Samphel Norden created CASSANDRA-7585: -----------------------------------------
Summary: cassandra sstableloader connection refused with
inter_node_encryption
Key: CASSANDRA-7585
URL: https://issues.apache.org/jira/browse/CASSANDRA-7585
Project: Cassandra
Issue Type: Bug
Components: Core, Tools
Reporter: Samphel Norden
cassandra sstableloader connection refused with inter_node_encryption
When using sstableloader to import tables (cassandra 2.0.5) with inter-node
encryption and client encryption enabled, I get a connection refused error
I am using
sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts
/path/to/truststore -tspw <passwd> $fullpath/$table
Errors out with
Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373
WARN 17:13:34,147 Failed attempt 1 to connect to
Similar problem reported in cassandra 2.0.8 by another user
http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption
==================
Relevant cassandra.yaml snippet (with obfuscation)
server_encryption_options:
internode_encryption: all
keystore:/path/to/keystore
keystore_password: <passwd>
truststore:/path/to/truststore
truststore_password:<passwd>
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites:
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
require_client_auth: true
# enable or disable client/server encryption.
client_encryption_options:
enabled: true
keystore: /path/to/keystore
keystore_password: <truststorepasswd>
#require_client_auth: true
# Set trustore and truststore_password if require_client_auth is true
truststore:/path/to/truststore
truststore_password: <truststorepasswd>
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites:
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
======================
Note that by setting inter-node encryption to "none" sstableloader works.. but
setting it to "all" fails... It seems like sstableloader uses 7000 is my guess
instead of using the ssl port 7001 for streaming/gossip.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
