Oracle: unexpected operator

2019-05-10 Thread Lou DeGenaro 
cassandra-server/bin$ ./nodetool help
./nodetool: 333: [: Oracle: unexpected operator
usage: nodetool [(-u  | --username )]
...

Why might I get the above "unexpected error"?

Thx.

Lou.

Re: snapshot strategy?

2018-11-05 Thread Lou DeGenaro 
Alain,

Thanks for the suggestion, but I think I did not make myself clear.  In
order to utilize disk space efficiently, we want to keep snapshots that are
no older than X days old while purging the older ones.   My understanding
is that there are 2 kinds of snapshots :  (a) those created on demand by
given name and (b) those create automatically, for example as a result of a
TRUNCATE, that do not have a well known name. To get rid of the given name
ones (a) seems straight forward.  How do I locate and get rid of the
automatically created  (b) ones?

Or if I am under some misconception, I'd be happily educated.

Thanks.

Lou.

On Mon, Nov 5, 2018 at 3:49 PM Alain RODRIGUEZ  wrote:

> Hello Lou,
>
> how do you clear the automatic ones (e.g. names unknown) without clearing
>> the named ones?
>>
>
> The option '-t' might be what you are looking for: 'nodetool clearsnapshot
> -t nameOfMySnapshot'.
>
> From the documentation here:
> http://cassandra.apache.org/doc/latest/tools/nodetool/clearsnapshot.html?highlight=clearsnapshot
>
> Le lun. 5 nov. 2018 à 13:38, Lou DeGenaro  a
> écrit :
>
>> The issue really is how to manage disk space.  It is certainly possible
>> to take snapshots by name and delete them by name, perhaps one for each day
>> of the week.  But how do you clear the automatic ones (e.g. names unknown)
>> without clearing the named ones?
>>
>> Thanks.
>>
>> Lou.
>>
>> On Fri, Nov 2, 2018 at 12:28 PM Oleksandr Shulgin <
>> oleksandr.shul...@zalando.de> wrote:
>>
>>> On Fri, Nov 2, 2018 at 5:15 PM Lou DeGenaro 
>>> wrote:
>>>
>>>> I'm looking to hear how others are coping with snapshots.
>>>>
>>>> According to the doc:
>>>> https://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsBackupDeleteSnapshot.html
>>>>
>>>> *When taking a snapshot, previous snapshot files are not automatically
>>>> deleted. You should remove old snapshots that are no longer needed.*
>>>>
>>>> *The nodetool clearsnapshot
>>>> <https://docs.datastax.com/en/cassandra/3.0/cassandra/tools/toolsClearSnapShot.html>
>>>> command removes all existing snapshot files from the snapshot directory of
>>>> each keyspace. You should make it part of your back-up process to clear old
>>>> snapshots before taking a new one.*
>>>>
>>>> But if you delete first, then there is a window of time when no
>>>> snapshot exists until the new one is created.  And with a single snapshot
>>>> there is no recovery further back than it.
>>>>
>>> You can also delete specific snapshot, by passing its name to the
>>> clearsnapshot command.  For example, you could use snapshot date as part of
>>> the name.  This will also prevent removing snapshots which were taken for
>>> reasons other than backup, like the automatic snapshot due to running
>>> TRUNCATE or DROP commands, or any other snapshots which might have been
>>> created manually by the operators.
>>>
>>> Regards,
>>> --
>>> Alex
>>>
>>>

Re: snapshot strategy?

2018-11-05 Thread Lou DeGenaro 
The issue really is how to manage disk space.  It is certainly possible to
take snapshots by name and delete them by name, perhaps one for each day of
the week.  But how do you clear the automatic ones (e.g. names unknown)
without clearing the named ones?

Thanks.

Lou.

