You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Jahar Tyagi <ja...@gmail.com> on 2018/06/19 10:59:33 UTC
Cassandra Client Program not Working with NettySSLOptions
Hi,
I referred to this link
https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/
<https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/> to
implement a simple Cassandra client using datastax driver 3.0.0 on SSL with
OpenSSL options but unable to run it.
Getting generic exception as "
*com.datastax.driver.core.exceptions.NoHostAvailableException"
*at line
mySession = myCluster.connect();
*Code snippet to setup cluster connection is below.*
public void connectToCluster()
{
String[] theCassandraHosts = {"myip"};
myCluster =
Cluster.builder().withSSL(getSSLOption()).withReconnectionPolicy(new
ConstantReconnectionPolicy(2000)).addContactPoints(theCassandraHosts).withPort(10742)
.withCredentials("username",
"password").withLoadBalancingPolicy(DCAwareRoundRobinPolicy.builder().build())
.withSocketOptions(new
SocketOptions().setConnectTimeoutMillis(800).setKeepAlive(true)).build();
try {
mySession = myCluster.connect();
}
catch(Exception e) {
e.printStackTrace();
}
System.out.println("Session Established");
}
private SSLOptions getSSLOption()
{
InputStream trustStore = null;
try
{
String theTrustStorePath =
"/var/opt/SecureInterface/myTrustStore.jks";
String theTrustStorePassword = "mypassword";
List<String> theCipherSuites = new ArrayList<String>();
theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
KeyStore ks = KeyStore.getInstance("JKS");
* trustStore = new FileInputStream(theTrustStorePath);*
ks.load(trustStore, theTrustStorePassword.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
SslContextBuilder builder =
SslContextBuilder.forClient()
.sslProvider(SslProvider.OPENSSL)
.trustManager(tmf)
.ciphers(theCipherSuites)
// only if you use client authentication
.keyManager(new
File("/var/opt/SecureInterface/keystore/Cass.crt"),
new
File("/var/opt/vs/SecureInterface/keystore/Cass_enc.key"));
SSLOptions sslOptions = new NettySSLOptions(builder.build());
return sslOptions;
}
catch (Exception e)
{
e.printStackTrace();
}
finally
{
try
{
trustStore.close();
}
catch (IOException e)
{
e.printStackTrace();
}
}
return null;
}
Cassandra server is running fine with client and server encryption options.
Moreover I am able to run my client using JdkSSLOptions but have problem
with NettySSLOptions.
Has anyone implemented the NettySSLOptions for Cassandra client
application?
Regards,
Jahar Tyagi
Re: Cassandra Client Program not Working with NettySSLOptions
Posted by Jahar Tyagi <ja...@gmail.com>.
I have updated to datastax driver 3.5.0 and using
*netty-tcnative-boringssl-static
2.0.8.Final *as io.netty dependency but still getting same exception.
DEBUG Connection[host1/***.***.**.**:10742-1, inFlight=0, closed=true],
stream 0, Error wr
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s)
tried for query faileom.datastax.driver.core.exceptions.TransportException:
[host1_priv/192.168.52.42:10742] Channel
at
com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:
at
com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:79)
at
com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1549)
at com.datastax.driver.core.Cluster.init(Cluster.java:160)
at
com.datastax.driver.core.SessionManager.initAsync(SessionManager.java:78)
at
com.datastax.driver.core.SessionManager.init(SessionManager.java:69)
at
poc.cassandra.openssl.driver.openssl.App.connectToCluster(App.java:53)
at poc.cassandra.openssl.driver.openssl.App.main(App.java:171)
Has anyone tried Cassandra SSL with OPENSSL options?
Regards,
Jahar Tyagi
7017503113
On Thu, Jun 21, 2018 at 9:19 AM, Jahar Tyagi <ja...@gmail.com> wrote:
> Yes, Server uses the encryption client-node and server-server both and
> running fine with JDKSSL options but problem is with NettySSLOptions.
>
> On Tue, Jun 19, 2018 at 7:04 PM, Jonathan Haddad <jo...@jonhaddad.com>
> wrote:
>
>> Is the server configured to use encryption?
>>
>> On Tue, Jun 19, 2018 at 3:59 AM Jahar Tyagi <ja...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I referred to this link https://docs.datastax.com
>>> /en/developer/java-driver/3.0/manual/ssl/
>>> <https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/>
>>> to implement a simple Cassandra client using datastax driver 3.0.0 on SSL
>>> with OpenSSL options but unable to run it.
>>>
>>> Getting generic exception as " *com.datastax.driver.core.exceptions.NoHostAvailableException"
>>> *at line
>>> mySession = myCluster.connect();
>>>
>>> *Code snippet to setup cluster connection is below.*
>>>
>>> public void connectToCluster()
>>> {
>>> String[] theCassandraHosts = {"myip"};
>>> myCluster =
>>> Cluster.builder().withSSL(getS
>>> SLOption()).withReconnectionPolicy(new ConstantReconnectionPolicy(200
>>> 0)).addContactPoints(theCassandraHosts).withPort(10742)
>>> .withCredentials("username",
>>> "password").withLoadBalancingPolicy(DCAwareRoundRobinPolicy.
