageService.java:654)
> > at
> > org.apache.cassandra.service.StorageService.initServer(
> StorageService.java:534)
> > at
> > org.apache.cassandra.service.CassandraDaemon.setup(
> CassandraDaemon.java:344)
> > at
> > org.apache.cassandra.service.CassandraDaemon.activate(
> CassandraDaemon.java:568)
> > at
> > org.apache.cassandra.service.CassandraDaemon.main(
> CassandraDaemon.java:696)
> > ERROR 14:01:09 Exception encountered during startup
> > java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> > protocol.
> >
> >
> > Who is at fault: user, Cassandra, JVM, OS?
> >
> > Thanks.
> >
> > Lou.
> >
> >
> >
> >
> >
> >
> > On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann
> > > wrote:
> >
> > Hi,
> >
> > I did take a look into the source code of 3.11, but I believe the
> > code is more or less the same.
> > The SSL code makes use of Java SSL Sockets so you can limit the
> > protocols in the "Java way".
> > The java way (at least for a recent Java 8) is to setup the
> > protocols in the /lib/security/java.security file.
> > Or to define a system

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Michael Shuler

Correct!

Thanks for the trace, Lou.

SSLFactory.java:67 specifies a list of protocols, including SSLv2Hello.

"It [IBM JSSE] does not support specifying SSLv2Hello."
https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/knowndiffsun.html

Apache Cassandra is tested on Oracle JDK and OpenJDK. Use a supported
version of either of those, and this problem should go away.
Alternatively, do a custom build of Cassandra, if you must run a
little-used JDK?

Also, just for a little additional info, SSLv2Hello != SSLv2, so I do
not believe that there is a worry about some weak protocol here.
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4915862

-- 
Kind regards,
Michael

On 04/24/2018 11:23 AM, Marcus Haarmann wrote:
> OK, this is IBM JDK. The options might differ. I have been searching for
> Oracle Java options.
> You will need to consult the IBM documentation in this case.
> 
> Marcus Haarmann
> 
> 
> *Von: *"Lou DeGenaro" 
> *An: *"user" 
> *Gesendet: *Dienstag, 24. April 2018 16:08:06
> *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
> 
> Thanks for your suggestions.  I tried using the -D shown below:
> 
> degenaro@bluej421:/users/degenaro/cassandra/bluej421> ./bin/cassandra
> degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> --interleave=all /share/ibm-jdk1.8/bin/java
> -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello
> -Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC
> -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> -XX:CMSInitiatingOccupancyFraction=75
> -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSWaitDuration=1...
> ...
> WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the socket
> Exception (java.lang.IllegalArgumentException) encountered during
> startup: SSLv2Hello is not a recognized protocol.
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
>     at com.ibm.jsse2.S.a(S.java:112)
>     at com.ibm.jsse2.S.b(S.java:136)
>     at com.ibm.jsse2.S.(S.java:177)
>     at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
>     at
> 
> org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67)
>     at
> 
> org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:514)
>     at
> 
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:498)
>     at
> 
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:482)
>     at
> 
> org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)
>     at
> 
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:654)
>     at
> 
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:534)
>     at
> 
> org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:344)
>     at
> 
> org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:568)
>     at
> 
> org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:696)
> ERROR 14:01:09 Exception encountered during startup
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
> 
> 
> Who is at fault: user, Cassandra, JVM, OS?
> 
> Thanks.
> 
> Lou.
> 
> 
> 
> 
> 
> 
> On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann
> > wrote:
> 
> Hi,
> 
> I did take a look into the source code of 3.11, but I believe the
> code is more or less the same.
> The SSL code makes use of Java SSL Sockets so you can limit the
> protocols in the "Java way".
> The java way (at least for a recent Java 8) is to setup the
> protocols in the /lib/security/java.security file.
> Or to define a system property on the command line
> (-Dhttps.protocols = TLSv1.2,TLSv1.1,SSLv2Hello).
> 
> There are multiple options for SSL configuration in the config
> 
> (https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLNodeToNode.html)
> The most interesting one in your situation would be the
> cipher_suites option, which allows you 
> to limit the avaliable cipher suites e.g.
> to TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> (which is a TLS1.2-only cipher suite).
> 
> You can check the offered protocols for your server with an open
> source tool like sslyze (https://github.com/nabla-c0d3/sslyze)
> 
> Marcus

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Marcus Haarmann

OK, this is IBM JDK. The options might differ. I have been searching for Oracle 
Java options. 
You will need to consult the IBM documentation in this case. 

