Hi,
If they want to connect to an existing Cassandra cluster, then they can do so
by creating an new override yaml file and no changes to oom repo.
By creating or updating the overrides file as below with their cluster values:
global:
config:
cluster:
cassandra:
dynamic: false
# If cluster.cassandra.dynamic is set to false
# Then the following configuration should be uncommented
# This is if you are planning to connect to a existing
# Cassandra cluster instead of doing the deployment
storage:
backend: cassandra
hostname: somehost1,somehost2,somehost3
connectionTimeout: 100000
cacheSize: 1000000
clusterName: someClusterName
localDataCenter: someDataCenter
keyConsistent: true
# If backend is cql or cassandra it should be keyspace name
# else backend is hbase it should be hbase table name
name: your_hbase_table_or_keyspace_name
# Cassandra driver specific properties for janusgraph
cassandra:
# Name of the Cassandra Cluster
cluster: someclustername
readConsistency: LOCAL_QUORUM
writeConsistency: LOCAL_QUORUM
replicationFactor: 3
I don't think the communication between the janusgraph and Cassandra will be
two way ssl as its only asking for truststore in the ssl section of janusgraph
documentation.
It can definitely support one way ssl from the configuration.
If they want to use one way ssl, then they would need to update some files in
the oom repo.
They would need to update the following properties files:
oom/kubernetes/aai/charts/aai-resources/resources/config/janusgraph-realtime.properties
oom/kubernetes/aai/charts/aai-resources/resources/config/janusgraph-cached.properties
oom/kubernetes/aai/charts/aai-traversal/resources/config/janusgraph-realtime.properties
oom/kubernetes/aai/charts/aai-traversal/resources/config/janusgraph-cached.properties
oom/kubernetes/aai/charts/aai-graphadmin/resources/config/janusgraph-realtime.properties
oom/kubernetes/aai/charts/aai-graphadmin/resources/config/janusgraph-cached.properties
From the documentation link Keong provided, if they add the required properties
in the above files, then one way ssl communication can work.
Thanks,
Harish
-----Original Message-----
From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of
Keong Lim
Sent: Thursday, November 29, 2018 7:48 PM
To: BLIMKIE, STEVEN <steven.blim...@amdocs.com>; onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] [aai] Support for 2-way SSL?
Hi Steve,
The part you are actually talking about is the JanusGraph-to-Cassandra
communications, since Cassandra is the backend storage engine.
According to:
-
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.janusgraph.org_0.2.0_cassandra.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=f44eG3iZaja2ozEA2yRZnQ&m=DR-D3pKngmkLiJf5ldOYEoVD4xaVRJ0Z4mKsNfp4Xeg&s=BoZJPy-I78wwUM8Ka9EH0CIJqh9kGH5bNRiT7KGKLVY&e=
-
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.janusgraph.org_0.2.0_config-2Dref.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=f44eG3iZaja2ozEA2yRZnQ&m=DR-D3pKngmkLiJf5ldOYEoVD4xaVRJ0Z4mKsNfp4Xeg&s=VwXJys0STzZ69gESqvu74SwFQ4pDOxBbc2G46us4p00&e=
the configuration option to check for is:
13.3.27. storage.cassandra.ssl
storage.cassandra.ssl.enabled Controls use of the SSL connection to Cassandra
(default "false").
I did a quick search on AAI code, but could not find it. Maybe it is specified
elsewhere, e.g. in OOM parameter files.
Keong
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#14157): https://lists.onap.org/g/onap-discuss/message/14157
Mute This Topic: https://lists.onap.org/mt/28503357/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