>>> builder().build())
>>> .withSocketOptions(new
>>> SocketOptions().setConnectTimeoutMillis(800).setKeepAlive(
>>> true)).build();
>>> try {
>>> mySession = myCluster.connect();
>>> }
>>> catch(Exception e) {
>>> e.printStackTrace();
>>> }
>>> System.out.println("Session Established");
>>> }
>>>
>>>
>>> private SSLOptions getSSLOption()
>>> {
>>> InputStream trustStore = null;
>>> try
>>> {
>>> String theTrustStorePath = "/var/opt/SecureInterface/myTr
>>> ustStore.jks";
>>> String theTrustStorePassword = "mypassword";
>>> List<String> theCipherSuites = new ArrayList<String>();
>>> theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
>>> ;
>>> KeyStore ks = KeyStore.getInstance("JKS");
>>> * trustStore = new FileInputStream(theTrustStorePath);*
>>> ks.load(trustStore, theTrustStorePassword.toCharArray());
>>> TrustManagerFactory tmf = TrustManagerFactory.getInstanc
>>> e(TrustManagerFactory.getDefaultAlgorithm());
>>> tmf.init(ks);
>>> SslContextBuilder builder =
>>> SslContextBuilder.forClient()
>>> .sslProvider(SslProvider.OPENSSL)
>>> .trustManager(tmf)
>>> .ciphers(theCipherSuites)
>>> // only if you use client authentication
>>> .keyManager(new
>>> File("/var/opt/SecureInterface/keystore/Cass.crt"),
>>> new File("/var/opt/vs/SecureInterf
>>> ace/keystore/Cass_enc.key"));
>>> SSLOptions sslOptions = new NettySSLOptions(builder.build(
>>> ));
>>> return sslOptions;
>>> }
>>> catch (Exception e)
>>> {
>>> e.printStackTrace();
>>> }
>>> finally
>>> {
>>> try
>>> {
>>> trustStore.close();
>>> }
>>> catch (IOException e)
>>> {
>>> e.printStackTrace();
>>> }
>>> }
>>> return null;
>>> }
>>>
>>> Cassandra server is running fine with client and server encryption
>>> options. Moreover I am able to run my client using JdkSSLOptions but have
>>> problem with NettySSLOptions.
>>>
>>> Has anyone implemented the NettySSLOptions for Cassandra client
>>> application?
>>>
>>>
>>> Regards,
>>> Jahar Tyagi
>>>
>> --
>> Jon Haddad
>> http://www.rustyrazorblade.com
>> twitter: rustyrazorblade
>>
>
>
Re: Cassandra Client Program not Working with NettySSLOptions
Posted by Jahar Tyagi <ja...@gmail.com>.
Yes, Server uses the encryption client-node and server-server both and
running fine with JDKSSL options but problem is with NettySSLOptions.
On Tue, Jun 19, 2018 at 7:04 PM, Jonathan Haddad <jo...@jonhaddad.com> wrote:
> Is the server configured to use encryption?
>
> On Tue, Jun 19, 2018 at 3:59 AM Jahar Tyagi <ja...@gmail.com> wrote:
>
>> Hi,
>>
>> I referred to this link https://docs.datastax.
>> com/en/developer/java-driver/3.0/manual/ssl/
>> <https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/> to
>> implement a simple Cassandra client using datastax driver 3.0.0 on SSL with
>> OpenSSL options but unable to run it.
>>
>> Getting generic exception as " *com.datastax.driver.core.exceptions.NoHostAvailableException"
>> *at line
>> mySession = myCluster.connect();
>>
>> *Code snippet to setup cluster connection is below.*
>>
>> public void connectToCluster()
>> {
>> String[] theCassandraHosts = {"myip"};
>> myCluster =
>> Cluster.builder().withSSL(getSSLOption()).withReconnectionPolicy(new
>> ConstantReconnectionPolicy(2000)).addContactPoints(
>> theCassandraHosts).withPort(10742)
>> .withCredentials("username", "password").
>> withLoadBalancingPolicy(DCAwareRoundRobinPolicy.builder().build())
>> .withSocketOptions(new SocketOptions().