On Fri, Nov 2, 2018 at 12:28 PM Oleksandr Shulgin <
oleksandr.shul...@zalando.de> wrote:

> On Fri, Nov 2, 2018 at 5:15 PM Lou DeGenaro 
> wrote:
>
>> I'm looking to hear how others are coping with snapshots.
>>
>> According to the doc:
>> https://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsBackupDeleteSnapshot.html
>>
>> *When taking a snapshot, previous snapshot files are not automatically
>> deleted. You should remove old snapshots that are no longer needed.*
>>
>> *The nodetool clearsnapshot
>> <https://docs.datastax.com/en/cassandra/3.0/cassandra/tools/toolsClearSnapShot.html>
>> command removes all existing snapshot files from the snapshot directory of
>> each keyspace. You should make it part of your back-up process to clear old
>> snapshots before taking a new one.*
>>
>> But if you delete first, then there is a window of time when no snapshot
>> exists until the new one is created.  And with a single snapshot there is
>> no recovery further back than it.
>>
> You can also delete specific snapshot, by passing its name to the
> clearsnapshot command.  For example, you could use snapshot date as part of
> the name.  This will also prevent removing snapshots which were taken for
> reasons other than backup, like the automatic snapshot due to running
> TRUNCATE or DROP commands, or any other snapshots which might have been
> created manually by the operators.
>
> Regards,
> --
> Alex
>
>

snapshot strategy?

2018-11-02 Thread Lou DeGenaro 
I'm looking to hear how others are coping with snapshots.

According to the doc:
https://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsBackupDeleteSnapshot.html

*When taking a snapshot, previous snapshot files are not automatically
deleted. You should remove old snapshots that are no longer needed.*

*The nodetool clearsnapshot

command removes all existing snapshot files from the snapshot directory of
each keyspace. You should make it part of your back-up process to clear old
snapshots before taking a new one.*

But if you delete first, then there is a window of time when no snapshot
exists until the new one is created.  And with a single snapshot there is
no recovery further back than it.

Please advise.

Thanks.

Lou.

Re: nodetool listsnapshots

2018-11-02 Thread Lou DeGenaro 
Is more information needed, for example from logs or verbose running?  Is
anyone else seeing this behaviour?

Thanks.

Lou.

On 2018/10/30 15:36:38, Lou DeGenaro  wrote:
> It seems that "nodetool listsnapshots" is unreliable?>
>
> 1. when issued, nodetool listsnapshots reports there are no snapshops.>
> 2. when navigating through the filesystem, one can see clearly that
there>
> are snapshots>
> 3. when issued, nodetool clearsnapshot removes them!>
>
> Some sanitized evidence below.>
>
> Is "nodetool listsnapshots" broken or it is user error?>
>
> Lou.>
>
> ->
>
> [user@node]$ nodetool version>
> ReleaseVersion: 3.0.9>
> []user@node$ nodetool listsnapshots>
> Snapshot Details:>
> There are no snapshots[user@node]$>
> [user@node]$ nodetool  tablestats -- keyspace.tablename>
> Keyspace: keyspace>
> Read Count: 15>
> Read Latency: 1.54693335 ms.>
> Write Count: 254>
> Write Latency: 0.021818897637795275 ms.>
> Pending Flushes: 0>
> Table: tablename>
> SSTable count: 0>
> Space used (live): 0>
> Space used (total): 0>
> Space used by snapshots (total): 0>
> $ du -s tablename-66cad240c8a411e89e9ad7bcfb03d529/*>
> 0tablename-66cad240c8a411e89e9ad7bcfb03d529/backups>
> 714964tablename-66cad240c8a411e89e9ad7bcfb03d529/snapshots>
>

nodetool listsnapshots

2018-10-30 Thread Lou DeGenaro 
It seems that "nodetool listsnapshots" is unreliable?

1. when issued, nodetool listsnapshots reports there are no snapshops.
2. when navigating through the filesystem, one can see clearly that there
are snapshots
3. when issued, nodetool clearsnapshot removes them!

Some sanitized evidence below.

Is "nodetool listsnapshots" broken or it is user error?

Lou.

-

[user@node]$ nodetool version
ReleaseVersion: 3.0.9
[]user@node$ nodetool listsnapshots
Snapshot Details:
There are no snapshots[user@node]$
[user@node]$ nodetool  tablestats -- keyspace.tablename
Keyspace: keyspace
Read Count: 15
Read Latency: 1.54693335 ms.
Write Count: 254
Write Latency: 0.021818897637795275 ms.
Pending Flushes: 0
Table: tablename
SSTable count: 0
Space used (live): 0
Space used (total): 0
Space used by snapshots (total): 0
$ du -s tablename-66cad240c8a411e89e9ad7bcfb03d529/*
0tablename-66cad240c8a411e89e9ad7bcfb03d529/backups
714964tablename-66cad240c8a411e89e9ad7bcfb03d529/snapshots

nodetool clearsnapshot -t 1537185517560-rmsharesducc

2018-09-27 Thread Lou DeGenaro 
Hello,

I issue the subject command running Cassandra 2.2.12 and get this response:

