[
https://issues.apache.org/jira/browse/CASSANDRA-17602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17532738#comment-17532738
]
Aswin Karthik commented on CASSANDRA-17602:
-------------------------------------------
Cassandra version: *4.0.1*
*Does not work:*
The following scenario does not work in 4.x. I also do not overwrite the
conf/cassandra.yaml
{noformat}
bin/sstableloader -d <seed_1_ip>:10052,<seed_2_ip>:10052,<seed_3_ip>:10052 -ts
<path-to-ts> -tspw <tspassword> -ks <path-to-ks> -kspw <kspassword> -ap
<ACustomAuthProviderClass> -p 10052 -sp 11052 -ssp 11052 -f
/backuprestore-cassandra.yaml <dirpath>
{noformat}
contents of /backuprestore-cassandra.yaml
{noformat}
server_encryption_options:
internode_encryption: all
protocol: TLSv1.2
algorithm: PKIX
store_type: PKCS12
cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
require_client_auth: true
keystore: <path-to-ks>
truststore: <path-to-ts>
client_encryption_options:
enabled: true
optional: false
protocol: TLSv1.2
algorithm: PKIX
store_type: PKCS12
cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
stream_throughput_outbound_megabits_per_sec: 5000
{noformat}
And the contents conf/cassandra.yaml is just usual defaults.
The above setup works in 3.x provided I remove the ports from the seeds.
*What works in 4.x:*
{noformat}
cp /backuprestore-cassandra.yaml conf/cassandra.yaml
bin/sstableloader -d <seed_1_ip>:10052,<seed_2_ip>:10052,<seed_3_ip>:10052 -ts
<path-to-ts> -tspw <tspassword> -ks <path-to-ks> -kspw <kspassword> -ap
<ACustomAuthProviderClass> -p 10052 -sp 11052 -ssp 11052 -f
/backuprestore-cassandra.yaml <dirpath>
{noformat}
And contents of /backuprestore-cassandra.yaml (or) conf/cassandra.yaml
{noformat}
server_encryption_options:
internode_encryption: all
protocol: TLSv1.2
algorithm: PKIX
store_type: PKCS12
cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
require_client_auth: true
keystore: <path-to-ks>
truststore: <path-to-ts>
client_encryption_options:
enabled: true
optional: false
protocol: TLSv1.2
algorithm: PKIX
store_type: PKCS12
cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
stream_throughput_outbound_megabits_per_sec: 5000
commitlog_sync: periodic
commitlog_sync_period_in_ms: 10000
partitioner: org.apache.cassandra.dht.Murmur3Partitioner
endpoint_snitch: GossipingPropertyFileSnitch
{noformat}
The last four configs also need to be added for this to work
> sstableloader not respecting conf-path flag
> -------------------------------------------
>
> Key: CASSANDRA-17602
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17602
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/bulk load
> Reporter: Aswin Karthik
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.0.x, 4.1.x
>
>
> Hello,
> sstableloader does not seem to respect the config file flag (-f) and the
> storage port flag.
>
> We run our cluster on a different storage port with encryption. We construct
> a YAML with {{server_encryption_options}} and {{client_encryption_options}}
> and pass the storage port flag (both {{-sp}} and {{-ssp}}).
>
> However, we noticed that both the storage port flag and encryption settings
> are getting picked from the default config file {{conf/cassandra.yaml}} and
> ends up connecting to 7000 port unencrypted. As a workaround, we have added
> the storage port configuration to the YAML and copy our configuration file
> and overwrite the {{conf/cassandra.yaml}} and it is working now.
>
> Also to be noted that using the {{-f}} works in Cassandra 3.x. The bug seems
> to be present in 4.x versions only.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
