Hi, If they want to connect to an existing Cassandra cluster, then they can do so by creating an new override yaml file and no changes to oom repo. By creating or updating the overrides file as below with their cluster values:
global: config: cluster: cassandra: dynamic: false # If cluster.cassandra.dynamic is set to false # Then the following configuration should be uncommented # This is if you are planning to connect to a existing # Cassandra cluster instead of doing the deployment storage: backend: cassandra hostname: somehost1,somehost2,somehost3 connectionTimeout: 100000 cacheSize: 1000000 clusterName: someClusterName localDataCenter: someDataCenter keyConsistent: true # If backend is cql or cassandra it should be keyspace name # else backend is hbase it should be hbase table name name: your_hbase_table_or_keyspace_name # Cassandra driver specific properties for janusgraph cassandra: # Name of the Cassandra Cluster cluster: someclustername readConsistency: LOCAL_QUORUM writeConsistency: LOCAL_QUORUM replicationFactor: 3 I don't think the communication between the janusgraph and Cassandra will be two way ssl as its only asking for truststore in the ssl section of janusgraph documentation. It can definitely support one way ssl from the configuration. If they want to use one way ssl, then they would need to update some files in the oom repo. They would need to update the following properties files: oom/kubernetes/aai/charts/aai-resources/resources/config/janusgraph-realtime.properties oom/kubernetes/aai/charts/aai-resources/resources/config/janusgraph-cached.properties oom/kubernetes/aai/charts/aai-traversal/resources/config/janusgraph-realtime.properties oom/kubernetes/aai/charts/aai-traversal/resources/config/janusgraph-cached.properties oom/kubernetes/aai/charts/aai-graphadmin/resources/config/janusgraph-realtime.properties oom/kubernetes/aai/charts/aai-graphadmin/resources/config/janusgraph-cached.properties From the documentation link Keong provided, if they add the required properties in the above files, then one way ssl communication can work. Thanks, Harish -----Original Message----- From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of Keong Lim Sent: Thursday, November 29, 2018 7:48 PM To: BLIMKIE, STEVEN <steven.blim...@amdocs.com>; onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [aai] Support for 2-way SSL? Hi Steve, The part you are actually talking about is the JanusGraph-to-Cassandra communications, since Cassandra is the backend storage engine. According to: - https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.janusgraph.org_0.2.0_cassandra.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=f44eG3iZaja2ozEA2yRZnQ&m=DR-D3pKngmkLiJf5ldOYEoVD4xaVRJ0Z4mKsNfp4Xeg&s=BoZJPy-I78wwUM8Ka9EH0CIJqh9kGH5bNRiT7KGKLVY&e= - https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.janusgraph.org_0.2.0_config-2Dref.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=f44eG3iZaja2ozEA2yRZnQ&m=DR-D3pKngmkLiJf5ldOYEoVD4xaVRJ0Z4mKsNfp4Xeg&s=VwXJys0STzZ69gESqvu74SwFQ4pDOxBbc2G46us4p00&e= the configuration option to check for is: 13.3.27. storage.cassandra.ssl storage.cassandra.ssl.enabled Controls use of the SSL connection to Cassandra (default "false"). I did a quick search on AAI code, but could not find it. Maybe it is specified elsewhere, e.g. in OOM parameter files. Keong -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14157): https://lists.onap.org/g/onap-discuss/message/14157 Mute This Topic: https://lists.onap.org/mt/28503357/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-