[
https://issues.apache.org/jira/browse/CASSANDRA-11749?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15284053#comment-15284053
]
Stefania commented on CASSANDRA-11749:
--------------------------------------
Thank you Norman.
You can use [this
branch|https://github.com/apache/cassandra/compare/trunk...stef1927:11749-cqlsh-2.1].
It's configured to run Cassandra with SSL, it contains the test files and it
links to Netty 4.0.36 (rather than 4.0.23). It's otherwise identical to
cassandra-2.1 HEAD (the workaround mentioned above has been commented out).
Here are the instructions:
* Dependencies: Java 8 JDK, Python 2.7, ant 1.9+
* Get the branch: {{git clone http://github.com/stef1927/cassandra.git --branch
11749-cqlsh-2.1 --single-branch}}
* Set the {{CASSANDRA_DIR}} environment to the location of the branch and add
{{CASSANDRA_DIR/bin}} to the PATH
* Build: {{ant build}}
* If you need an IntelliJ project: {{ant generate-idea-files}} or Eclipse:
{{ant generate-eclipse-files}}
* Generate the certificates by following [these
instructions|http://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html].
These are the certificates you should end up with:
{code}
keystore.node0
node0.cer
node0.cer.pem
node0.key.pem
node0.p12
truststore.node0
{code}
* Edit {{$CASSANDRA_DIR/cqlshrc}} and {{$CASSANDRA_DIR/conf/cassandra.yaml}} to
point to your certificates. The easiest is to search for my absolute path
{{/home/stefi}} and change all occurrences. There are 3 occurrences in
{{cqlshrc}} and 2 in {{cassandra.yaml}}.
* Download the
[JCE|http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html],
unzip and copy the 2 jars to {{$JAVA_HOME/jre/lib/security/}}
* Set any additional JVM properties via the {{JVM_OPTS}} environment variable,
for example: {{export JVM_OPTS=-Djavax.net.debug=ssl}}
* Launch cassandra in the foreground: {{cassandra -f}}. Stop with CTRL-C.
* If you need to run in IntelliJ you can you the Cassandra run config.
* The log file containing the exception is {{CASSANDRA_DIR/logs/system.log}}
* Run the test with {{cqlsh --debug --ssl --cqlshrc=./conf/cqlshrc -f kv.cql}}
This is a sample output when it works:
{code}
Using CQL driver: <module 'cassandra' from
'/home/stefi/git/cstar/cassandra/bin/../lib/cassandra-driver-internal-only-2.7.2.zip/cassandra-driver-2.7.2/cassandra/__init__.py'>
Using connect timeout: 5 seconds
Reading options from the command line: {'header': 'true', 'numprocesses': '1'}
Using options: '{'header': 'true', 'numprocesses': '1'}'
Using 1 child processes
Starting copy of cvs_copy_ks.kv with columns ['key', 'value'].
Closing queues...; Rate: 12 rows/s; Avg. rate: 12 rows/s
Processed: 3 rows; Rate: 6 rows/s; Avg. rate: 8 rows/s
3 rows imported from 1 files in 0.358 seconds (0 skipped).
key | value
-----+-------
1 | 'a'
2 | 'b'
3 | 'c'
(3 rows)
{code}
This is a sample output when it fails, plus the exception will be visible in
logs/system.log:
{code}
stefi@cuoricina:~/git/cstar/cassandra$ cqlsh --debug --ssl
--cqlshrc=./conf/cqlshrc -f kv.cql
Using CQL driver: <module 'cassandra' from
'/home/stefi/git/cstar/cassandra/bin/../lib/cassandra-driver-internal-only-2.7.2.zip/cassandra-driver-2.7.2/cassandra/__init__.py'>
Using connect timeout: 5 seconds
Reading options from the command line: {'header': 'true', 'numprocesses': '1'}
Using options: '{'header': 'true', 'numprocesses': '1'}'
Using 1 child processes
Starting copy of cvs_copy_ks.kv with columns ['key', 'value'].
Closing queues...; Rate: 9 rows/s; Avg. rate: 9 rows/s
Processed: 3 rows; Rate: 4 rows/s; Avg. rate: 7 rows/s
3 rows imported from 1 files in 0.449 seconds (0 skipped).
kv.cql:6:NoHostAvailable: ('Unable to complete the operation against any
hosts', {})
kv.cql:7:NoHostAvailable: ('Unable to complete the operation against any
hosts', {})
{code}
You should be able to reproduce this fairly easily since the workaround has
been commented out. I typically run it 5 or 6 times before reproducing it. To
give you some context on the test, {{copy cvs_copy_ks.kv (key, value) from
'kv.csv' with header='true' and numprocesses=1;}} will spawn a Python child
process to import kv.csv into Cassandra. This command works but the two
following commands fail with {{NoHostAvailable}}, which indicate that the
server did not respond to cqlsh, plus we see the exception in the logs. You
also find a file called {{loop.sh}} if you want to run the test several times.
I hope I haven't forgotten any steps, if you run into trouble do not hesitate
to let me know. The instructions on generating certificates have a couple of
typos, unfortunately I did not save the exact commands I've used. You are
probably familiar with those commands but if not let me know and I'll recreate
the certificates and give you the exact commands.
> CQLSH gets SSL exception following a COPY FROM
> ----------------------------------------------
>
> Key: CASSANDRA-11749
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11749
> Project: Cassandra
> Issue Type: Bug
> Components: Tools
> Reporter: Stefania
> Assignee: Stefania
> Fix For: 2.1.x
>
> Attachments: stdout.txt.zip, stdout_single_process.txt.zip
>
>
> When running Cassandra and cqlsh with SSL, the following command occasionally
> results in the exception below:
> {code}
> cqlsh --ssl -f kv.cql
> {code}
> {code}
> ERROR [SharedPool-Worker-2] 2016-05-11 12:41:03,583 Message.java:538 -
> Unexpected exception during request; channel = [id: 0xeb75e05d,
> /127.0.0.1:51083 => /127.0.0.1:9042]
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: bad
> record MAC
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:280)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
> Caused by: javax.net.ssl.SSLException: bad record MAC
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> ~[na:1.8.0_91]
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
> ~[na:1.8.0_91]
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:981)
> ~[na:1.8.0_91]
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
> ~[na:1.8.0_91]
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
> ~[na:1.8.0_91]
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_91]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:982)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:908)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:854)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
> ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
> ... 10 common frames omitted
> Caused by: javax.crypto.BadPaddingException: bad record MAC
> at sun.security.ssl.InputRecord.decrypt(InputRecord.java:219)
> ~[na:1.8.0_91]
> at
> sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:177)
> ~[na:1.8.0_91]
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
> ~[na:1.8.0_91]
> ... 17 common frames omitted
> {code}
> where
> {code}
> cat kv.cql
> create keyspace if not exists cvs_copy_ks with replication = {'class':
> 'SimpleStrategy', 'replication_factor':1};
> create table if not exists cvs_copy_ks.kv (key int primary key, value text);
> truncate cvs_copy_ks.kv;
> copy cvs_copy_ks.kv (key, value) from 'kv.csv' with header='true';
> select * from cvs_copy_ks.kv;
> drop keyspace cvs_copy_ks;
> stefi@cuoricina:~/git/cstar/cassandra$ cat kv.c
> kv.cql kv.csv
> cat kv.csv
> key,value
> 1,'a'
> 2,'b'
> 3,'c'
> {code}
> The COPY FROM succeeds, however the following select does not.
> The easiest way to reproduce this is to restart the Cassandra process, it
> seems to happen in preference after a restart.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