Requested clearing snapshot(s) for [all keyspaces] with snapshot name
[1537185517560-rmsharesducc]

But the snapshot does not go away.

degenaro@myhost1:~>
/users1/degenaro/svn/apache/ducc/workspace-trunk/cassandra-2.2.12/apache-cassandra-2.2.12/bin/nodetool
listsnapshotsSnapshot Details:
Snapshot name   Keyspace nameColumn family
name   True size  Size on disk
1537184548695-rmloadducc
rmload   0 bytes13 bytes
1537184548657-rmsharesducc
rmshares 0 bytes13 bytes
1537184548620-rmnodesducc
rmnodes  0 bytes13 bytes
1537185517479-rmnodesducc
rmnodes  6.06 KB20.36 KB
1537185517617-rmloadducc
rmload   4.79 KB4.82 KB
1537174548695-rmloadducc
rmload   4.79 KB4.82 KB
1537185517560-rmsharesducc
rmshares 4.9 KB 4.93 KB
1537115517479-rmnodesducc
rmnodes  6.06 KB20.36 KB

Have tried other snapshots with same disappointing result.  What am I doing
wrong, please?

Thanks.

Lou.

Re: com.datastax.driver.core.exceptions.NoHostAvailableException

2018-04-26 Thread Lou DeGenaro 
Good call! Java client was using Cassandra 2.11 lib jars in classpath.
Switching to Cassandra 3.11 jars in Java client classpath works!

Thx!

Lou.

On Thu, Apr 26, 2018 at 10:30 AM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> On 04/26/2018 09:17 AM, Lou DeGenaro wrote:
> >
> > I started fresh and edited the 3.11 cassandra.yaml file.  Here are the
> > exact changes:
> >
> > diff cassandra.yaml cassandra.yaml.orig
> > 425c425
> > <   - seeds: "bluej421"
> > ---
> >>   - seeds: "127.0.0.1"
> > 599c599
> > < listen_address: bluej421
> > ---
> >> listen_address: localhost
> > 676c676
> > < rpc_address: bluej421
> > ---
> >> rpc_address: localhost
> >
> > I made no other changes to Cassandra.  After launching server, cqlsh
> > client works.
>
> cqlsh uses embedded python driver. Good check, server is running.
>
> > My java client fails just the same.
>
> Check your java driver version is compatible with your version of
> Cassandra. See Andy Tolbert's comment on
> https://datastax-oss.atlassian.net/browse/JAVA-1092
>
> The system tables changed in 3.0+.
> (I hope this guess is close than my last couple :) )
>
> --
> Michael
>
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
>
>

Re: com.datastax.driver.core.exceptions.NoHostAvailableException

2018-04-26 Thread Lou DeGenaro 
I did not realize that the 3.0.9 cassandra.yaml file is not compatible with
3.11??

I started fresh and edited the 3.11 cassandra.yaml file.  Here are the
exact changes:

diff cassandra.yaml cassandra.yaml.orig
425c425
<   - seeds: "bluej421"
---
>   - seeds: "127.0.0.1"
599c599
< listen_address: bluej421
---
> listen_address: localhost
676c676
< rpc_address: bluej421
---
> rpc_address: localhost

I made no other changes to Cassandra.  After launching server, cqlsh client
works.  My java client fails just the same.

Lou.

