RE: Delete bucket type
Thank you for your quick reply, Magnus! We’re considering using bucket type to support multi-tenancy in our system. Hence, all objects stored within the namespace of the bucket type and bucket type need to be removed once the client has decided to opt-out. Thanks -Kyle- From: Magnus Kessler [mailto:mkess...@basho.com] Sent: Wednesday, September 28, 2016 2:13 AM To: Nguyen, Kyle Cc: Riak Users Subject: Re: Delete bucket type On 27 September 2016 at 20:50, Nguyen, Kyle mailto:kyle.ngu...@philips.com>> wrote: Hi all, Is deleting bucket type possible in version 2.1.4? If not, is there any workaround or available script/code that we can do this in a production environment without too much performance impact? Thanks -Kyle- Hi Kyle, There is currently no option to delete bucket types once they have been created. Are you trying to delete a bucket type and any objects stored within the namespace of the bucket type, or just remove a previously configured bucket type? In Riak, bucket types have very little operational overhead. They get stored in the cluster meta data and take up a small amount of disk space there. Bucket types are not gossiped around the ring on a regular basis, though, and therefore have not got the negative impact a large number of custom buckets would have. With Riak-2.x we generally recommend storing any configuration in bucket types, rather than creating custom buckets, even if there is only one bucket using that specific configuration. Kind Regards, Magnus -- Magnus Kessler Client Services Engineer Basho Technologies Limited Registered Office - 8 Lincoln’s Inn Fields London WC2A 3BP Reg 07970431 The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Delete bucket type
Hi all, Is deleting bucket type possible in version 2.1.4? If not, is there any workaround or available script/code that we can do this in a production environment without too much performance impact? Thanks -Kyle- The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
kGA1UEBhMCVVMx EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xNjA4MjIyMjQyNDBaFw0x NjEwMjEyMjQyNDBaMBkxFzAVBgNVBAMMDnJpYWtAMTI3LjAuMC4xMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWEXAA193kK/9jVx77/v3grXazowaYD4 oUc78Sk6CfAc8kaRlyrIyvZk+yz8xmnZWhL/UVlEtYkXRTjJ3c8RCCF332TW5C4L VJfdh+l0yXOfB4dsmzfJ9S67PMT6pwGIoj/4khhbHuLKjuCwo8iPjZBs2m1agxwH XFBAZx9NOBgdCKm/NDK3qsx60CaAIe4l8PRVyV6WKYMyt9m3+H5vEXz46907Bbku 8gspGvUjL51xpXeev8osNLFrEAOxHRYjEjzlZVqroxwdBfv00LCh+A/scaWpJ5bi BIFQ9F1RVTIuEIfsjSyfXO/e+ZYpJSSrfwFWv2eSrDQPlepQFapyDQIDAQABoy0w KzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIE8DALBgNVHQ8EBAMCBSAwDQYJ KoZIhvcNAQELBQADggEBAGh6mMvE3QizwNQGyL5f4ynegLaR7hE+Td2PaEuty/2t I2y4aCkKV+R/TTZDkFpZ+Mv3ZZyfzECrEdeGmSMqRbYMD/uHTiMZGBjqcrsVpp5U BtdrIWRkJ4kMhyVUY/gp6rYTomqJWcr03w0kI9hBJUYpJ7To21eZGL0Wqz8daFRD QaoHwPJFe2qAaco+lJqMc/8hwAuVMJ1+Tn34fWU6tUYPSBosvzZzMR90jfVK7AGF GY/5cu+HbDwZlACHTp9XDJrR2xtLA8xC1ZtUULBG0CIQUpt5fixjdI4g4nORAuOd 3vVTd+vRDilYcpFiUfgZ2TkzJzY1hElNBFM2XNwZTw0= -END CERTIFICATE- subject=/CN=riak@127.0.0.1 issuer=/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com --- Acceptable client certificate CA names /C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com --- SSL handshake has read 2123 bytes and written 665 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: AES128-SHA256 Session-ID: D556E6A1910D375558B3FDA7A69A16E65907336F84B002DD6AB2BD47CAD2DA3A Session-ID-ctx: Master-Key: A1B04B4C00A411B47CE8F0A5EDE4E72448E109D9549246E814BEC1B997DC69C2599D61A904340B5185DD4EC798D66729 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1472681389 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- -Original Message- From: Luke Bakken [mailto:lbak...@basho.com] Sent: Tuesday, August 30, 2016 2:21 PM To: Nguyen, Kyle Cc: Riak Users Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication using Java client This command will show the handshake used for HTTPS. It will show if the server's certificate (the same one used for TLS) can be validated. Using "openssl s_client" is a good way to start diagnosing what's actually happening when SSL/TLS is enabled in Riak. -- Luke Bakken Engineer lbak...