[
https://issues.apache.org/jira/browse/CASSANDRA-17602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17536621#comment-17536621
]
Stefan Miklosovic commented on CASSANDRA-17602:
-----------------------------------------------
This is interesting problem. So, there is an option introduced in 4.x in
server_encryption_options called "enable_legacy_ssl_storage_port" which is by
default false.
If I set enable_legacy_ssl_storage_port to true and I configure storage_port
and ssl_storage_port in nodes's cassandra.yaml and I specify both sp and ssp
and the command line, this example works ok.
If I change ssp to something else from what is in cassandra.yaml, it will not
work, I see that it will use the changed ssp port in the exception but since it
is not equal to ssl_storage_port in cassandra.yaml, it will fail.
However, if I set that enable_legacy_ssl_storage_port to false (which is
default), then no matter what I set ssp to, it will not connect. It sees that
you are trying to connect via ssl, so it tries to talk via ssp you set, but
since you have not enabled that legacy port, it will fail.
The workaround here is to set enable_legacy_ssl_storage_port to true in
cassandra.yaml if you want to talk to it securely via ssp in loader.
I think this is a bug but not like what we were thinking initially it was. I
think the solution is to be able to load sstables even legacy ssl port is not
enabled and it should then talk via normal storage port but it is not happening.
> sstableloader not respecting conf-path flag
> -------------------------------------------
>
> Key: CASSANDRA-17602
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17602
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/bulk load
> Reporter: Aswin Karthik
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.0.x, 4.1-beta
>
>
> Hello,
> sstableloader does not seem to respect the config file flag (-f) and the
> storage port flag.
>
> We run our cluster on a different storage port with encryption. We construct
> a YAML with {{server_encryption_options}} and {{client_encryption_options}}
> and pass the storage port flag (both {{-sp}} and {{-ssp}}).
>
> However, we noticed that both the storage port flag and encryption settings
> are getting picked from the default config file {{conf/cassandra.yaml}} and
> ends up connecting to 7000 port unencrypted. As a workaround, we have added
> the storage port configuration to the YAML and copy our configuration file
> and overwrite the {{conf/cassandra.yaml}} and it is working now.
>
> Also to be noted that using the {{-f}} works in Cassandra 3.x. The bug seems
> to be present in 4.x versions only.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