On Thu, Apr 26, 2018 at 10:03 AM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> OK, thanks for the extra info.
>
> Hmm.. `unconfigured table schema_keyspaces`
>
> Seems like an incomplete upgrade to 3.0.9 (and now 3.11.2) from some
> earlier version, which used schema_columnfamilies, I think?
>
> --
> Michael
>
> On 04/26/2018 08:55 AM, Lou DeGenaro wrote:
> > Sorry, my mistake.  Everything is bluej421.  I tried  to (but in hind
> > sight should not have) edit the append to make the host more generic.
> > The actual experiment uses bluej421 everywhere.
> >
> > cqlsh from the same host works fine with the same exact host specified
> > as CQLSH_HOST.
> >
> > I just now installed apache-cassandra-3.11.2-bin.tar.gz and the problem
> > persists.
> >
> >
> >
> > On Thu, Apr 26, 2018 at 9:45 AM, Michael Shuler <mich...@pbandjelly.org
> > <mailto:mich...@pbandjelly.org>> wrote:
> >
> > host421 != bluej421
> > My guess is 192.168.3.232 != {host421,bluej421} somewhere.
> >
> > If DNS hostnames are being used, the DNS infrastructure needs to be
> spot
> > on, forward and reverse. If the DNS infrastructure is /etc/hosts,
> those
> > hosts entries need to be spot on for the entire cluster, forward and
> > reverse.
> >
> > `ping` your hosts from nodes themselves and from remote nodes. Check
> the
> > listening ports on all nodes with `netstat`. `telnet $host $port`
> >     locally and remotely. Were the results expected?
> >
> > Basically, if using DNS, it has to be right everywhere and a lot of
> > people get DNS wrong.
> >
> > --
> > Kind regards,
> > Michael
> >
> > On 04/26/2018 08:17 AM, Lou DeGenaro wrote:
> > > version: cassandra-3.0.9
> > >
> > > conf/cassnadra.yaml changes:
> > >
> > >   - seeds: "host421"
> > > listen_address: host421
> > > rpc_address: host421
> > >
> > >
> > > Java client:
> > >
> > > package database.tools;
> > >
> > > import java.net.InetSocketAddress;
> > > import java.util.Map;
> > > import java.util.Map.Entry;
> > >
> > > import com.datastax.driver.core.AuthProvider;
> > > import com.datastax.driver.core.Cluster;
> > > import com.datastax.driver.core.PlainTextAuthProvider;
> > > import com.datastax.driver.core.Session;
> > > import
> > com.datastax.driver.core.exceptions.NoHostAvailableException;
> > >
> > > public class Creator {
> > >
> > > private static Cluster cluster;
> > > private static Session session = null;
> > >
> > > private static String dburl = "host421";
> > >
> > > public static void main(String[] args) {
> > > try {
> > > AuthProvider auth = new
> > > PlainTextAuthProvider("cassandra", "cassandra");
> > > cluster = Cluster.builder()
> > > .withAuthProvider(auth)
> > > .addContactPoint(dburl)
> > > .build();
> > >
> > > session = cluster.connect();
> > > }
> > > catch(NoHostAvailableException e) {
> > > e.printStackTrace();
> > > Map<InetSocketAddress, Throwable> map =
> e.getErrors();
> > > for(Entry<InetSocketAddress, Throwable> entry :
> > > map.entrySet()) {
> > > Throwable t = entry.getValue();
> > > t.printStackTrace();
> > >

Re: com.datastax.driver.core.exceptions.NoHostAvailableException

2018-04-26 Thread Lou DeGenaro 
Sorry, my mistake.  Everything is bluej421.  I tried  to (but in hind sight
should not have) edit the append to make the host more generic.  The actual
experiment uses bluej421 everywhere.

cqlsh from the same host works fine with the same exact host specified as
CQLSH_HOST.

I just now installed apache-cassandra-3.11.2-bin.tar.gz and the problem
persists.