@basho.com On Tue, Aug 30, 2016 at 2:18 PM, Nguyen, Kyle wrote: > Hi Luke, > > I am using TLS for protocol buffer - not sure if you're thinking of HTTP only. > > Thanks > > -Kyle- > > -Original Message- > From: Luke Bakken [mailto:lbak...@basho.com] > Sent: Tuesday, August 30, 2016 2:14 PM > To: Nguyen, Kyle > Cc: Riak Users > Subject: Re: Need help with Riak-KV (2.1.4) certificate based > authentication using Java client > > Kyle, > > I would be interested to see the output of this command run on the same > server as your Riak node: > > openssl s_client -debug -connect localhost:8098 > > Please replace "8098" with the HTTPS port used in this configuration setting > in your /etc/riak.conf file: > > listener.https.internal The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
Hi Luke,
I am using TLS for protocol buffer - not sure if you're thinking of HTTP only.
Thanks
-Kyle-
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 2:14 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle,
I would be interested to see the output of this command run on the same server
as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration setting in
your /etc/riak.conf file:
listener.https.internal
--
Luke Bakken
Engineer
lbak...@basho.com
On Tue, Aug 30, 2016 at 12:01 PM, Nguyen, Kyle wrote:
> Hi Luke,
>
> I believe this is not the case. The Java riak-client (version 2.0.6) that I
> used does validate the server's cert but not checking on server's CN. If I
> replaced getACert CA in the trustor with another unknown CA then SSL will
> fail with "unable to find valid certification path to requested target". I
> don't even see an option to ignore server cert validation on the client side.
> I am wondering if you can help provide some details related to SSL
> certification validation configuration.
>
> My riak node builder code:
> RiakNode.Builder builder = new
> RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
> builder.withAuth(username, password, trustStore, keyStore,
> keyPasswd);
>
> Thanks
>
> -Kyle-
The information contained in this message may be confidential and legally
protected under applicable law. The message is intended solely for the
addressee(s). If you are not the intended recipient, you are hereby notified
that any use, forwarding, dissemination, or reproduction of this message is
strictly prohibited and may be unlawful. If you are not the intended recipient,
please contact the sender by return e-mail and destroy all copies of the
original message.
___
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
Hi Luke,
I believe this is not the case. The Java riak-client (version 2.0.6) that I
used does validate the server's cert but not checking on server's CN. If I
replaced getACert CA in the trustor with another unknown CA then SSL will fail
with "unable to find valid certification path to requested target". I don't
even see an option to ignore server cert validation on the client side. I am
wondering if you can help provide some details related to SSL certification
validation configuration.
My riak node builder code:
RiakNode.Builder builder = new
RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
builder.withAuth(username, password, trustStore, keyStore,
keyPasswd);
Thanks
-Kyle-
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 7:14 AM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node, or its
IP address (without "riak@"). Then, the Java client should be configured to use
that to connect to the node (either DNS or IP).
Without doing that, I really don't have any idea how the Java client is
validating the server certificate during TLS handshake. Did you configure the
client to *not* validate the server cert?
--
Luke Bakken
Engineer
lbak...@basho.com
On Mon, Aug 29, 2016 at 3:18 PM, Nguyen, Kyle wrote:
> Hi Luke,
>
> The CN for client's certificate is "kyle" and the CN for riak cert
> (ssl.certfile) is "riak@127.0.0.1" which matches the nodename in the
> riak.conf. Riak ssl.cacertfile.pem contains the same CA (getACert) which I
> used to sign both client and riak public keys. It appears that riak also
> validated the client certificate following this SSL debug info. I do see ***
> CertificateVerify (toward the end) after the client certificate is requested
> by Riak. Please let me know if it looks right to you.
The information contained in this message may be confidential and legally
protected under applicable law. The message is intended solely for the
addressee(s). If you are not the intended recipient, you are hereby notified
that any use, forwarding, dissemination, or reproduction of this message is
strictly prohibited and may be unlawful. If you are not the intended recipient,
please contact the sender by return e-mail and destroy all copies of the
original message.
___
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
n-1, TLS_RSA_WITH_AES_128_CBC_SHA256] nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 21 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 920 nioEventLoopGroup-2-1, WRITE: TLSv1.2 Application Data, length = 920 Thanks -Kyle- -Original Message- From: Luke Bakken [mailto:lbak...@basho.com] Sent: Monday, August 29, 2016 2:20 PM To: Nguyen, Kyle Cc: Riak Users Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication using Java client Hi Kyle - Thanks for the info. Just so you know, setting check_clr = off means that Riak will not validate the signing chain of your client certificate. What value are you using for "CN=" for the certificates pointed to by the various "ssl.*" settings in riak.conf? http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#certificate-configuration I ask because the validation of the server certificate by the client during the TLS handshake depends on the CN= value. -- Luke Bakken Engineer lbak...@basho.com On Mon, Aug 29, 2016 at 2:07 PM, Nguyen, Kyle wrote: > Thanks a lot, Luke! I finally got the mutual certificate based authentication > working by setting check_clr = off since I don't see any documentation on how > to set this up and we might not need this feature. Another thing that I added > to make it work is to add the correct entry for cidr. I was using > 127.0.0.1/32 instead of 10.0.2.2/32 which is the Ubuntu ip that my laptop > localhost is sending the request to. > > +++---+--+ > | users|cidr| source | options | > +++---+--+ > |kyle|10.0.2.2/32 |certificate|[] > > TLS also works without using the DNS-resolvable hostname with protocol > buffer. Hence, I thought you must have referred to HTTPS. > > -Kyle- > > -Original Message- > From: Luke Bakken [mailto:lbak...@basho.com] > Sent: Monday, August 29, 2016 7:59 AM > To: Nguyen, Kyle > Cc: Riak Users > Subject: Re: Need help with Riak-KV (2.1.4) certificate based > authentication using Java client > > Kyle - > > What is the output of these commands? > > riak-admin security print-users > riak-admin security print-sources > > http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#user-manage > ment > > Please note that setting up certificate authentication *requires* that you > have set up SSL / TLS in Riak as well. > > http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#enabling-ss > l > > The SSL certificates used by Riak *must* have their "CN=" section match the > server's DNS-resolvable host name. This is an SSL/TLS requirement, not > specific to Riak. Then, when you connect via the Java client, you must use > the DNS name and not IP address. The client must have the appropriate public > key information to validate the server cert as well (from Get a Cert). > > -- > Luke Bakken > Engineer > lbak...@basho.com The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
Thanks a lot, Luke! I finally got the mutual certificate based authentication
working by setting check_clr = off since I don't see any documentation on how
to set this up and we might not need this feature. Another thing that I added
to make it work is to add the correct entry for cidr. I was using 127.0.0.1/32
instead of 10.0.2.2/32 which is the Ubuntu ip that my laptop localhost is
sending the request to.
+++---+--+
| users|cidr| source | options |
+++---+--+
|kyle|10.0.2.2/32 |certificate|[]
TLS also works without using the DNS-resolvable hostname with protocol buffer.
Hence, I thought you must have referred to HTTPS.
-Kyle-
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Monday, August 29, 2016 7:59 AM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle -
What is the output of these commands?
riak-admin security print-users
riak-admin security print-sources
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#user-management
Please note that setting up certificate authentication *requires* that you have
set up SSL / TLS in Riak as well.
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#enabling-ssl
The SSL certificates used by Riak *must* have their "CN=" section match the
server's DNS-resolvable host name. This is an SSL/TLS requirement, not specific
to Riak. Then, when you connect via the Java client, you must use the DNS name
and not IP address. The client must have the appropriate public key information
to validate the server cert as well (from Get a Cert).
--
Luke Bakken
Engineer
lbak...@basho.com
On Fri, Aug 26, 2016 at 3:34 PM, Nguyen, Kyle wrote:
> Update – Handshake was successfully after I opted out mutual
> authentication option, client no longer sends its certificate to riak.
> However, getting the following error after TLS is established:
>
>
>
> *** Finished
>
> verify_data: { 149, 140, 49, 23, 238, 152, 45, 212, 158, 44, 189, 155
> }
>
> ***
>
> %% Cached client session: [Session-12,
> TLS_RSA_WITH_AES_128_CBC_SHA256]
>
> nioEventLoopGroup-2-4, WRITE: TLSv1.2 Application Data, length = 21
>
> nioEventLoopGroup-2-4, called closeOutbound()
>
> …..
>
> Caused by: com.basho.riak.client.core.NoNodesAvailableException
>
> at
> com.basho.riak.client.core.RiakCluster.retryOperation(RiakCluster.java
> :469)
>
> at
> com.basho.riak.client.core.RiakCluster.access$1000(RiakCluster.java:48
> )
>
> at
> com.basho.riak.client.core.RiakCluster$RetryTask.run(RiakCluster.java:
> 554)
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511
> )
>
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.a
> ccess$201(ScheduledThreadPoolExecutor.java:180)
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.r
> un(ScheduledThreadPoolExecutor.java:293)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> ava:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> java:617)
>
> ... 1 more
The information contained in this message may be confidential and legally
protected under applicable law. The message is intended solely for the
addressee(s). If you are not the intended recipient, you are hereby notified
that any use, forwarding, dissemination, or reproduction of this message is
strictly prohibited and may be unlawful. If you are not the intended recipient,
please contact the sender by return e-mail and destroy all copies of the
original message.
___
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Need help with Riak-KV (2.1.4) certificate based authentication using Java client
Update – Handshake was successfully after I opted out mutual authentication
option, client no longer sends its certificate to riak. However, getting the
following error after TLS is established:
*** Finished
verify_data: { 149, 140, 49, 23, 238, 152, 45, 212, 158, 44, 189, 155 }
***
%% Cached client session: [Session-12, TLS_RSA_WITH_AES_128_CBC_SHA256]
nioEventLoopGroup-2-4, WRITE: TLSv1.2 Application Data, length = 21
nioEventLoopGroup-2-4, called closeOutbound()
…..
Caused by: com.basho.riak.client.core.NoNodesAvailableException
at
com.basho.riak.client.core.RiakCluster.retryOperation(RiakCluster.java:469)
at
com.basho.riak.client.core.RiakCluster.access$1000(RiakCluster.java:48)
at
com.basho.riak.client.core.RiakCluster$RetryTask.run(RiakCluster.java:554)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
... 1 more
From: Jonathan Joseph [mailto:jonbjos...@gmail.com]
Sent: Thursday, August 25, 2016 5:53 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Try adding the following Java property setting when launching your java client
in order to see SSL Handshake related debug information:
-Djavax.net.debug=ssl:handshake
Or to see all ssl related debug output:
-Djavax.net.debug=ssl
On Thu, Aug 25, 2016 at 4:24 PM, Nguyen, Kyle
mailto:kyle.ngu...@philips.com>> wrote:
Hi all,
I was trying to implement client certificate based authentication following
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the
following SSL Handshake exception. I believe I have the client keystore,
truststore and riak server cert/key setup properly. Both client cert and riak
server cert are signed with the same CA. Any advice and suggestions will be
greatly appreciated!
2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the default
logging framework
2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 -
-Dio.netty.eventLoopThreads: 16
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - sun.misc.Unsafe.theUnsafe:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - sun.misc.Unsafe.copyMemory:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: true
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: false
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist in
your class path or you don't have enough permission to load dynamically
generated classes. Please check the configuration for better performance.
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir:
C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64
(sun.arch.data.model)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noPreferDirect:
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization:
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 -
-Dio.netty.selectorAutoRebuildThreshold: 512
2016-08-25 12:53:24 INFO RiakJKSConnection:73 - initializeRiak Cluster is OK
2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 -
-Dio.netty.initialSeedUniquifier: 0xac658e47a52a7794 (took 3 ms)
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: unpooled
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 -
-Dio.netty.threadLocalDirectBufferSize: 65536
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 -
-Dio.netty.maxThreadLocalCharBufferSize: 16384
2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added
2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise
2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 -
-Dio.netty.buffer.bytebuf.checkAccessible: true
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
-Dio.netty.leakDetection.level: simple
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
-Dio.netty.leakDetection.maxRecords: 4
2016-08-25 12:53:24 D
Need help with Riak-KV (2.1.4) certificate based authentication using Java client
Hi all,
I was trying to implement client certificate based authentication following
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the
following SSL Handshake exception. I believe I have the client keystore,
truststore and riak server cert/key setup properly. Both client cert and riak
server cert are signed with the same CA. Any advice and suggestions will be
greatly appreciated!
