OpsCenter with client to node encryption

2015-05-26 Thread Jan Kesten 

Hi all,

I am trying to setup internode and client encryption on cassandra. I set 
up a small ca, generated the certificates, distributed them and 
configured the nodes to use them.


Internode encryption worked straight forward, cqlsh after I added "--ssl".

But I am not able to setup OpsCenter (running 5.1.1). Two issues:

1. I added the ca file path, for me /etc/opscenter/cassandra_ca.pem, as 
asked. I cant save the cluster until I add a keystore even if I did not 
set a mark for client verification - also I cant find any documentation 
which keystore is meant here. Since OpsCenter is python these are 
obviously not the jks keystores from cassandra.


I guess that it is meant in that way, the individual nodes present thier 
certificate to opscenter which would verify it against the ca-store.


2. Trying to connect gives me an error in opscenterd.log:

2015-05-26 10:34:27+ []  INFO: Using SSL when checking thrift 
connection: /etc/opscenter/cassandra_ca.pem, client_pem=None, 
client_key=None,

validate=True
2015-05-26 10:34:27+ []  INFO: Starting factory 
0x7fa490ff97a0>

2015-05-26 10:34:27+ [] Unhandled Error
Traceback (most recent call last):
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", 
line 84, in callWithLogger

return callWithContext({"system": lp}, func, *args, **kw)
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", 
line 69, in callWithContext

return context.call({ILogContext: newCtx}, func, *args, **kw)
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py", line 
59, in callWithContext
return self.currentContext().callWithContext(ctx, func, 
*args, **kw)
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py", line 
37, in callWithContext

return func(*args,**kw)
---  ---
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/epollreactor.py", 
line 220, in _doReadOrWrite

why = selectable.doWrite()
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", 
line 664, in doConnect

self._connectDone()
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/ssl.py", 
line 160, in _connectDone

self.startTLS(self.ctxFactory)
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", 
line 561, in startTLS

if Connection.startTLS(self, ctx, client):
  File 
"/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py", 
line 402, in startTLS

self.socket = SSL.Connection(ctx.getContext(), self.socket)
  File 
"/usr/lib/python2.7/dist-packages/opscenterd/SslUtils.py", line 54, in 
getContext


  File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 
303, in load_verify_locations

raise TypeError("cafile must be None or a byte string")
exceptions.TypeError: cafile must be None or a byte string

2015-05-26 10:34:27+ []  INFO: instance at 0x7fa490ff9a70> will retry in 2 seconds

2015-05-26 10:34:27+ []  INFO: Unhandled error in Deferred:
2015-05-26 10:34:27+ [] Unhandled Error
Traceback (most recent call last):
Failure: twisted.internet.error.ConnectError: An error occurred 
while connecting: [Failure instance: Traceback (failure with no frames): 
: cafile must be None or a byte string

].

Any hints about this?

Thanks in advance,
Jan

Re: SS Tables Implementation

2015-02-03 Thread Jan Kesten 

Hi Karl,

what do you want to do? If you need a high performant, scaleable, 
redundant in-memory data grid I think you may be better off using 
Hazelcast, which is available as enterprise grade and open source software.


To rather short describe what it does, Hazelcast provides distributed 
collections compatible to java.util.Collections. There are also 
executors, replication and so on. Of course there is many more to say 
about it, but if you have a question just ask.


http://hazelcast.org/

I wrote this off-list as I think this is something off-topic.

Hope to help,
Jan

Am 03.02.2015 um 14:45 schrieb Karl Kröber:

Hello Cassandra Devs,

First of all, forgive me if I break some mailing-list rules, this is the first 
time I’m actually writing to an open source project in this manner.

We’re interested in using the SS Tables implementation of Cassandra for fast 
and efficient memory mapped / in-memory data access with generic keys and 
values. The reason is, that we couldn’t find any other native Java 
implementation. Sadly, the current code is tightly interwoven with the rest of 
Cassandra which makes it very hard to split it apart from the rest of the 
project.

Do you guys have some pointers on how we could achieve this?
What classes do we need (currently I’m thinking the complete io pacakge)?
How do we separate the whole Cassandra overhead like CFMetaData and stuff like 
CellName?

My current implementation looks like this: 
https://gist.github.com/kroeber/6170be56fcbbdfb9861e 
<https://gist.github.com/kroeber/6170be56fcbbdfb9861e>
Sadly this doesn’t work and fails with the exception I’ve posted in comment to 
that gist.

Any pointers would be very helpful! Thanks for your engagement!