On Thu, Apr 26, 2018 at 9:45 AM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> host421 != bluej421
> My guess is 192.168.3.232 != {host421,bluej421} somewhere.
>
> If DNS hostnames are being used, the DNS infrastructure needs to be spot
> on, forward and reverse. If the DNS infrastructure is /etc/hosts, those
> hosts entries need to be spot on for the entire cluster, forward and
> reverse.
>
> `ping` your hosts from nodes themselves and from remote nodes. Check the
> listening ports on all nodes with `netstat`. `telnet $host $port`
> locally and remotely. Were the results expected?
>
> Basically, if using DNS, it has to be right everywhere and a lot of
> people get DNS wrong.
>
> --
> Kind regards,
> Michael
>
> On 04/26/2018 08:17 AM, Lou DeGenaro wrote:
> > version: cassandra-3.0.9
> >
> > conf/cassnadra.yaml changes:
> >
> >   - seeds: "host421"
> > listen_address: host421
> > rpc_address: host421
> >
> >
> > Java client:
> >
> > package database.tools;
> >
> > import java.net.InetSocketAddress;
> > import java.util.Map;
> > import java.util.Map.Entry;
> >
> > import com.datastax.driver.core.AuthProvider;
> > import com.datastax.driver.core.Cluster;
> > import com.datastax.driver.core.PlainTextAuthProvider;
> > import com.datastax.driver.core.Session;
> > import com.datastax.driver.core.exceptions.NoHostAvailableException;
> >
> > public class Creator {
> >
> > private static Cluster cluster;
> > private static Session session = null;
> >
> > private static String dburl = "host421";
> >
> > public static void main(String[] args) {
> > try {
> > AuthProvider auth = new
> > PlainTextAuthProvider("cassandra", "cassandra");
> > cluster = Cluster.builder()
> > .withAuthProvider(auth)
> > .addContactPoint(dburl)
> > .build();
> >
> > session = cluster.connect();
> > }
> > catch(NoHostAvailableException e) {
> > e.printStackTrace();
> > Map<InetSocketAddress, Throwable> map = e.getErrors();
> > for(Entry<InetSocketAddress, Throwable> entry :
> > map.entrySet()) {
> > Throwable t = entry.getValue();
> > t.printStackTrace();
> > }
> > }
> > catch(Exception e) {
> > e.printStackTrace();
> > }
> > }
> >
> > }
> >
> >
> > Result:
> >
> >  INFO | Found Netty's native epoll transport in the classpath, using
> it
> > com.datastax.driver.core.exceptions.NoHostAvailableException: All
> > host(s) tried for query failed (tried: bluej421/192.168.3.232:9042
> > <http://192.168.3.232:9042>
> > (com.datastax.driver.core.exceptions.InvalidQueryException:
> > unconfigured table schema_keyspaces))
> > at
> > com.datastax.driver.core.ControlConnection.reconnectInternal(
> ControlConnection.java:227)
> > at
> > com.datastax.driver.core.ControlConnection.connect(
> ControlConnection.java:86)
> > at com.datastax.driver.core.Cluster$Manager.init(Cluster.
> java:1409)
> > at com.datastax.driver.core.Cluster.init(Cluster.java:160)
> > at com.datastax.driver.core.Cluster.connectAsync(Cluster.
> java:338)
> > at com.datastax.driver.core.Cluster.connectAsync(Cluster.
> java:311)
> > at com.datastax.driver.core.Cluster.connect(Cluster.java:250)
> > at org.apache.uima.ducc.database.tools.Creator.main(Creator.
> java:28)
> > com.datastax.driver.core.exceptions.InvalidQueryException:
> > unconfigured table schema_keyspaces
> > at
> > com.datastax.driver.core.Responses$Error.asException(
> Responses.java:102)
> > at
> > com.datastax.driver.core.Def

com.datastax.driver.core.exceptions.NoHostAvailableException

2018-04-26 Thread Lou DeGenaro 
version: cassandra-3.0.9

conf/cassnadra.yaml changes:
>
>   - seeds: "host421"
> listen_address: host421
> rpc_address: host421
>

Java client:

package database.tools;
>
> import java.net.InetSocketAddress;
> import java.util.Map;
> import java.util.Map.Entry;
>
> import com.datastax.driver.core.AuthProvider;
> import com.datastax.driver.core.Cluster;
> import com.datastax.driver.core.PlainTextAuthProvider;
> import com.datastax.driver.core.Session;
> import com.datastax.driver.core.exceptions.NoHostAvailableException;
>
> public class Creator {
>
> private static Cluster cluster;
> private static Session session = null;
>
> private static String dburl = "host421";
>
> public static void main(String[] args) {
> try {
> AuthProvider auth = new PlainTextAuthProvider("cassandra",
> "cassandra");
> cluster = Cluster.builder()
> .withAuthProvider(auth)
> .addContactPoint(dburl)
> .build();
>
> session = cluster.connect();
> }
> catch(NoHostAvailableException e) {
> e.printStackTrace();
> Map map = e.getErrors();
> for(Entry entry :
> map.entrySet()) {
> Throwable t = entry.getValue();
> t.printStackTrace();
> }
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> }
>
> }
>

Result:

 INFO | Found Netty's native epoll transport in the classpath, using it
> com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s)
> tried for query failed (tried: bluej421/192.168.3.232:9042
> (com.datastax.driver.core.exceptions.InvalidQueryException: unconfigured
> table schema_keyspaces))
> at
> com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:227)
> at
> com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:86)
> at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1409)
> at com.datastax.driver.core.Cluster.init(Cluster.java:160)
> at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:338)
> at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:311)
> at com.datastax.driver.core.Cluster.connect(Cluster.java:250)
> at org.apache.uima.ducc.database.tools.Creator.main(Creator.java:28)
> com.datastax.driver.core.exceptions.InvalidQueryException: unconfigured
> table schema_keyspaces
> at
> com.datastax.driver.core.Responses$Error.asException(Responses.java:102)
> at
> com.datastax.driver.core.DefaultResultSetFuture.onSet(DefaultResultSetFuture.java:149)
> at
> com.datastax.driver.core.DefaultResultSetFuture.onSet(DefaultResultSetFuture.java:167)
> at
> com.datastax.driver.core.Connection$Dispatcher.channelRead0(Connection.java:1013)
> at
> com.datastax.driver.core.Connection$Dispatcher.channelRead0(Connection.java:936)
> at
> io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at
> io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:254)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at
> io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:242)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847)
> at
> io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
> at
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326)
> at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264)
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
> at java.lang.Thread.run(Thread.java:811)
>

Surely user error, but what is being done wrongly please?

Thanks.

Lou.

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro 
Here's is what I was told by IBM JVM Support:

...the string "SSLv2Hello" is not supported in IBM JVM but
> more importantly, the protocol SSLv2 is no longer a valid protocol in
> our JVM.
> We don't even have SSLv3 enabled by default due to the HIGH severity
> vulnerabilities this protocol has.
>
> Is there anything I can do to use IBM JVM and Cassandra with encryption?

Thanks.

Lou.

On Tue, Apr 24, 2018 at 12:41 PM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> Correct!
>
> Thanks for the trace, Lou.
>
> SSLFactory.java:67 specifies a list of protocols, including SSLv2Hello.
>
> "It [IBM JSSE] does not support specifying SSLv2Hello."
> https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.
> 0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/
> knowndiffsun.html
>
> Apache Cassandra is tested on Oracle JDK and OpenJDK. Use a supported
> version of either of those, and this problem should go away.
> Alternatively, do a custom build of Cassandra, if you must run a
> little-used JDK?
>
> Also, just for a little additional info, SSLv2Hello != SSLv2, so I do
> not believe that there is a worry about some weak protocol here.
> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4915862
>
> --
> Kind regards,
> Michael
>
> On 04/24/2018 11:23 AM, Marcus Haarmann wrote:
> > OK, this is IBM JDK. The options might differ. I have been searching for
> > Oracle Java options.
> > You will need to consult the IBM documentation in this case.
> >
> > Marcus Haarmann
> >
> > 
> > *Von: *"Lou DeGenaro" <lou.degen...@gmail.com>
> > *An: *"user" <user@cassandra.apache.org>
> > *Gesendet: *Dienstag, 24. April 2018 16:08:06
> > *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
> >
> > Thanks for your suggestions.  I tried using the -D shown below:
> >
> > degenaro@bluej421:/users/degenaro/cassandra/bluej421>
> ./bin/cassandra
> > degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> > --interleave=all /share/ibm-jdk1.8/bin/java
> > -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello
> > -Xloggc:./bin/../logs/gc.log -XX:+UseParNewGC
> > -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> > -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> > -XX:CMSInitiatingOccupancyFraction=75
> > -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSWaitDuration=1...
> > ...
> > WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the
> socket
> > Exception (java.lang.IllegalArgumentException) encountered during
> > startup: SSLv2Hello is not a recognized protocol.
> > java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> > protocol.
> > at com.ibm.jsse2.S.a(S.java:112)
> > at com.ibm.jsse2.S.b(S.java:136)
> > at com.ibm.jsse2.S.(S.java:177)
> > at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
> > at
> > org.apache.cassandra.security.SSLFactory.getServerSocket(
> SSLFactory.java:67)
> > at
> > org.apache.cassandra.net.MessagingService.getServerSockets(
> MessagingService.java:514)
> > at
> > org.apache.cassandra.net.MessagingService.listen(
> MessagingService.java:498)
> > at
> > org.apache.cassandra.net.MessagingService.listen(
> MessagingService.java:482)
> > at
> > org.apache.cassandra.service.StorageService.prepareToJoin(
> StorageService.java:765)
> > at
> > org.apache.cassandra.service.StorageService.initServer(
> StorageService.java:654)
> > at
> > org.apache.cassandra.service.StorageService.initServer(
> StorageService.java:534)
> > at
> > org.apache.cassandra.service.CassandraDaemon.setup(
> CassandraDaemon.java:344)
> > at
> > org.apache.cassandra.service.CassandraDaemon.activate(
> CassandraDaemon.java:568)
> > at
> > org.apache.cassandra.service.CassandraDaemon.main(
> CassandraDaemon.java:696)
> > ERROR 14:01:09 Exception encountered during startup
> > java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> > protocol.
> >
> >
> > Who is at fault: user, Cassandra, JVM, OS?
> &g

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro 
Thanks for your suggestions.  I tried using the -D shown below:

degenaro@bluej421:/users/degenaro/cassandra/bluej421> ./bin/cassandra
> degenaro@bluej421:/users/degenaro/cassandra/bluej421> numactl
> --interleave=all /share/ibm-jdk1.8/bin/java
> -Dhttps.protocols=TLSv1.2,TLSv1.1,SSLv2Hello -Xloggc:./bin/../logs/gc.log
> -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled
> -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=1
> -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly
> -XX:CMSWaitDuration=1...
> ...
> WARN  14:01:09 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] as it isn't supported by the socket
> Exception (java.lang.IllegalArgumentException) encountered during startup:
> SSLv2Hello is not a recognized protocol.
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
> at com.ibm.jsse2.S.a(S.java:112)
> at com.ibm.jsse2.S.b(S.java:136)
> at com.ibm.jsse2.S.(S.java:177)
> at com.ibm.jsse2.as.setEnabledProtocols(as.java:2)
> at
> org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:67)
> at
> org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:514)
> at
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:498)
> at
> org.apache.cassandra.net.MessagingService.listen(MessagingService.java:482)
> at
> org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:765)
> at
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:654)
> at
> org.apache.cassandra.service.StorageService.initServer(StorageService.java:534)
> at
> org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:344)
> at
> org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:568)
> at
> org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:696)
> ERROR 14:01:09 Exception encountered during startup
> java.lang.IllegalArgumentException: SSLv2Hello is not a recognized
> protocol.
>

Who is at fault: user, Cassandra, JVM, OS?

Thanks.

Lou.






On Tue, Apr 24, 2018 at 9:43 AM, Marcus Haarmann <marcus.haarm...@midoco.de>
wrote:

> Hi,
>
> I did take a look into the source code of 3.11, but I believe the code is
> more or less the same.
> The SSL code makes use of Java SSL Sockets so you can limit the protocols
> in the "Java way".
> The java way (at least for a recent Java 8) is to setup the protocols in
> the /lib/security/java.security file.
> Or to define a system property on the command line (-Dhttps.protocols =
> TLSv1.2,TLSv1.1,SSLv2Hello).
>
> There are multiple options for SSL configuration in the config
> (https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/
> secureSSLNodeToNode.html)
> The most interesting one in your situation would be the cipher_suites
> option, which allows you
> to limit the avaliable cipher suites e.g. to TLS_ECDHE_ECDSA_WITH_AES_
> 256_CBC_SHA384
> (which is a TLS1.2-only cipher suite).
>
> You can check the offered protocols for your server with an open source
> tool like sslyze (https://github.com/nabla-c0d3/sslyze)
>
> Marcus Haarmann
>
> --
> *Von: *"Lou DeGenaro" <lou.degen...@gmail.com>
> *An: *"user" <user@cassandra.apache.org>
> *Gesendet: *Dienstag, 24. April 2018 11:21:06
> *Betreff: *Re: How to configure Cassandra to NOT use SSLv2?
>
> Can someone please can tell me how to prevent Cassandra 3.0.9 from using 
> SSLv2?
> Happy to use a newer version of Cassandra if that's what's required.
>
> On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro <lou.degen...@gmail.com>
> wrote:
>
>> 3.0.9
>>
>> On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler <mich...@pbandjelly.org>
>> wrote:
>>
>>> On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
>>> > Could you be more specific?  What does one specify exactly to assure
>>> > SSLv2 is not used for both client-server and server-server
>>> > communications?  Example yaml statements would be wonderful.
>>>
>>> The defaults in cassandra.yaml have only TLS specified in the current
>>> branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
>>> It's possible you may be on something older - what version are we
>>> talking about?
>>>
>>> --
>>> Michael
>>>
>>> -
>>> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
>>> For additional commands, e-mail: user-h...@cassandra.apache.org
>>>
>>>
>>
>

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-24 Thread Lou DeGenaro 
Can someone please can tell me how to prevent Cassandra 3.0.9 from
using SSLv2?
Happy to use a newer version of Cassandra if that's what's required.

