I setup cassandra with inter-node SSL and client-to-server SSL and basic password auth. No problem using cqlsh or python to connect to cassandra with any certificate as certificate_validation is disabled.
My opscenter cluster config is :
[jmx] username = password = port = 7199 [kerberos_client_principals] [kerberos] [agents] thrift_ssl_truststore = /usr/share/opscenter/conf/cassandra_client_trust.jks thrift_ssl_truststore_password = changeme [kerberos_hostnames] [kerberos_services] [cassandra] username = cassandra ssl_ca_certs = /usr/share/opscenter/conf/cassandra_external.pem ssl_validate = False seed_hosts = acacia api_port = 9160 password = changeme
I'm trying to install the agent on the cassandra hosts using the tarball. I set the address.yaml to :
stomp_interface: "10.235.10.7" use_ssl: 1
Trying to start the agent (I had to add A LOT more memory to java than the default 40mb) :
INFO [thrift-init] 2014-01-27 16:32:08,300 Connecting to Cassandra cluster: 10.235.10.104 (port 9160) INFO [thrift-init] 2014-01-27 16:32:08,316 Downed Host Retry service started with queue size -1 and retry delay 10s INFO [thrift-init] 2014-01-27 16:32:08,322 Registering JMX me.prettyprint.cassandra.service_Agent Cluster:ServiceType=hector,MonitorType=hector ERROR [thrift-init] 2014-01-27 16:32:08,556 MARK HOST AS DOWN TRIGGERED for host 10.235.10.104(10.235.10.104):9160 ERROR [thrift-init] 2014-01-27 16:32:08,557 Pool state on shutdown: :{10.235.10.104(10.235.10.104):9160}; IsActive?: true; Active: 1; Blocked: 1; Idle: 0; NumBeforeExhausted: 0 INFO [thrift-init] 2014-01-27 16:32:08,557 Shutdown triggered on :{10.235.10.104(10.235.10.104):9160} INFO [thrift-init] 2014-01-27 16:32:08,557 Shutdown complete on :{10.235.10.104(10.235.10.104):9160} INFO [thrift-init] 2014-01-27 16:32:08,557 Host detected as down was added to retry queue: 10.235.10.104(10.235.10.104):9160 WARN [thrift-init] 2014-01-27 16:32:08,558 Could not fullfill request on this host CassandraClient WARN [thrift-init] 2014-01-27 16:32:08,559 Exception: me.prettyprint.hector.api.exceptions.HectorTransportException: org.apache.thrift.transport.TTransportException at me.prettyprint.cassandra.service.ExceptionsTranslatorImpl.translate(ExceptionsTranslatorImpl.java:33) at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:151) at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:145) at me.prettyprint.cassandra.service.Operation.executeAndSetResult(Operation.java:104) at me.prettyprint.cassandra.connection.HConnectionManager.operateWithFailover(HConnectionManager.java:258) at me.prettyprint.cassandra.service.AbstractCluster.describeClusterName(AbstractCluster.java:155) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:298) at clj_hector.core$cluster_name.invoke(core.clj:40) at opsagent.cassandra$setup_cassandra$f__352__auto____899$fn__919.invoke(cassandra.clj:360) at opsagent.cassandra$setup_cassandra$f__352__auto____899.invoke(cassandra.clj:358) at clojure.lang.AFn.run(AFn.java:24) at java.lang.Thread.run(Thread.java:724) Caused by: org.apache.thrift.transport.TTransportException
I don't know if this is related to SSL or to user/password... but it's failing. As the agent connect to the local Cassandra server, I expect it should know the login/pass of the cassandra user (or any superuser or maybe a regular user) ? doesn't he ?