在Cassandra中设置节点间加密

时间:2013-08-13 22:52:02

标签: cassandra

我是Cassandra的新手,希望在Cassandra 1.2.8中设置节点加密。

我已按照此处列出的步骤成功为密钥库和信任库创建了密钥对: http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

在Cassandra.yaml文件中,我已将服务器加密选项调整为以下内容:

server_encryption_options:
    internode_encryption: all
    keystore: conf/keystore
    keystore_password: password
    truststore: conf/truststore
    truststore_password: password

但是,当我启动Cassandra服务器时,收到以下错误:

ERROR 18:49:20,883 Fatal configuration error
org.apache.cassandra.exceptions.ConfigurationException: Unable to create ssl socket
        at org.apache.cassandra.net.MessagingService.getServerSocket(MessagingService.java:410)
        at org.apache.cassandra.net.MessagingService.listen(MessagingService.java:390)
        at org.apache.cassandra.service.StorageService.joinTokenRing(StorageService.java:589)
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:554)
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:451)
        at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:348)
        at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:447)
        at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:490)
Caused by: java.io.IOException: Error creating the initializing the SSL Context
        at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:124)
        at org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:53)
        at org.apache.cassandra.net.MessagingService.getServerSocket(MessagingService.java:406)
        ... 7 more
Caused by: java.io.FileNotFoundException: conf\truststore\dev (The system cannot find the path specified)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(Unknown Source)
        at java.io.FileInputStream.<init>(Unknown Source)
        at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:105)
        ... 9 more
Unable to create ssl socket
Fatal configuration error; unable to start server.  See log for stacktrace.
ERROR 18:49:20,887 Exception in thread Thread[StorageServiceShutdownHook,5,main]
java.lang.NullPointerException
        at org.apache.cassandra.service.StorageService.stopRPCServer(StorageService.java:321)
        at org.apache.cassandra.service.StorageService.shutdownClientServers(StorageService.java:370)
        at org.apache.cassandra.service.StorageService.access$000(StorageService.java:88)
        at org.apache.cassandra.service.StorageService$1.runMayThrow(StorageService.java:519)
        at org.apache.cassandra.utils.WrappedRunnable.run(WrappedRunnable.java:28)
        at java.lang.Thread.run(Unknown Source)

请注意,如果服务器加密选项设置为无,则服务器可以正常运行。任何想法/指导都将不胜感激。

1 个答案:

答案 0 :(得分:5)

仔细阅读例外情况:

  

引起:java.io.FileNotFoundException:conf \ truststore \ dev
    (系统找不到指定的路径)

您已经创建了密钥/信任存储,但您没有将cassandra指向它们。在cassandra.yaml中,您需要启用SSL,但您还需要指定这两个文件的路径。 E.g:

server_encryption_options:
    internode_encryption: all
    keystore: C:\some\location
    keystore_password: password
    truststore: C:\some\other\location
    truststore_password: password

另请记住提供密钥/信任存储密码,而不是cassandra.yaml中的示例。

相关问题
最新问题