从 Janus Graph docker 容器连接到 Azure Cassandra 托管实例

时间:2021-06-18 08:07:47

标签: azure cassandra janusgraph

我无法从 JanusGraph docker 容器连接到 Azure 中设置的 Cassandra 集群。撰写文件(修改后的 docker-compose-cql-es)如下所示:

version: "3"

services:
  janusgraph:
    image: docker.io/janusgraph/janusgraph:latest
    container_name: jce-janusgraph
    environment:
      JANUS_PROPS_TEMPLATE: cassandra-es
      janusgraph.storage.backend: cql
      janusgraph.storage.hostname: 10.2.0.6,10.2.0.9
      janusgraph.index.search.hostname: jce-elastic
      janusgraph.storage.username: cassandra
      janusgraph.storage.password: *****
      SSL_VERSION: TLSv1_2
      SSL_VALIDATE: 'false'
    ports:
      - "8182:8182"
    networks:
      - jce-network
    healthcheck:
      test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
      interval: 10s
      timeout: 30s
      retries: 3
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0
    container_name: jce-elastic
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "http.host=0.0.0.0"
      - "network.host=0.0.0.0"
      - "transport.host=127.0.0.1"
      - "cluster.name=docker-cluster"
      - "xpack.security.enabled=false"
      - "discovery.zen.minimum_master_nodes=1"
    ports:
      - "9200:9200"
    networks:
      - jce-network

networks:
  jce-network:
volumes:
  janusgraph-default-data:

我能够通过 cqlsh 连接到集群,并在 bash 中进行了一些黑客攻击:

export SSL_VERSION=TLSv1_2
export SSL_VALIDATE=false

不幸的是,这在 docker 容器中根本不起作用。我不断收到以下错误:

All host(s) tried for query failed (tried: /10.2.0.9:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.9:9042] Connection has been closed), /10.2.0.6:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.6:9042] Connection has been closed))

那么,有没有办法信任来自 docker 容器的证书呢?我没有控制 Cassandra 实例,因此无法关闭 SSL。

1 个答案:

答案 0 :(得分:0)

尝试使用 OpenSSL 提取公钥并有所帮助。

openssl s_client -connect <ip-of-node> -showcerts

将 0 级证书复制到文本文件中,包括 ---begin--- ---end--- 行并使用 .pem 扩展名保存。然后将 .pem 证书转换为 .crt 格式:

openssl x509 -outform der -in <cert>.pem -out <cert>.crt

使用以下命令将证书导入 JKS 信任库:

keytool -import -alias <cert-alias> -file <cert>.crt -storetype JKS -keystore server.truststore

创建属性文件,内容如下(查看java版本):

storage.backend=cql
storage.hostname=<ip of cassanrda instances>
storage.username=cassandra
storage.password=<password>
storage.cql.ssl.enabled=true
storage.cql.ssl.truststore.location=/usr/lib/jvm/java-<java-version>-openjdk-amd64/jre/lib/security/cacerts
storage.cql.ssl.truststore.password=changeit
cache.db-cache=true
cache.db-cache-clean-wait=20
cache.db-cache-time=180000
cache.db-cache-size=0.25
index.search.backend=lucene
index.search.directory=<folder for indices>

然后我使用 gremlin shell 创建了带有图形结束的工厂,一切正常。

graph = JanusGraphFactory.open('<properties file>')
g = graph.traversal()

通过这些步骤,一切都可以打包到 Dockerfile 中。

相关问题
最新问题