On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro <lou.degen...@gmail.com>
wrote:

> 3.0.9
>
> On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler <mich...@pbandjelly.org>
> wrote:
>
>> On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
>> > Could you be more specific?  What does one specify exactly to assure
>> > SSLv2 is not used for both client-server and server-server
>> > communications?  Example yaml statements would be wonderful.
>>
>> The defaults in cassandra.yaml have only TLS specified in the current
>> branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
>> It's possible you may be on something older - what version are we
>> talking about?
>>
>> --
>> Michael
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
>> For additional commands, e-mail: user-h...@cassandra.apache.org
>>
>>
>

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-21 Thread Lou DeGenaro 
3.0.9

On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
> > Could you be more specific?  What does one specify exactly to assure
> > SSLv2 is not used for both client-server and server-server
> > communications?  Example yaml statements would be wonderful.
>
> The defaults in cassandra.yaml have only TLS specified in the current
> branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
> It's possible you may be on something older - what version are we
> talking about?
>
> --
> Michael
>
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
>
>

Re: How to configure Cassandra to NOT use SSLv2?

2018-04-20 Thread Lou DeGenaro 
Could you be more specific?  What does one specify exactly to assure SSLv2
is not used for both client-server and server-server communications?
Example yaml statements would be wonderful.

Your patience with the security neophyte is greatly appreciated.

Lou.

On Fri, Apr 20, 2018 at 9:35 AM, Michael Shuler <mich...@pbandjelly.org>
wrote:

> On 04/20/2018 07:41 AM, Lou DeGenaro wrote:
> > Running Cassandra produces the following error message:
> >
> > "SSLv2Hello is not a recognized protocol"
> >
> > because the JVM being used does not support SSLv2. The JVM does not
> > support SSLv2 because "it's a HUGE security risk."
> >
> > How does one configure Cassandra to *not* use SSLv2?
>
> See the `server_encryption_options:` and `client_encryption_options:`
> sections in conf/cassandra.yaml for the `protocol:` and `cipher_suites:`
> configurations. (Defaults are in comments.)
>
> --
> Michael
>
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
>
>

How to configure Cassandra to NOT use SSLv2?

2018-04-20 Thread Lou DeGenaro 
Running Cassandra produces the following error message:

"SSLv2Hello is not a recognized protocol"

because the JVM being used does not support SSLv2. The JVM does not support
SSLv2 because "it's a HUGE security risk."

How does one configure Cassandra to *not* use SSLv2?

Thanks.

Lou.

Re: single instance failover

2016-11-22 Thread Lou DeGenaro 
Yes, change rpc_address to node B.

Immutability aside, if Node A Cassandra and Node B Cassandra are using the
same directory on the same shared filesystem, let's call it
/cassandra/state/database,
would that not be a problem?  Or said differently, does not Node A need its
own writable place /cassandra/state/database/nodeA and likewise /cassandra
/state/database/nodeB for Node B's writable place?

Multinode Cassandra may not always be available due to resource
constraints.  Presumably multinode Cassandra for Node B is not free: it
takes up network, cpu, and replicated disk space, no?

Lou.

On 2016-11-22 11:10 (-0500), Vladimir Yudovin  wrote:
> Hi Lou,>
>
>
>
> do you mean you set  rpc_address (or broadcast_rpc_address) to Node_B_IP
on second machine?>
>
>
>
> there would be potential database corruption, no?>
>
> Well, so SSTables are immutable, it can lead to unpredictable behavior, I
guess. I don't believe anybody tested such setup before.>
>
>
>
> Is there any guidance on single instance failover?>
>
> I never saw one, the main Casandra idea that you build multinode
cluster.>
>%

single instance failover

2016-11-22 Thread Lou DeGenaro 
We use a single instance of Cassandra on Node A that employs a shared file
system to keep its data and logs.

Let's say we want to fail-over to Node B, by editing the yaml file by
changing Node A to Node B.  If we now (mistakenly) bring up Cassandra on
Node B whilst the Cassandra on Node A is still running, there would be
potential database corruption, no?

Is there any guidance on single instance failover?

Thanks.

Lou.