SSL 加密和 Cassandra
SSL Encryption and Cassandra
我正在尝试启用客户端到节点的 SSL 加密,但是在 [= 中将 client_encryption_options 设置为 true 后尝试启动 DSE 时,我一直 运行 遇到最奇怪的错误31=]
这是来自 dse 日志:
ERROR 15:09:42,277 DseModule.java:108 - Unable to start server. Exiting...
com.google.inject.CreationException: Unable to create injector, see the following errors:
1) An exception was caught and reported. Message: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.DseModule.configure(Unknown Source)
1 error
at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:466) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:155) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:96) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:73) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:62) ~[guice-4.0.jar:na]
at com.datastax.bdp.ioc.DseInjector.get(DseInjector.java:31) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.main(DseModule.java:89) ~[dse-core-5.0.6.jar:5.0.6]
Caused by: org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:443) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseCoreModule.<init>(DseCoreModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.getRequiredModules(DseModule.java:139) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.server.AbstractDseModule.configure(AbstractDseModule.java:27) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.configure(DseModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.google.inject.AbstractModule.configure(AbstractModule.java:62) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements.getElements(Elements.java:110) ~[guice-4.0.jar:na]
at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) ~[guice-4.0.jar:na]
... 5 common frames omitted
Caused by: java.io.FileNotFoundException: File '/home/ec2-user/keystore.node2' does not exist
at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) ~[commons-io-2.4.jar:2.4]
at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1763) ~[commons-io-2.4.jar:2.4]
at com.datastax.bdp.util.SSLUtil.createKeyStore(SSLUtil.java:127) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.util.SSLUtil.initKeyManagerFactory(SSLUtil.java:115) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.resolveKeyManagerFactorySafely(DseConfig.java:831) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.getSSLContext(DseConfig.java:737) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:439) ~[dse-core-5.0.6.jar:5.0.6]
... 14 common frames omitted
这是我的 cassandra.yaml 文件
client_encryption_options:
enabled: false
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: /home/ec2-user/keystore.node2
keystore_password: cassandra
require_client_auth: true
# Set trustore and truststore_password if require_client_auth is true
truststore: /home/ec2-user/truststore.node2
truststore_password: cassandra
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA]
我不确定为什么我总是收到
SSLContext: File '/home/ec2-user/keystore.node2' does not exist
这是我的密钥库的位置 -
[ec2-user@ip-172-18-51-175 ~]$ locate keystore.node2
/home/ec2-user/keystore.node2
我可能做错了什么?
切换到您的 cassandra 用户,然后执行 cat /home/ec2-user/keystore.node2 并查看该用户是否可以看到该文件
还有 运行:ls -lna /home/ec2-user/keystore.node2 和 post 这里。
我正在尝试启用客户端到节点的 SSL 加密,但是在 [= 中将 client_encryption_options 设置为 true 后尝试启动 DSE 时,我一直 运行 遇到最奇怪的错误31=]
这是来自 dse 日志:
ERROR 15:09:42,277 DseModule.java:108 - Unable to start server. Exiting...
com.google.inject.CreationException: Unable to create injector, see the following errors:
1) An exception was caught and reported. Message: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.DseModule.configure(Unknown Source)
1 error
at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:466) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:155) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:96) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:73) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:62) ~[guice-4.0.jar:na]
at com.datastax.bdp.ioc.DseInjector.get(DseInjector.java:31) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.main(DseModule.java:89) ~[dse-core-5.0.6.jar:5.0.6]
Caused by: org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:443) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseCoreModule.<init>(DseCoreModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.getRequiredModules(DseModule.java:139) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.server.AbstractDseModule.configure(AbstractDseModule.java:27) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.configure(DseModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.google.inject.AbstractModule.configure(AbstractModule.java:62) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements.getElements(Elements.java:110) ~[guice-4.0.jar:na]
at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) ~[guice-4.0.jar:na]
... 5 common frames omitted
Caused by: java.io.FileNotFoundException: File '/home/ec2-user/keystore.node2' does not exist
at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) ~[commons-io-2.4.jar:2.4]
at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1763) ~[commons-io-2.4.jar:2.4]
at com.datastax.bdp.util.SSLUtil.createKeyStore(SSLUtil.java:127) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.util.SSLUtil.initKeyManagerFactory(SSLUtil.java:115) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.resolveKeyManagerFactorySafely(DseConfig.java:831) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.getSSLContext(DseConfig.java:737) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:439) ~[dse-core-5.0.6.jar:5.0.6]
... 14 common frames omitted
这是我的 cassandra.yaml 文件
client_encryption_options:
enabled: false
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: /home/ec2-user/keystore.node2
keystore_password: cassandra
require_client_auth: true
# Set trustore and truststore_password if require_client_auth is true
truststore: /home/ec2-user/truststore.node2
truststore_password: cassandra
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA]
我不确定为什么我总是收到
SSLContext: File '/home/ec2-user/keystore.node2' does not exist
这是我的密钥库的位置 -
[ec2-user@ip-172-18-51-175 ~]$ locate keystore.node2
/home/ec2-user/keystore.node2
我可能做错了什么?
切换到您的 cassandra 用户,然后执行 cat /home/ec2-user/keystore.node2 并查看该用户是否可以看到该文件
还有 运行:ls -lna /home/ec2-user/keystore.node2 和 post 这里。