Marcus Haarmann 

Von: "Lou DeGenaro"  
An: "user"  
Gesendet: Dienstag, 24. April 2018 16:08:06 
Betreff: Re: How to configure Cassandra to NOT use SSLv2? 

Thanks for your suggestions. I tried using the -D shown below: 

degenaro@bluej421:/users/degenaro/cassandra/bluej421> ./bin/cassandra 
degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl --interleave=all 
/share/ibm-jdk1.8/bin/java -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello 
-Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC -XX:+UseConcMarkSweepGC 
-XX:+CMSParallelRemarkEnabled -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1 
-XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly 
-XX:CMSWaitDuration=1... 
... 
WARN 14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the socket 
Exception (java.lang.IllegalArgumentException) encountered during startup: 
SSLv2Hello is not a recognized protocol. 
java.lang.IllegalArgumentException: SSLv2Hello is not a recognized protocol. 
at com.ibm.jsse2.S.a(S.java:112) 
at com.ibm.jsse2.S.b(S.java:136) 
at com.ibm.jsse2.S.(S.java:177) 
at com.ibm.jsse2.as.setEnabledProtocols(as.java:2) 
at org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67) 
at 
org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:514)

at org.apache.cassandra.net.MessagingService.listen(MessagingService.java:498) 
at org.apache.cassandra.net.MessagingService.listen(MessagingService.java:482) 
at 
org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)

at 
org.apache.cassandra.service.StorageService.initServer(StorageService.java:654) 
at 
org.apache.cassandra.service.StorageService.initServer(StorageService.java:534) 
at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:344) 
at 
org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:568) 
at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:696) 
ERROR 14:01:09 Exception encountered during startup 
java.lang.IllegalArgumentException: SSLv2Hello is not a recognized protocol. 

Who is at fault: user, Cassandra, JVM, OS? 

Thanks. 

Lou. 

On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann < [ 
mailto:marcus.haarm...@midoco.de | marcus.haarm...@midoco.de ] > wrote: 

BQ_BEGIN

Hi, 

I did take a look into the source code of 3.11, but I believe the code is more 
or less the same. 
The SSL code makes use of Java SSL Sockets so you can limit the protocols in 
the "Java way". 
The java way (at least for a recent Java 8) is to setup the protocols in the 
/lib/security/java.security file. 
Or to define a system property on the command line (-Dhttps.protocols = 
TLSv1.2,TLSv1.1,SSLv2Hello). 

There are multiple options for SSL configuration in the config 
( [ 
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLNodeToNode.html
 | 
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLNodeToNode.html
 ] ) 
The most interesting one in your situation would be the cipher_suites option, 
which allows you 
to limit the avaliable cipher suites e.g. to 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
(which is a TLS1.2-only cipher suite). 

You can check the offered protocols for your server with an open source tool 
like sslyze ( [ https://github.com/nabla-c0d3/sslyze | 
https://github.com/nabla-c0d3/sslyze ] ) 

Marcus Haarmann 

Von: "Lou DeGenaro" < [ mailto:lou.degen...@gmail.com | lou.degen...@gmail.com 
] > 
An: "user" < [ mailto:user@cassandra.apache.org | user@cassandra.apache.org ] > 
Gesendet: Dienstag, 24. April 2018 11:21:06 
Betreff: Re: How to configure Cassandra to NOT use SSLv2? 

Can someone please can tell me how to prevent Cassandra 3.0.9 from using SSLv2? 
Happy to use a newer version of Cassandra if that's what's required. 

On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro < [ mailto:lou.degen...@gmail.com 
| lou.degen...@gmail.com ] > wrote: 

BQ_BEGIN

3.0.9 

On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler < [ 
mailto:mich...@pbandjelly.org | mich...@pbandjelly.org ] > wrote: 

BQ_BEGIN
On 04/20/2018 08:46 AM, Lou DeGenaro wrote: 
> Could you be more specific? What does one specify exactly to assure 
> SSLv2 is not used for both client-server and server-server 
> communications? Example yaml statements would be wonderful. 

The defaults in cassandra.yaml have only TLS specified in the current 
branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit. 
It's possible you may be on something older - what version are we 
talking about? 

-- 
Michael

Re: Cassandra Driver Pagination

2018-04-24 Thread Andy Tolbert

Hi Ahmed,

The java driver docs do a good job explaining how the driver uses paging,
including providing a sequence diagram that describes the flow of the
process:
https://docs.datastax.com/en/developer/java-driver/3.5/manual/paging/

The driver requests X rows (5000 by default, controlled via
QueryOptions.setFetchSize
)
at a time.  When C* replies, it returns a 'paging state' id which
identifies where in the result set (partition and clustering key) to
continue retrieving the next set of rows.  When you continue iterating over
the result set in the java driver and hit the end of the current page, it
will send another request to C* using that paging state to get the next set
of rows.

