从 Janus Graph docker 容器连接到 Azure Cassandra 托管实例
Connect to Azure Cassandra Managed Instance from Janus Graph docker container
我无法从 JanusGraph docker 容器连接到在 Azure 中设置的 Cassandra 集群。以下是撰写文件(修改后 docker-compose-cql-es)的样子:
version: "3"
services:
janusgraph:
image: docker.io/janusgraph/janusgraph:latest
container_name: jce-janusgraph
environment:
JANUS_PROPS_TEMPLATE: cassandra-es
janusgraph.storage.backend: cql
janusgraph.storage.hostname: 10.2.0.6,10.2.0.9
janusgraph.index.search.hostname: jce-elastic
janusgraph.storage.username: cassandra
janusgraph.storage.password: *****
SSL_VERSION: TLSv1_2
SSL_VALIDATE: 'false'
ports:
- "8182:8182"
networks:
- jce-network
healthcheck:
test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
interval: 10s
timeout: 30s
retries: 3
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0
container_name: jce-elastic
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "http.host=0.0.0.0"
- "network.host=0.0.0.0"
- "transport.host=127.0.0.1"
- "cluster.name=docker-cluster"
- "xpack.security.enabled=false"
- "discovery.zen.minimum_master_nodes=1"
ports:
- "9200:9200"
networks:
- jce-network
networks:
jce-network:
volumes:
janusgraph-default-data:
我可以通过 cqlsh 连接到集群,在 bash 中有一些技巧:
export SSL_VERSION=TLSv1_2
export SSL_VALIDATE=false
不幸的是,这在 docker 容器中根本不起作用。我不断收到以下错误:
All host(s) tried for query failed (tried: /10.2.0.9:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.9:9042] Connection has been closed), /10.2.0.6:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.6:9042] Connection has been closed))
那么,有什么方法可以信任来自 docker 容器的证书吗?我没有控制 Cassandra 实例,所以无法关闭 SSL。
尝试使用 OpenSSL 提取 public 密钥,它有所帮助。
openssl s_client -connect <ip-of-node> -showcerts
已将 0 级证书复制到文本文件中,包括 ---begin-- ---end--- 行并以 .pem
扩展名保存。然后将.pem
证书转换为.crt
格式:
openssl x509 -outform der -in <cert>.pem -out <cert>.crt
已使用以下命令将证书导入 JKS 信任库:
keytool -import -alias <cert-alias> -file <cert>.crt -storetype JKS -keystore server.truststore
已创建具有以下内容的属性文件(检查 java 版本):
storage.backend=cql
storage.hostname=<ip of cassanrda instances>
storage.username=cassandra
storage.password=<password>
storage.cql.ssl.enabled=true
storage.cql.ssl.truststore.location=/usr/lib/jvm/java-<java-version>-openjdk-amd64/jre/lib/security/cacerts
storage.cql.ssl.truststore.password=changeit
cache.db-cache=true
cache.db-cache-clean-wait=20
cache.db-cache-time=180000
cache.db-cache-size=0.25
index.search.backend=lucene
index.search.directory=<folder for indices>
然后我用 gremlin shell 我用图形结束创建了工厂,一切正常。
graph = JanusGraphFactory.open('<properties file>')
g = graph.traversal()
一切都可以通过这些步骤打包到 Dockerfile。
我无法从 JanusGraph docker 容器连接到在 Azure 中设置的 Cassandra 集群。以下是撰写文件(修改后 docker-compose-cql-es)的样子:
version: "3"
services:
janusgraph:
image: docker.io/janusgraph/janusgraph:latest
container_name: jce-janusgraph
environment:
JANUS_PROPS_TEMPLATE: cassandra-es
janusgraph.storage.backend: cql
janusgraph.storage.hostname: 10.2.0.6,10.2.0.9
janusgraph.index.search.hostname: jce-elastic
janusgraph.storage.username: cassandra
janusgraph.storage.password: *****
SSL_VERSION: TLSv1_2
SSL_VALIDATE: 'false'
ports:
- "8182:8182"
networks:
- jce-network
healthcheck:
test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
interval: 10s
timeout: 30s
retries: 3
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0
container_name: jce-elastic
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "http.host=0.0.0.0"
- "network.host=0.0.0.0"
- "transport.host=127.0.0.1"
- "cluster.name=docker-cluster"
- "xpack.security.enabled=false"
- "discovery.zen.minimum_master_nodes=1"
ports:
- "9200:9200"
networks:
- jce-network
networks:
jce-network:
volumes:
janusgraph-default-data:
我可以通过 cqlsh 连接到集群,在 bash 中有一些技巧:
export SSL_VERSION=TLSv1_2
export SSL_VALIDATE=false
不幸的是,这在 docker 容器中根本不起作用。我不断收到以下错误:
All host(s) tried for query failed (tried: /10.2.0.9:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.9:9042] Connection has been closed), /10.2.0.6:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.6:9042] Connection has been closed))
那么,有什么方法可以信任来自 docker 容器的证书吗?我没有控制 Cassandra 实例,所以无法关闭 SSL。
尝试使用 OpenSSL 提取 public 密钥,它有所帮助。
openssl s_client -connect <ip-of-node> -showcerts
已将 0 级证书复制到文本文件中,包括 ---begin-- ---end--- 行并以 .pem
扩展名保存。然后将.pem
证书转换为.crt
格式:
openssl x509 -outform der -in <cert>.pem -out <cert>.crt
已使用以下命令将证书导入 JKS 信任库:
keytool -import -alias <cert-alias> -file <cert>.crt -storetype JKS -keystore server.truststore
已创建具有以下内容的属性文件(检查 java 版本):
storage.backend=cql
storage.hostname=<ip of cassanrda instances>
storage.username=cassandra
storage.password=<password>
storage.cql.ssl.enabled=true
storage.cql.ssl.truststore.location=/usr/lib/jvm/java-<java-version>-openjdk-amd64/jre/lib/security/cacerts
storage.cql.ssl.truststore.password=changeit
cache.db-cache=true
cache.db-cache-clean-wait=20
cache.db-cache-time=180000
cache.db-cache-size=0.25
index.search.backend=lucene
index.search.directory=<folder for indices>
然后我用 gremlin shell 我用图形结束创建了工厂,一切正常。
graph = JanusGraphFactory.open('<properties file>')
g = graph.traversal()
一切都可以通过这些步骤打包到 Dockerfile。