~Karl



--
i.A. Jan Kesten Systemadministration enercast GmbH Friedrich - Ebert - 
Straße 104 D–34119 Kassel Tel.: +49 561 / 4739664-0 Fax: 
(+49)561/4739664-9 mailto: j.kes...@enercast.de http://www.enercast.de 
AG Kassel HRB 15471 Thomas Landgraf Geschäftsführer 
t.landg...@enercast.de Tel.: (+49)561/4739664-0 FAX: -9 Mobil: 
(+49)172/6565087 enercast GmbH Friedrich-Ebert-Str. 104 D-34119 Kassel 
HRB15471 http://www.enercast.de Online-Prognosen für erneuerbare 
Energien Geschäftsführung: Thomas Landgraf (CEO), Bernd Kratz (CTO), 
Philipp Rinder (CSO) Diese E-Mail und etwaige Anhänge können 
vertrauliche und/oder rechtlich geschützte Informationen enthalten. 
Falls Sie nicht der angegebene Empfänger sind oder falls diese E-Mail 
irrtümlich an Sie adressiert wurde, benachrichtigen Sie uns bitte sofort 
durch Antwort-E-Mail und löschen Sie diese E-Mail nebst etwaigen Anlagen 
von Ihrem System. Ebenso dürfen Sie diese E-Mail oder ihre Anlagen nicht 
kopieren oder an Dritte weitergeben. Vielen Dank. This e-mail and any 
attachment may contain confidential and/or privileged information. If 
you are not the named addressee or if this transmission has been 
addressed to you in error, please notify us immediately by reply e-mail 
and then delete this e-mail and any attachment from your system. Please 
understand that you must not copy this e-mail or any attachment or 
disclose the contents to any other person. Thank you for your cooperation.

Problem with upgrade to 2.1.3

2015-02-20 Thread Jan Kesten 

Hi all,

this is my first post on the development list of cassandra - but I think 
this belongs here.


I'm running cassandra for a while now, and on testing I ran in many of 
2.1.2s issues. So I upgraded my test cluster from 2.1.2 to 2.1.3. I 
updated with the debian packages, diffed my cassandra.yaml and applied 
our changes to the new cassandra.yaml. Those changes are:


- cluster_name
- seeds
- listen_interface instead of listen_address
- rpc_interface instead of rpc_address

Nothing really spectacular - interface is nice as all nodes have the 
same cassandra.yaml. But trying to start 2.1.3 gives me an NPE:


ERROR [main] 2015-02-20 07:50:09,661 DatabaseDescriptor.java:144 - Fatal 
error during configuration loading

java.lang.NullPointerException: null
at 
org.apache.cassandra.config.DatabaseDescriptor.applyConfig(DatabaseDescriptor.java:411) 
~[apache-cassandra-2.1.3.jar:2.1.3]
at 
org.apache.cassandra.config.DatabaseDescriptor.(DatabaseDescriptor.java:133) 
~[apache-cassandra-2.1.3.jar:2.1.3]
at 
org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:110) 
[apache-cassandra-2.1.3.jar:2.1.3]
at 
org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:465) 
[apache-cassandra-2.1.3.jar:2.1.3]
at 
org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:554) 
[apache-cassandra-2.1.3.jar:2.1.3]


I also tried the .tar.gz distribution with the same result. I looked at 
the code of DatabaseDescriptor, and if someone uses rpc_interface this 
piece of code is executed:


/* Local IP, hostname or interface to bind RPC server to */
if(conf.rpc_address !=null&& conf.rpc_interface !=null)
{
throw newConfigurationException("Set rpc_address OR rpc_interface, not 
both");
}
else if(conf.rpc_address !=null)
{
try
{
rpcAddress = InetAddress.getByName(conf.rpc_address);
}
catch(UnknownHostException e)
{
throw newConfigurationException("Unknown host in rpc_address "+ 
conf.rpc_address);
}
}
else if(conf.rpc_interface !=null)
{
listenAddress = 
getNetworkInterfaceAddress(conf.rpc_interface,"rpc_interface");
}
else
{
rpcAddress = FBUtilities.getLocalAddress();
}


I think that listenAddress in the second else block is an error. In my 
case rpc_interface is eth0, so listenAddress gets set, and rpcAddress 
remains unset. The result is NPE in line 411:


if(rpcAddress.isAnyLocalAddress())

After changing rpc_interface to rpc_address everything works as expected.

Best regards,
Jan

Re: Problem with upgrade to 2.1.3

2015-02-20 Thread Jan Kesten 

Hi,
I put this into an JIRA issue:CASSANDRA-8839