2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the default
logging framework
2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 -
-Dio.netty.eventLoopThreads: 16
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - sun.misc.Unsafe.theUnsafe:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - sun.misc.Unsafe.copyMemory:
available
2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: true
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: false
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable
2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist in
your class path or you don't have enough permission to load dynamically
generated classes. Please check the configuration for better performance.
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir:
C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64
(sun.arch.data.model)
2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noPreferDirect:
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization:
false
2016-08-25 12:53:24 DEBUG NioEventLoop:76 -
-Dio.netty.selectorAutoRebuildThreshold: 512
2016-08-25 12:53:24 INFO RiakJKSConnection:73 - initializeRiak Cluster is OK
2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 -
-Dio.netty.initialSeedUniquifier: 0xac658e47a52a7794 (took 3 ms)
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: unpooled
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 -
-Dio.netty.threadLocalDirectBufferSize: 65536
2016-08-25 12:53:24 DEBUG ByteBufUtil:76 -
-Dio.netty.maxThreadLocalCharBufferSize: 16384
2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added
2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise
2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 -
-Dio.netty.buffer.bytebuf.checkAccessible: true
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
-Dio.netty.leakDetection.level: simple
2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 -
-Dio.netty.leakDetection.maxRecords: 4
2016-08-25 12:53:24 DEBUG Recycler:76 -
-Dio.netty.recycler.maxCapacity.default: 262144
2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner(): available
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder decode
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received MSG_RpbStartTls
reply
2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed:
java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth; 127.0.0.1:8087
java.nio.channels.ClosedChannelException
2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive
RiakNode builder setup:
public static RiakCluster getRiakCluster(String riakUserName, String
userPassword, String storePath, String storePasswd, String keyPasswd) throws
UnknownHostException{
KeyStore keyStore = loadKeystore(storePath,storePasswd);
//riak with one node
RiakNode.Builder builder = new
RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
builder.withAuth(riakUserName, userPassword, trustStore, keyStore,
keyPasswd);
builder.withConnectionTimeout(3);
RiakCluster cluster = cluster = new
RiakCluster.Builder(builder.build()).build();
cluster.start();
return cluster;
}
Thanks
-Kyle-
The information contained in this message may be confidential and legally
protected under applicable law. The message is intended solely for the
addressee(s). If you are not the intended recipient, you are hereby notified
that any use, forwarding, dissemination, or reproduction of this message is
strictly prohibited and may be unlawful. If you are not the intended recipient,
please contact the sender by return e-mail and destroy all copies of the
original message.
___
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
RE: Creating riak-kv bucket type programmatically
Thanks John and Luke! This would help streamline our operation support task to manage our service which uses RIAK-KV in the future. -Kyle- From: John Daily [mailto:jda...@basho.com] Sent: Tuesday, July 05, 2016 11:50 AM To: Nguyen, Kyle Cc: Riak Users Subject: Re: Creating riak-kv bucket type programmatically We punted on a bucket type API with Riak 2.0 because we tied authorization heavily to bucket types and didn’t have the time to unravel that knot. Since then we have yet to prioritize it. I will make sure this is on the roadmap. -John On Jul 5, 2016, at 2:15 PM, Nguyen, Kyle mailto:kyle.ngu...@philips.com>> wrote: Hi all, Is there a way for us to create bucket type programmatically without using the cli “sudo riak-admin bucket-type create my_bucket_type” command? Thanks -Kyle- The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com<mailto:riak-users@lists.basho.com> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Creating riak-kv bucket type programmatically
Hi all, Is there a way for us to create bucket type programmatically without using the cli "sudo riak-admin bucket-type create my_bucket_type" command? Thanks -Kyle- The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Riak-TS 1.3 - how to Drop an existing table and enable Authorization for HTTP APIs
Hi all, We're doing a POC on Riak-TS 1.3 and want to find out if there is an option to Drop an existing table and enable Authorization for HTTP APIs. Thanks -kyle- The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