Thanks,
Andy

On Tue, Apr 24, 2018 at 9:49 AM, Ahmed Eljami 
wrote:

> Hello,
>
> Can someone explain me how paging is implemented ?
>
> according to the doc of datastax, the goal  being to avoid loading much
> results in memory.
>
> Does it mean that the whole partition is not upload to heap memory?
>
>
> C* version: 2.1
>
> Java Driver version: 3.0
>
> Best regards
>
>

RE: [EXTERNAL] Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Durity, Sean R

I think I would start with the JVM. Sometimes, for export purposes, the 
cryptography extensions (JCE), are in a separate jar or package from the 
standard JRE or JVM. I haven’t used the IBM JDK, so I don’t know specifically 
about that one.

Also, perhaps the error is correct – SSLv2Hello is not a parameter that can be 
passed to the JVM. Maybe remove that option?

Sean Durity

From: Lou DeGenaro [mailto:lou.degen...@gmail.com]
Sent: Tuesday, April 24, 2018 10:08 AM
To: user@cassandra.apache.org
Subject: [EXTERNAL] Re: How to configure Cassandra to NOT use SSLv2?

Thanks for your suggestions.  I tried using the -D shown below:
degenaro@bluej421:/users/degenaro/cassandra/bluej421> ./bin/cassandra
degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl --interleave=all 
/share/ibm-jdk1.8/bin/java -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello 
-Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC -XX:+UseConcMarkSweepGC 
-XX:+CMSParallelRemarkEnabled -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1 
-XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly 
-XX:CMSWaitDuration=1...
...
WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the socket
Exception (java.lang.IllegalArgumentException) encountered during startup: 
SSLv2Hello is not a recognized protocol.
java.lang.IllegalArgumentException: SSLv2Hello is not a recognized protocol.
at com.ibm.jsse2.S.a(S.java:112)
at com.ibm.jsse2.S.b(S.java:136)
at com.ibm.jsse2.S.(S.java:177)
at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
at 
org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67)
at 
org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:514)
at 
org.apache.cassandra.net.MessagingService.listen(MessagingService.java:498)
at 
org.apache.cassandra.net.MessagingService.listen(MessagingService.java:482)
at 
org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)
at 
org.apache.cassandra.service.StorageService.initServer(StorageService.java:654)
at 
org.apache.cassandra.service.StorageService.initServer(StorageService.java:534)
at 
org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:344)
at 
org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:568)
at 
org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:696)
ERROR 14:01:09 Exception encountered during startup
java.lang.IllegalArgumentException: SSLv2Hello is not a recognized protocol.

Who is at fault: user, Cassandra, JVM, OS?
Thanks.
Lou.

On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann 
> wrote:
Hi,

I did take a look into the source code of 3.11, but I believe the code is more 
or less the same.
The SSL code makes use of Java SSL Sockets so you can limit the protocols in 
the "Java way".
The java way (at least for a recent Java 8) is to setup the protocols in the 
/lib/security/java.security file.
Or to define a system property on the command line (-Dhttps.protocols = 
TLSv1.2,TLSv1.1,SSLv2Hello).

There are multiple options for SSL configuration in the config
(https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLNodeToNode.html)
The most interesting one in your situation would be the cipher_suites option, 
which allows you
to limit the avaliable cipher suites e.g. to 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(which is a TLS1.2-only cipher suite).

You can check the offered protocols for your server with an open source tool 
like sslyze 
(https://github.com/nabla-c0d3/sslyze)

Marcus Haarmann

Von: "Lou DeGenaro" >
An: "user" >
Gesendet: Dienstag, 24. April 2018 11:21:06
Betreff: Re: How to configure Cassandra to NOT use SSLv2?

Can someone please can tell me how to prevent Cassandra 3.0.9 from using SSLv2? 
 Happy to use a newer version of Cassandra if that's what's required.

On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro 
> wrote:
3.0.9

On Fri, Apr 20, 2018 at 10:26

Cassandra Driver Pagination

2018-04-24 Thread Ahmed Eljami

Hello,

Can someone explain me how paging is implemented ?

according to the doc of datastax, the goal  being to avoid loading much
results in memory.

Does it mean that the whole partition is not upload to heap memory?


C* version: 2.1

Java Driver version: 3.0

Best regards

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro

Thanks for your suggestions.  I tried using the -D shown below:

degenaro@bluej421:/users/degenaro/cassandra/bluej421> ./bin/cassandra
> degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> --interleave=all /share/ibm-jdk1.8/bin/java
> -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello -Xloggc:./bin/../logs/gc.log
> -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly
> -XX:CMSWaitDuration=1...
> ...
> WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the socket
> Exception (java.lang.IllegalArgumentException) encountered during startup:
> SSLv2Hello is not a recognized protocol.
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
> at com.ibm.jsse2.S.a(S.java:112)
> at com.ibm.jsse2.S.b(S.java:136)
> at com.ibm.jsse2.S.(S.java:177)
> at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
> at
> org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67)
> at
> org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:514)
> at
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:498)
> at
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:482)
> at
> org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)
> at
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:654)
> at
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:534)
> at
> org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:344)
> at
> org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:568)
> at
> org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:696)
> ERROR 14:01:09 Exception encountered during startup
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
>

Who is at fault: user, Cassandra, JVM, OS?

Thanks.

Lou.






On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann 
wrote:

> Hi,
>
> I did take a look into the source code of 3.11, but I believe the code is
> more or less the same.
> The SSL code makes use of Java SSL Sockets so you can limit the protocols
> in the "Java way".
> The java way (at least for a recent Java 8) is to setup the protocols in
> the /lib/security/java.security file.
> Or to define a system property on the command line (-Dhttps.protocols =
> TLSv1.2,TLSv1.1,SSLv2Hello).
>
> There are multiple options for SSL configuration in the config
> (https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/
> secureSSLNodeToNode.html)
> The most interesting one in your situation would be the cipher_suites
> option, which allows you
> to limit the avaliable cipher suites e.g. to TLS_ECDHE_ECDSA_WITH_AES_
> 256_CBC_SHA384
> (which is a TLS1.2-only cipher suite).
>
> You can check the offered protocols for your server with an open source
> tool like sslyze (https://github.com/nabla-c0d3/sslyze)
>
> Marcus Haarmann
>
> --
> *Von: *"Lou DeGenaro" 
> *An: *"user" 
> *Gesendet: *Dienstag, 24. April 2018 11:21:06
> *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
>
> Can someone please can tell me how to prevent Cassandra 3.0.9 from using 
> SSLv2?
> Happy to use a newer version of Cassandra if that's what's required.
>
> On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro 
> wrote:
>
>> 3.0.9
>>
>> On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler 
>> wrote:
>>
>>> On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
>>> > Could you be more specific?  What does one specify exactly to assure
>>> > SSLv2 is not used for both client-server and server-server
>>> > communications?  Example yaml statements would be wonderful.
>>>
>>> The defaults in cassandra.yaml have only TLS specified in the current
>>> branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
>>> It's possible you may be on something older - what version are we
>>> talking about?
>>>
>>> --
>>> Michael
>>>
>>> -
>>> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
>>> For additional commands, e-mail: user-h...@cassandra.apache.org
>>>
>>>
>>
>

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Marcus Haarmann

Hi,

I did take a look into the source code of 3.11, but I believe the code is more
or less the same.
The SSL code makes use of Java SSL Sockets so you can limit the protocols in
the "Java way".
The java way (at least for a recent Java 8) is to setup the protocols in the
/lib/security/java.security file.
Or to define a system property on the command line (-Dhttps.protocols =
TLSv1.2,TLSv1.1,SSLv2Hello).

There are multiple options for SSL configuration in the config
(https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLNodeToNode.html)

The most interesting one in your situation would be the cipher_suites option,
which allows you
to limit the avaliable cipher suites e.g. to
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(which is a TLS1.2-only cipher suite).

You can check the offered protocols for your server with an open source tool
like sslyze (https://github.com/nabla-c0d3/sslyze)

Marcus Haarmann

Von: "Lou DeGenaro"
An: "user"
Gesendet: Dienstag, 24. April 2018 11:21:06
Betreff: Re: How to configure Cassandra to NOT use SSLv2?

Can someone please can tell me how to prevent Cassandra 3.0.9 from using SSLv2?
Happy to use a newer version of Cassandra if that's what's required.

On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro < [ mailto:lou.degen...@gmail.com
| lou.degen...@gmail.com ] > wrote:

3.0.9

On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler < [
mailto:mich...@pbandjelly.org | mich...@pbandjelly.org ] > wrote:

BQ_BEGIN
On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
> Could you be more specific? What does one specify exactly to assure
> SSLv2 is not used for both client-server and server-server
> communications? Example yaml statements would be wonderful.

The defaults in cassandra.yaml have only TLS specified in the current
branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
It's possible you may be on something older - what version are we
talking about?

--
Michael

-
To unsubscribe, e-mail: [ mailto:user-unsubscr...@cassandra.apache.org |
user-unsubscr...@cassandra.apache.org ]
For additional commands, e-mail: [ mailto:user-h...@cassandra.apache.org |
user-h...@cassandra.apache.org ]

BQ_END

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro

Can someone please can tell me how to prevent Cassandra 3.0.9 from
using SSLv2?
Happy to use a newer version of Cassandra if that's what's required.

On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro 
wrote:

> 3.0.9
>
> On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler 
> wrote:
>
>> On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
>> > Could you be more specific?  What does one specify exactly to assure
>> > SSLv2 is not used for both client-server and server-server
>> > communications?  Example yaml statements would be wonderful.
>>
>> The defaults in cassandra.yaml have only TLS specified in the current
>> branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
>> It's possible you may be on something older - what version are we
>> talking about?
>>
>> --
>> Michael
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
>> For additional commands, e-mail: user-h...@cassandra.apache.org
>>
>>
>

Integrating Apache Cassandra and Apache Ignite

2018-04-24 Thread Vishal1.Sharma

I'm trying to integrate Apache Ignite with Apache Cassandra(3.11.2) as I want 
to use Ignite to cache the data present in my already existing Cassandra 
database.
After going through the online resources, I've done the following till now:
1.  Downloaded Apache Ignite.
2.  Copied all the folders present in "libs/optional/" to "libs/"(I don't 
know which ones will be required for Cassandra).
3.  Created 3 xmls in the config folder i.e. "cassandra-config.xml", 
"connection-settings.xml" and "persistance-settings.xml". Currently I'm using 
the same node(172.16.129.68) for both Cassandra and Ignite. Please find 
attached the xml files.

4.  I run the following command to start Ignite from bin folder.
ignite.sh ../config/cassandra-config.xml

Now, I want to take a look at the cassandra table via sqlline. I've tried the 
following:
./sqlline.sh -u jdbc:cassandra://172.16.129.68:9042/test  //(test is the name 
of the keyspace)

I get the following output:
No known driver to handle "jdbc:cassandra://172.16.129.68:9042/test". Searching 
for known drivers...
java.lang.NullPointerException
sqlline version 1.3.0
0: jdbc:cassandra://172.16.129.68:9042/test>

I've also tried:
./sqlline.sh -u jdbc:ignite:thin://172.16.129.68

but when I use "!tables", I'm not able to see any table.
What exactly has been missing? How to access/modify the tables present in 
Cassandra using sqlline?

Thanks and regards,
Vishal Sharma



"Confidentiality Warning: This message and any attachments are intended only 
for the use of the intended recipient(s). 
are confidential and may be privileged. If you are not the intended recipient. 
you are hereby notified that any 
review. re-transmission. conversion to hard copy. copying. circulation or other 
use of this message and any attachments is 
strictly prohibited. If you are not the intended recipient. please notify the 
sender immediately by return email. 
and delete this message and any attachments from your system.

Virus Warning: Although the company has taken reasonable precautions to ensure 
no viruses are present in this email. 
The company cannot accept responsibility for any loss or damage arising from 
the use of this email or attachment."

http://www.springframework.org/schema/beans;
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
   xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd;>





































172.16.129.68:47500..47509







http://www.springframework.org/schema/beans;
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
   xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd;>

















-
To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
For additional commands, e-mail: user-h...@cassandra.apache.org

Re: Cassandra reaper

Re: Cassandra reaper

Re: Cassandra reaper

Re: Cassandra reaper

Re: Cassandra reaper

Cassandra reaper

Re: copy from one table to another

Re: How to configure Cassandra to NOT use SSLv2?

Re: How to configure Cassandra to NOT use SSLv2?

Re: How to configure Cassandra to NOT use SSLv2?

Re: How to configure Cassandra to NOT use SSLv2?

Re: Cassandra Driver Pagination

RE: [EXTERNAL] Re: How to configure Cassandra to NOT use SSLv2?

Cassandra Driver Pagination

Re: How to configure Cassandra to NOT use SSLv2?

Re: How to configure Cassandra to NOT use SSLv2?

Re: How to configure Cassandra to NOT use SSLv2?

Integrating Apache Cassandra and Apache Ignite

18 matches

Site Navigation

Mail list logo

Footer information