Cassandra

“無法綁定到埠”啟用 Cassandra 客戶端加密

  • April 13, 2016

我在 Debian 7 上執行帶有三節點集群的 Cassandra 1.2。集群執行良好。但我想為客戶端啟用加密,如此處所述:ttp://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureSSLClientToNode_t.html

但是當我在進行必要的配置更改後重新啟動 Cassandra 時,我在日誌中收到此錯誤,並且 Cassandra 崩潰:

INFO 20:12:16,734 enabling encrypted thrift connections between client and server
java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: java.lang.RuntimeException: Unable to create thrift socket to /192.168.0.1:9160
       at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:267)
       at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
       at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:105)
       at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:52)
       at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:400)
       ... 5 more
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
       at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
       at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
       at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:257)
       ... 9 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers
       at sun.security.ssl.CipherSuiteList.<init>(Unknown Source)
       at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
       at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
       ... 11 more
Cannot start daemon
Service exit with a return value of 5

完整的日誌輸出要點

cassandra.yaml 要點

我錯過了什麼?

您需要添加 java 加密擴展。在此處查看有關此問題的部落格文章:

http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/

引用自:https://serverfault.com/questions/534614