设置安全 cassandra 集群(java.lang.RuntimeException: 无法在 处设置安全管道)

【问题标题】:Setting up secure cassandra cluster (java.lang.RuntimeException: Failed to setup secure pipeline at )设置安全 cassandra 集群(java.lang.RuntimeException: 无法在 处设置安全管道)
【发布时间】:2017-05-08 11:04:21
【问题描述】:

我已按照https://github.com/PatrickCallaghan/datastax-ssl-secure-cluster/blob/master/README.md 中提到的步骤设置安全 SSL cassandra 集群。我收到与您“无法设置安全管道”相同的错误。如网站所述,我覆盖了我的 cassandra.yaml 密码套件,但仍然出现相同的错误。

我的 cassandra.yaml 看起来像这样:

client_encryption_options:
    enabled: true
    # If enabled and optional is set to true encrypted and unencrypted connections are handled.
    optional: false
    keystore: ***/ssl/cassandra3_keystore.jks
    keystore_password: ****
    # require_client_auth: false
    # Set trustore and truststore_password if require_client_auth is true
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]

有人可以指导我做什么吗? 这是完整的错误跟踪:

Exception (java.lang.RuntimeException) encountered during startup: Failed to setup secure pipeline
java.lang.RuntimeException: Failed to setup secure pipeline
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:354)
    at org.apache.cassandra.transport.Server$SecureInitializer.<init>(Server.java:411)
    at org.apache.cassandra.transport.Server.start(Server.java:152)
    at org.apache.cassandra.service.NativeTransportService$$Lambda$203.0000000040E88830.accept(Unknown Source)
    at java.util.Collections$SingletonSet.forEach(Collections.java:4778)
    at org.apache.cassandra.service.NativeTransportService.start(NativeTransportService.java:128)
    at org.apache.cassandra.service.CassandraDaemon.startNativeTransport(CassandraDaemon.java:633)
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:495)
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:600)
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:714)
Caused by: java.io.IOException: Error creating the initializing the SSL Context
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:170)
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:350)
    ... 9 more
Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:171)
    at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:12)
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:146)
    ... 10 more
ERROR 15:36:01 Exception encountered during startup
java.lang.RuntimeException: Failed to setup secure pipeline
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:354) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server$SecureInitializer.<init>(Server.java:411) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server.start(Server.java:152) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.NativeTransportService$$Lambda$203.0000000040E88830.accept(Unknown Source) ~[na:na]
    at java.util.Collections$SingletonSet.forEach(Collections.java:4778) ~[na:1.8.0-internal]
    at org.apache.cassandra.service.NativeTransportService.start(NativeTransportService.java:128) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.startNativeTransport(CassandraDaemon.java:633) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:495) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:600) [apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:714) [apache-cassandra-3.7.jar:3.7]
Caused by: java.io.IOException: Error creating the initializing the SSL Context
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:170) ~[apache-cassandra-3.7.jar:3.7]
    at org.apache.cassandra.transport.Server$AbstractSecureIntializer.<init>(Server.java:350) ~[apache-cassandra-3.7.jar:3.7]
    ... 9 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:171) ~[na:1.8.0-internal]
    at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:12) ~[na:8.0 build_20150122]
    at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:146) ~[apache-cassandra-3.7.jar:3.7]
    ... 10 common frames omitted

【问题讨论】:

  • 你的java -version是什么?

标签: ssl cassandra


【解决方案1】:

您可以通过覆盖节点到节点和客户端节点属性的密码套件来绕过它,例如 cipher_suites:[TLS_RSA_WITH_AES_128_CBC_SHA]

这是因为 Oracle Java 中存在以下问题。 http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/

下载后,您可以将文件复制到服务器上的正确库中。

例如

scp * root@server:/usr/lib/jvm/java-7-oracle/jre/lib/security/

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2021-10-03
    • 2010-11-11
    • 1970-01-01
    • 1970-01-01
    • 2019-08-10
    • 1970-01-01
    • 2013-11-12
    • 2017-06-23
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode