Question

我已按照https://github.com/PatrickCallaghan/datastax-ssl-secure-cluster/blob/master/README.md中提到的步骤设置安全的SSL cassandra群集。我收到与您相同的错误＆＃34;无法设置安全管道＆＃34;。我覆盖了网站上提到的我的cassandra.yaml密码套件，我仍然得到同样的错误。

我的cassandra.yaml看起来像这样：

client_encryption_options:
    enabled: true
    # If enabled and optional is set to true encrypted and unencrypted connections are handled.
    optional: false
    keystore: ***/ssl/cassandra3_keystore.jks
    keystore_password: ****
    # require_client_auth: false
    # Set trustore and truststore_password if require_client_auth is true
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]

有人可以指导我做什么吗？这是完整的错误跟踪：

Exception (java.lang.RuntimeException) encountered during startup: Failed to setup secure pipeline
java.lang.RuntimeException: Failed to setup secure pipeline
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:354)
    at org.apache.cassandra.transport.Server$SecureInitializer.<init>(Server.java:411)
    at org.apache.cassandra.transport.Server.start(Server.java:152)
    at org.apache.cassandra.service.NativeTransportService$$Lambda$203.0000000040E88830.accept(Unknown Source)
    at java.util.Collections$SingletonSet.forEach(Collections.java:4778)
    at org.apache.cassandra.service.NativeTransportService.start(NativeTransportService.java:128)
    at org.apache.cassandra.service.CassandraDaemon.startNativeTransport(CassandraDaemon.java:633)
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:495)
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:600)
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:714)
Caused by: java.io.IOException: Error creating the initializing the SSL Context
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:170)
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:350)
    ... 9 more
Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:171)
    at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:12)
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:146)
    ... 10 more
ERROR 15:36:01 Exception encountered during startup
java.lang.RuntimeException: Failed to setup secure pipeline
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:354) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server$SecureInitializer.<init>(Server.java:411) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server.start(Server.java:152) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.NativeTransportService$$Lambda$203.0000000040E88830.accept(Unknown Source) ~[na:na]
    at java.util.Collections$SingletonSet.forEach(Collections.java:4778) ~[na:1.8.0-internal]
    at org.apache.cassandra.service.NativeTransportService.start(NativeTransportService.java:128) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.startNativeTransport(CassandraDaemon.java:633) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:495) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:600) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:714) [apache-cassandra-3.7.jar:3.7]
Caused by: java.io.IOException: Error creating the initializing the SSL Context
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:170) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:350) ~[apache-cassandra-3.7.jar:3.7]
    ... 9 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:171) ~[na:1.8.0-internal]
    at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:12) ~[na:8.0 build_20150122]
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:146) ~[apache-cassandra-3.7.jar:3.7]
    ... 10 common frames omitted

Answer 1

您可以通过覆盖节点到节点和客户端节点属性的密码套件来绕过它，例如 cipher_suites：[TLS_RSA_WITH_AES_128_CBC_SHA]

这是因为Oracle Java中存在以下问题。 http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/

下载后，您可以将文件复制到服务器上的正确库中。

e.g。

scp * root @ server：/ usr / lib / jvm / java-7-oracle / jre / lib / security /

设置安全的cassandra集群（java.lang.RuntimeException：无法设置安全管道）

1 个答案: