[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089321#comment-14089321 ] Samphel Norden commented on CASSANDRA-7585: --- Thanks for the patch. Any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Comment Edited] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089321#comment-14089321 ] Samphel Norden edited comment on CASSANDRA-7585 at 8/7/14 3:08 PM: --- Thanks for the patch. After its been reviewed/verified of course...any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. i.e. was (Author: samnor): Thanks for the patch. Any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. i.e. after its been reviewed/verified of course... cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS
[jira] [Comment Edited] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089321#comment-14089321 ] Samphel Norden edited comment on CASSANDRA-7585 at 8/7/14 3:08 PM: --- Thanks for the patch. Any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. i.e. after its been reviewed/verified of course... was (Author: samnor): Thanks for the patch. Any chance this can be back ported to 2.0.5 since we are not using custom builds in our deployment. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14089369#comment-14089369 ] Samphel Norden commented on CASSANDRA-7585: --- Great. Looking forward to the patch getting into stable release... cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita Fix For: 2.0.10, 2.1.1 Attachments: 7585-2.0.txt cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites:
[jira] [Created] (CASSANDRA-7494) CQL support to return first column of each row
Samphel Norden created CASSANDRA-7494: - Summary: CQL support to return first column of each row Key: CASSANDRA-7494 URL: https://issues.apache.org/jira/browse/CASSANDRA-7494 Project: Cassandra Issue Type: Improvement Components: Core Environment: fedora 64bit Reporter: Samphel Norden This jira is a request to support a query like select first 5 columns of each row where whereclause Currently in CQL, if we put a limit clause it applies over all rows. Not a per partition key limit. More details below IF we create a table as follows CREATE TABLE xy ( a int, b int, c int, d int, value int, PRIMARY KEY ((a, b), c, d) ) WITH CLUSTERING ORDER BY (c DESC, d ASC) with data = a | b | c | d | value -- 1 | 2 | 2007 | 307 | 950 1 | 2 | 2006 | 305 | 900 1 | 1 | 1006 | 205 | 800 1 | 1 | 1005 | 105 | 700 The rows are sorted by c descending where assuming c is a timestamp, the idea is to store the latest timestamp first. Hence if we pull a single column from each row given a set of rows, we want that to be the latest 'c' for each row. In other words: select first 1 value from xy where a=1 and b in (1,2) should return a single value for each rowkey a | b | c | d | value -- 1 | 1 | 1006 | 205 | 800 1 | 2 | 2007 | 307 | 950 I realize that if we do individual queries such as select a,b,c,value from xy where a=1 and b =1 limit 1; a | b | c | value ---+ 1 | 1 | 1006 | 800 (1 rows) cqlsh: select a,b,c,e from xy where a=1 and b =2 limit 1; a | b | c | value ---+ 1 | 2 | 2007 | 950 We get the desired result.However this is highly inefficient since we would need to fire a separate query per row. If we can have a construct change to allow getting a single column for a given row that would be very helpful -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (CASSANDRA-7494) CQL support to return first column of each row
[ https://issues.apache.org/jira/browse/CASSANDRA-7494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14051507#comment-14051507 ] Samphel Norden commented on CASSANDRA-7494: --- Using a slice query with Hector/Thrift does support getting the first n cells of a row. If a feature like this already exists, is there a specific reason why it cannot be ported over to CQL. CQL support to return first column of each row -- Key: CASSANDRA-7494 URL: https://issues.apache.org/jira/browse/CASSANDRA-7494 Project: Cassandra Issue Type: Improvement Components: Core Environment: fedora 64bit Reporter: Samphel Norden This jira is a request to support a query like select first 5 columns of each row where whereclause Currently in CQL, if we put a limit clause it applies over all rows. Not a per partition key limit. More details below IF we create a table as follows CREATE TABLE xy ( a int, b int, c int, d int, value int, PRIMARY KEY ((a, b), c, d) ) WITH CLUSTERING ORDER BY (c DESC, d ASC) with data = a | b | c | d | value -- 1 | 2 | 2007 | 307 | 950 1 | 2 | 2006 | 305 | 900 1 | 1 | 1006 | 205 | 800 1 | 1 | 1005 | 105 | 700 The rows are sorted by c descending where assuming c is a timestamp, the idea is to store the latest timestamp first. Hence if we pull a single column from each row given a set of rows, we want that to be the latest 'c' for each row. In other words: select first 1 value from xy where a=1 and b in (1,2) should return a single value for each rowkey a | b | c | d | value -- 1 | 1 | 1006 | 205 | 800 1 | 2 | 2007 | 307 | 950 I realize that if we do individual queries such as select a,b,c,value from xy where a=1 and b =1 limit 1; a | b | c | value ---+ 1 | 1 | 1006 | 800 (1 rows) cqlsh: select a,b,c,e from xy where a=1 and b =2 limit 1; a | b | c | value ---+ 1 | 2 | 2007 | 950 We get the desired result.However this is highly inefficient since we would need to fire a separate query per row. If we can have a construct change to allow getting a single column for a given row that would be very helpful -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (CASSANDRA-7494) CQL support to return first column of each row
[ https://issues.apache.org/jira/browse/CASSANDRA-7494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14051535#comment-14051535 ] Samphel Norden commented on CASSANDRA-7494: --- Somehow not seeing how this addresses the question. Let me pose a use case I am storing time series data in each row in a reverse chronological order which I can do by creating a cluster key on timestamp and storing with clustering (time desc) ..as a very simple example. I want to get the latest timestamp stored in each row... select first 1 time from the table is what I am looking for. cql 0.8 even supported something like this... http://stackoverflow.com/questions/8083102/select-first-n-from-cassandra-column-using-cql I am just wondering why this was taken out... granted the support below is not fully compliant in that it does require the user to specify the column name/range which is something that is usually hard to do when columns are dynamic. Of course a way around it would be to always store the latest timestamp in a special column say 9 and only select first ''...'9' from table... CQL support to return first column of each row -- Key: CASSANDRA-7494 URL: https://issues.apache.org/jira/browse/CASSANDRA-7494 Project: Cassandra Issue Type: Improvement Components: Core Environment: fedora 64bit Reporter: Samphel Norden This jira is a request to support a query like select first 5 columns of each row where whereclause Currently in CQL, if we put a limit clause it applies over all rows. Not a per partition key limit. More details below IF we create a table as follows CREATE TABLE xy ( a int, b int, c int, d int, value int, PRIMARY KEY ((a, b), c, d) ) WITH CLUSTERING ORDER BY (c DESC, d ASC) with data = a | b | c | d | value -- 1 | 2 | 2007 | 307 | 950 1 | 2 | 2006 | 305 | 900 1 | 1 | 1006 | 205 | 800 1 | 1 | 1005 | 105 | 700 The rows are sorted by c descending where assuming c is a timestamp, the idea is to store the latest timestamp first. Hence if we pull a single column from each row given a set of rows, we want that to be the latest 'c' for each row. In other words: select first 1 value from xy where a=1 and b in (1,2) should return a single value for each rowkey a | b | c | d | value -- 1 | 1 | 1006 | 205 | 800 1 | 2 | 2007 | 307 | 950 I realize that if we do individual queries such as select a,b,c,value from xy where a=1 and b =1 limit 1; a | b | c | value ---+ 1 | 1 | 1006 | 800 (1 rows) cqlsh: select a,b,c,e from xy where a=1 and b =2 limit 1; a | b | c | value ---+ 1 | 2 | 2007 | 950 We get the desired result.However this is highly inefficient since we would need to fire a separate query per row. If we can have a construct change to allow getting a single column for a given row that would be very helpful -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (CASSANDRA-7494) CQL support to return first column of each row
[ https://issues.apache.org/jira/browse/CASSANDRA-7494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14051582#comment-14051582 ] Samphel Norden commented on CASSANDRA-7494: --- As per Sylvain's suggestion, it appears that this can be marked as a duplicate of https://issues.apache.org/jira/browse/CASSANDRA-7017 I am still curious though as to why the cql 0.8 feature (see previous comment) was removed at some stage... I CQL support to return first column of each row -- Key: CASSANDRA-7494 URL: https://issues.apache.org/jira/browse/CASSANDRA-7494 Project: Cassandra Issue Type: Improvement Components: Core Environment: fedora 64bit Reporter: Samphel Norden This jira is a request to support a query like select first 5 columns of each row where whereclause Currently in CQL, if we put a limit clause it applies over all rows. Not a per partition key limit. More details below IF we create a table as follows CREATE TABLE xy ( a int, b int, c int, d int, value int, PRIMARY KEY ((a, b), c, d) ) WITH CLUSTERING ORDER BY (c DESC, d ASC) with data = a | b | c | d | value -- 1 | 2 | 2007 | 307 | 950 1 | 2 | 2006 | 305 | 900 1 | 1 | 1006 | 205 | 800 1 | 1 | 1005 | 105 | 700 The rows are sorted by c descending where assuming c is a timestamp, the idea is to store the latest timestamp first. Hence if we pull a single column from each row given a set of rows, we want that to be the latest 'c' for each row. In other words: select first 1 value from xy where a=1 and b in (1,2) should return a single value for each rowkey a | b | c | d | value -- 1 | 1 | 1006 | 205 | 800 1 | 2 | 2007 | 307 | 950 I realize that if we do individual queries such as select a,b,c,value from xy where a=1 and b =1 limit 1; a | b | c | value ---+ 1 | 1 | 1006 | 800 (1 rows) cqlsh: select a,b,c,e from xy where a=1 and b =2 limit 1; a | b | c | value ---+ 1 | 2 | 2007 | 950 We get the desired result.However this is highly inefficient since we would need to fire a separate query per row. If we can have a construct change to allow getting a single column for a given row that would be very helpful -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Comment Edited] (CASSANDRA-7494) CQL support to return first column of each row
