我正在尝试在cassandra上设置节点间和客户端加密。我设置了一个小型ca,生成了证书,分发了证书,并配置了节点以使用它们。
添加“ --ssl”后,节点间加密会直接工作,cqlsh。
但是我无法设置OpsCenter(运行5.1.1)。两个问题:
我想这意味着,各个节点将自己的证书提交给opscenter,该证书将针对ca-store进行验证。
2015-05-26 10:20:49+0000 [] INFO: Using SSL when checking thrift connection: /etc/cassandra/cassandra_ca.crt, client_pem=None, client_key=None, validate=True 2015-05-26 10:20:49+0000 [] INFO: Starting factory <opscenterd.ThriftService.NoReconnectCassandraClientFactory instance at 0x7fa4868c03b0> 2015-05-26 10:20:49+0000 [] Unhandled Error Traceback (most recent call last): File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", line 84, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", line 69, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/epollreactor.py", line 220, in _doReadOrWrite why = selectable.doWrite() File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", line 664, in doConnect self._connectDone() File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/ssl.py", line 160, in _connectDone self.startTLS(self.ctxFactory) File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", line 561, in startTLS if Connection.startTLS(self, ctx, client): File "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", line 402, in startTLS self.socket = SSL.Connection(ctx.getContext(), self.socket) File "/usr/lib/python2.7/dist-packages/opscenterd/SslUtils.py", line 54, in getContext File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 303, in load_verify_locations raise TypeError("cafile must be None or a byte string") exceptions.TypeError: cafile must be None or a byte string 2015-05-26 10:20:49+0000 [] INFO: <twisted.internet.ssl.Connector instance at 0x7fa4868c05f0> will retry in 2 seconds 2015-05-26 10:20:49+0000 [] INFO: Unhandled error in Deferred: 2015-05-26 10:20:49+0000 [] Unhandled Error Traceback (most recent call last): Failure: twisted.internet.error.ConnectError: An error occurred while connecting: [Failure instance: Traceback (failure with no frames): <type 'exceptions.TypeError'>: cafile must be None or a byte string ]. ].
有什么提示吗?
预先感谢,扬
Opscenter需要做一些事情来设置客户端到节点的加密
将群集添加到opscenter时,它将要求证书的位置(对于opscenterd)和密钥库的位置(对于每个cassandra节点)。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句