>> setConnectTimeoutMillis(800).setKeepAlive(true)).build();
>> try {
>> mySession = myCluster.connect();
>> }
>> catch(Exception e) {
>> e.printStackTrace();
>> }
>> System.out.println("Session Established");
>> }
>>
>>
>> private SSLOptions getSSLOption()
>> {
>> InputStream trustStore = null;
>> try
>> {
>> String theTrustStorePath = "/var/opt/SecureInterface/
>> myTrustStore.jks";
>> String theTrustStorePassword = "mypassword";
>> List<String> theCipherSuites = new ArrayList<String>();
>> theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
>> KeyStore ks = KeyStore.getInstance("JKS");
>> * trustStore = new FileInputStream(theTrustStorePath);*
>> ks.load(trustStore, theTrustStorePassword.toCharArray());
>> TrustManagerFactory tmf = TrustManagerFactory.getInstance(
>> TrustManagerFactory.getDefaultAlgorithm());
>> tmf.init(ks);
>> SslContextBuilder builder =
>> SslContextBuilder.forClient()
>> .sslProvider(SslProvider.OPENSSL)
>> .trustManager(tmf)
>> .ciphers(theCipherSuites)
>> // only if you use client authentication
>> .keyManager(new File("/var/opt/
>> SecureInterface/keystore/Cass.crt"),
>> new File("/var/opt/vs/
>> SecureInterface/keystore/Cass_enc.key"));
>> SSLOptions sslOptions = new NettySSLOptions(builder.build());
>> return sslOptions;
>> }
>> catch (Exception e)
>> {
>> e.printStackTrace();
>> }
>> finally
>> {
>> try
>> {
>> trustStore.close();
>> }
>> catch (IOException e)
>> {
>> e.printStackTrace();
>> }
>> }
>> return null;
>> }
>>
>> Cassandra server is running fine with client and server encryption
>> options. Moreover I am able to run my client using JdkSSLOptions but have
>> problem with NettySSLOptions.
>>
>> Has anyone implemented the NettySSLOptions for Cassandra client
>> application?
>>
>>
>> Regards,
>> Jahar Tyagi
>>
> --
> Jon Haddad
> http://www.rustyrazorblade.com
> twitter: rustyrazorblade
>
Re: Cassandra Client Program not Working with NettySSLOptions
Posted by Jonathan Haddad <jo...@jonhaddad.com>.
Is the server configured to use encryption?
On Tue, Jun 19, 2018 at 3:59 AM Jahar Tyagi <ja...@gmail.com> wrote:
> Hi,
>
> I referred to this link
> https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/
> <https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/> to
> implement a simple Cassandra client using datastax driver 3.0.0 on SSL with
> OpenSSL options but unable to run it.
>
> Getting generic exception as " *com.datastax.driver.core.exceptions.NoHostAvailableException"
> *at line
> mySession = myCluster.connect();
>
> *Code snippet to setup cluster connection is below.*
>
> public void connectToCluster()
> {
> String[] theCassandraHosts = {"myip"};
> myCluster =
>
> Cluster.builder().withSSL(getSSLOption()).withReconnectionPolicy(new
> ConstantReconnectionPolicy(2000)).addContactPoints(theCassandraHosts).withPort(10742)
> .withCredentials("username",
> "password").withLoadBalancingPolicy(DCAwareRoundRobinPolicy.builder().build())
> .withSocketOptions(new
> SocketOptions().setConnectTimeoutMillis(800).setKeepAlive(true)).build();
> try {
> mySession = myCluster.connect();
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> System.out.println("Session Established");
> }
>
>
> private SSLOptions getSSLOption()
> {
> InputStream trustStore = null;
> try
> {
> String theTrustStorePath =
> "/var/opt/SecureInterface/myTrustStore.jks";
> String theTrustStorePassword = "mypassword";
> List<String> theCipherSuites = new ArrayList<String>();
> theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
> KeyStore ks = KeyStore.getInstance("JKS");
> * trustStore = new FileInputStream(theTrustStorePath);*
> ks.load(trustStore, theTrustStorePassword.toCharArray());
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmf.init(ks);
> SslContextBuilder builder =
> SslContextBuilder.forClient()
> .sslProvider(SslProvider.OPENSSL)
> .trustManager(tmf)
> .ciphers(theCipherSuites)
> // only if you use client authentication
> .keyManager(new
> File("/var/opt/SecureInterface/keystore/Cass.crt"),
> new
> File("/var/opt/vs/SecureInterface/keystore/Cass_enc.key"));
> SSLOptions sslOptions = new NettySSLOptions(builder.build());
> return sslOptions;
> }
> catch (Exception e)
> {
> e.printStackTrace();
> }
> finally
> {
> try
> {
> trustStore.close();
> }
> catch (IOException e)
> {
> e.printStackTrace();
> }
> }
> return null;
> }
>
> Cassandra server is running fine with client and server encryption
> options. Moreover I am able to run my client using JdkSSLOptions but have
> problem with NettySSLOptions.
>
> Has anyone implemented the NettySSLOptions for Cassandra client
> application?
>
>
> Regards,
> Jahar Tyagi
>
--
Jon Haddad
http://www.rustyrazorblade.com
twitter: rustyrazorblade