[
https://issues.apache.org/jira/browse/CASSANDRA-9325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
J.B. Langston updated CASSANDRA-9325:
-------------------------------------
Description:
Even though it shouldn't be required unless client certificate authentication
is enabled, the stress tool is looking for a keystore in the default location
of conf/.keystore with the default password of cassandra. There is no command
line option to override these defaults so you have to provide a keystore that
satisfies the default. It looks for conf/.keystore in the working directory, so
you need to create this in the directory you are running cassandra-stress
from.It doesn't really matter what's in the keystore; it just needs to exist in
the expected location and have a password of cassandra.
Since the keystore might be required if client certificate authentication is
enabled, we need to add -transport parameters for keystore and
keystore-password. Ideally, these should be optional and stress shouldn't
require the keystore unless client certificate authentication is enabled on the
server.
In case it wasn't apparent, this is for Cassandra 2.1 and later's stress tool.
I actually had even more problems getting Cassandra 2.0's stress tool working
with SSL and gave up on it. We probably don't need to fix 2.0; we can just
document that it doesn't support SSL and recommend using 2.1 instead.
was:
Even though it shouldn't be required unless client certificate authentication
is enabled, the stress tool is looking for a keystore in the default location
of conf/.keystore with the default password of cassandra. There is no command
line option to override these defaults so you have to provide a keystore that
satisfies the default. It looks for conf/.keystore in the working directory, so
you need to create this in the directory you are running cassandra-stress
from.It doesn't really matter what's in the keystore; it just needs to exist in
the expected location and have a password of cassandra.
Since the keystore might be required if client certificate authentication is
enabled, we need to add -transport parameters for keystore and
keystore-password. These should be optional unless client certificate
authentication is enabled on the server.
In case it wasn't apparent, this is for Cassandra 2.1 and later's stress tool.
I actually had even more problems getting Cassandra 2.0's stress tool working
with SSL and gave up on it. We probably don't need to fix 2.0; we can just
document that it doesn't support SSL and recommend using 2.1 instead.
> cassandra-stress requires keystore for SSL but provides no way to configure it
> ------------------------------------------------------------------------------
>
> Key: CASSANDRA-9325
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9325
> Project: Cassandra
> Issue Type: Bug
> Reporter: J.B. Langston
>
> Even though it shouldn't be required unless client certificate authentication
> is enabled, the stress tool is looking for a keystore in the default location
> of conf/.keystore with the default password of cassandra. There is no command
> line option to override these defaults so you have to provide a keystore that
> satisfies the default. It looks for conf/.keystore in the working directory,
> so you need to create this in the directory you are running cassandra-stress
> from.It doesn't really matter what's in the keystore; it just needs to exist
> in the expected location and have a password of cassandra.
> Since the keystore might be required if client certificate authentication is
> enabled, we need to add -transport parameters for keystore and
> keystore-password. Ideally, these should be optional and stress shouldn't
> require the keystore unless client certificate authentication is enabled on
> the server.
> In case it wasn't apparent, this is for Cassandra 2.1 and later's stress
> tool. I actually had even more problems getting Cassandra 2.0's stress tool
> working with SSL and gave up on it. We probably don't need to fix 2.0; we
> can just document that it doesn't support SSL and recommend using 2.1 instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
