3
我試圖使客戶端節點的SSL加密試圖cassandra.yamlSSL加密和卡桑德拉
這是從DSE設置client_encryption_options爲真後開始DSE然而,當我一直運行到最奇怪的錯誤日誌:
ERROR 15:09:42,277 DseModule.java:108 - Unable to start server. Exiting...
com.google.inject.CreationException: Unable to create injector, see the following errors:
1) An exception was caught and reported. Message: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.DseModule.configure(Unknown Source)
1 error
at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:466) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:155) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:96) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:73) ~[guice-4.0.jar:na]
at com.google.inject.Guice.createInjector(Guice.java:62) ~[guice-4.0.jar:na]
at com.datastax.bdp.ioc.DseInjector.get(DseInjector.java:31) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.main(DseModule.java:89) ~[dse-core-5.0.6.jar:5.0.6]
Caused by: org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSLContext: File '/home/ec2-user/keystore.node2' does not exist
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:443) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseCoreModule.<init>(DseCoreModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.getRequiredModules(DseModule.java:139) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.server.AbstractDseModule.configure(AbstractDseModule.java:27) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.DseModule.configure(DseModule.java:76) ~[dse-core-5.0.6.jar:5.0.6]
at com.google.inject.AbstractModule.configure(AbstractModule.java:62) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) ~[guice-4.0.jar:na]
at com.google.inject.spi.Elements.getElements(Elements.java:110) ~[guice-4.0.jar:na]
at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) ~[guice-4.0.jar:na]
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) ~[guice-4.0.jar:na]
... 5 common frames omitted
Caused by: java.io.FileNotFoundException: File '/home/ec2-user/keystore.node2' does not exist
at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) ~[commons-io-2.4.jar:2.4]
at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1763) ~[commons-io-2.4.jar:2.4]
at com.datastax.bdp.util.SSLUtil.createKeyStore(SSLUtil.java:127) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.util.SSLUtil.initKeyManagerFactory(SSLUtil.java:115) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.resolveKeyManagerFactorySafely(DseConfig.java:831) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.getSSLContext(DseConfig.java:737) ~[dse-core-5.0.6.jar:5.0.6]
at com.datastax.bdp.config.DseConfig.init(DseConfig.java:439) ~[dse-core-5.0.6.jar:5.0.6]
... 14 common frames omitted
這是我cassandra.yaml文件
client_encryption_options:
enabled: false
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: /home/ec2-user/keystore.node2
keystore_password: cassandra
require_client_auth: true
# Set trustore and truststore_password if require_client_auth is true
truststore: /home/ec2-user/truststore.node2
truststore_password: cassandra
# More advanced defaults below:
protocol: TLS
algorithm: SunX509
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA]
我不知道爲什麼我一直得到
SSLContext: File '/home/ec2-user/keystore.node2' does not exist
這是我的密鑰庫的位置 -
[[email protected] ~]$ locate keystore.node2
/home/ec2-user/keystore.node2
什麼我可能做錯了什麼?
您可以檢查文件權限以確保運行Cassandra的用戶可以訪問密鑰存儲? –