[ https://issues.apache.org/jira/browse/CASSANDRA-7494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14051582#comment-14051582 ] Samphel Norden edited comment on CASSANDRA-7494 at 7/3/14 3:37 PM: --- As per Sylvain's suggestion, it appears that this can be marked as a duplicate of https://issues.apache.org/jira/browse/CASSANDRA-7017 I am still curious though as to why the cql 0.8 feature (see my previous comment) was removed at some stage... I was (Author: samnor): As per Sylvain's suggestion, it appears that this can be marked as a duplicate of https://issues.apache.org/jira/browse/CASSANDRA-7017 I am still curious though as to why the cql 0.8 feature (see previous comment) was removed at some stage... I CQL support to return first column of each row -- Key: CASSANDRA-7494 URL: https://issues.apache.org/jira/browse/CASSANDRA-7494 Project: Cassandra Issue Type: Improvement Components: Core Environment: fedora 64bit Reporter: Samphel Norden This jira is a request to support a query like select first 5 columns of each row where whereclause Currently in CQL, if we put a limit clause it applies over all rows. Not a per partition key limit. More details below IF we create a table as follows CREATE TABLE xy ( a int, b int, c int, d int, value int, PRIMARY KEY ((a, b), c, d) ) WITH CLUSTERING ORDER BY (c DESC, d ASC) with data = a | b | c | d | value -- 1 | 2 | 2007 | 307 | 950 1 | 2 | 2006 | 305 | 900 1 | 1 | 1006 | 205 | 800 1 | 1 | 1005 | 105 | 700 The rows are sorted by c descending where assuming c is a timestamp, the idea is to store the latest timestamp first. Hence if we pull a single column from each row given a set of rows, we want that to be the latest 'c' for each row. In other words: select first 1 value from xy where a=1 and b in (1,2) should return a single value for each rowkey a | b | c | d | value -- 1 | 1 | 1006 | 205 | 800 1 | 2 | 2007 | 307 | 950 I realize that if we do individual queries such as select a,b,c,value from xy where a=1 and b =1 limit 1; a | b | c | value ---+ 1 | 1 | 1006 | 800 (1 rows) cqlsh: select a,b,c,e from xy where a=1 and b =2 limit 1; a | b | c | value ---+ 1 | 2 | 2007 | 950 We get the desired result.However this is highly inefficient since we would need to fire a separate query per row. If we can have a construct change to allow getting a single column for a given row that would be very helpful -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
Samphel Norden created CASSANDRA-7585: - Summary: cassandra sstableloader connection refused with inter_node_encryption Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: truststorepasswd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] == Note that by setting inter-node encryption to none sstableloader works.. but setting it to all fails... It seems like sstableloader uses 7000 is my guess instead of using the ssl port 7001 for streaming/gossip. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (CASSANDRA-7585) cassandra sstableloader connection refused with inter_node_encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14070463#comment-14070463 ] Samphel Norden commented on CASSANDRA-7585: --- sstableloader always fails with connection refused, if internode encryption is on... The naive explanation (at least to me) is that it is somehow causing some activity on port 7000 between nodes (whether streaming is the reason is unknown) which is not the port on which nodes talk to each other when internode encryption is enabled... As I said above, sstableloader works correctly if only client to server encryption is enabled (that was a bug fixed in 2.0.4 IIRC). I think in both cases it is using the default ports 9160 and 7000. The client encryption part works fine since it also uses the default 9160 port even if client-to-server encryption is enabled.. The problem I think is that sstableloader is using 7000 (for unknown reasons) and the nodes no longer listen on 7000 when we have inter-node encryption enabled. Thats my speculative thinking. Whatever the reason might be, this is a critical bug for us since we have to enable encryption in enterprise deployments and need sstableloader to work for backup restores. cassandra sstableloader connection refused with inter_node_encryption - Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden Assignee: Yuki Morishita cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw passwd $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption == Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: passwd truststore:/path/to/truststore truststore_password:passwd # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: truststorepasswd #require_client_auth: true # Set trustore and truststore_password if
