[jira] [Commented] (CASSANDRA-9325) cassandra-stress requires keystore for SSL but provides no way to configure it

Wed, 30 Mar 2016 08:25:06 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15218137#comment-15218137
 ] 

Stefan Podkowinski commented on CASSANDRA-9325:
-----------------------------------------------

I've rebased and recreated the patch to make sure it applies cleanly from 2.1 
up to trunk. [~tjake], let me know if you need me to fire up cassci runs for 
the patch.

> cassandra-stress requires keystore for SSL but provides no way to configure it
> ------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-9325
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9325
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: J.B. Langston
>            Assignee: Stefan Podkowinski
>              Labels: lhf, stress
>             Fix For: 2.2.x
>
>         Attachments: 9325-2.1.patch
>
>
> Even though it shouldn't be required unless client certificate authentication 
> is enabled, the stress tool is looking for a keystore in the default location 
> of conf/.keystore with the default password of cassandra. There is no command 
> line option to override these defaults so you have to provide a keystore that 
> satisfies the default. It looks for conf/.keystore in the working directory, 
> so you need to create this in the directory you are running cassandra-stress 
> from.It doesn't really matter what's in the keystore; it just needs to exist 
> in the expected location and have a password of cassandra.
> Since the keystore might be required if client certificate authentication is 
> enabled, we need to add -transport parameters for keystore and 
> keystore-password.  Ideally, these should be optional and stress shouldn't 
> require the keystore unless client certificate authentication is enabled on 
> the server.
> In case it wasn't apparent, this is for Cassandra 2.1 and later's stress 
> tool.  I actually had even more problems getting Cassandra 2.0's stress tool 
> working with SSL and gave up on it.  We probably don't need to fix 2.0; we 
> can just document that it doesn't support SSL and recommend using 2.1 instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to