Opscenter 4.1 - SSL 代理通信与内部身份验证

tag-icon tag-icon ssl authentication cassandra
Opscenter 4.1 - SSL 代理通信与内部身份验证

我的问题涉及带有 SSL 和 Auth 的 Opscenter 4.0.2 和 Cassandra 2.0.4:代理无法连接。提供的答案确实有帮助,但却产生了另一个问题。

总而言之,在我启用 opscenter 和 datastax-agents 之间的 SSL 之前,一切都运行正常。我使用的是 DSE 4.0,我的配置与另一张票中的配置类似,我知道信任库会被拾取。然而,代理有时在日志中抛出以下异常:

INFO [thrift-init] 2014-03-12 12:52:08,283 Registering JMX me.prettyprint.cassandra.service_Agent Cluster:ServiceType=hector,MonitorType=hector
INFO [StompConnection receiver] 2014-03-12 12:52:08,352 Starting OS metric collectors (Linux)
INFO [StompConnection receiver] 2014-03-12 12:52:08,444 Starting Cassandra JMX metric collectors
ERROR [thrift-init] 2014-03-12 12:52:09,022 Exception in thread "thrift-init" 
ERROR [thrift-init] 2014-03-12 12:52:09,023 java.lang.OutOfMemoryError: Java heap space
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.transport.TFramedTransport.readFrame(TFramedTransport.java:140)
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.transport.TFramedTransport.read(TFramedTransport.java:101)
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84)
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378)
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)
ERROR [thrift-init] 2014-03-12 12:52:09,023     at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:204)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:69)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at org.apache.cassandra.thrift.Cassandra$Client.recv_describe_cluster_name(Cassandra.java:1101)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at org.apache.cassandra.thrift.Cassandra$Client.describe_cluster_name(Cassandra.java:1089)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:149)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:145)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at me.prettyprint.cassandra.service.Operation.executeAndSetResult(Operation.java:104)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at me.prettyprint.cassandra.connection.HConnectionManager.operateWithFailover(HConnectionManager.java:253)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at me.prettyprint.cassandra.service.AbstractCluster.describeClusterName(AbstractCluster.java:155)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at java.lang.reflect.Method.invoke(Method.java:606)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93)
ERROR [thrift-init] 2014-03-12 12:52:09,024     at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:298)
ERROR [thrift-init] 2014-03-12 12:52:09,025     at clj_hector.core$cluster_name.invoke(core.clj:40)
ERROR [thrift-init] 2014-03-12 12:52:09,025     at opsagent.cassandra$setup_cassandra$f__376__auto____929$fn__949.invoke(cassandra.clj:360)
ERROR [thrift-init] 2014-03-12 12:52:09,025     at opsagent.cassandra$setup_cassandra$f__376__auto____929.invoke(cassandra.clj:358)
ERROR [thrift-init] 2014-03-12 12:52:09,025     at clojure.lang.AFn.run(AFn.java:24)
ERROR [thrift-init] 2014-03-12 12:52:09,025     at java.lang.Thread.run(Thread.java:744)

就像另一张票上说的那样,为了得到实际的异常,我必须给虚拟机更多的内存(我必须设置 -Xmx1024M,因为 256MB 是不够的):

me.prettyprint.hector.api.exceptions.HectorTransportException: org.apache.thrift.transport.TTransportException
        at me.prettyprint.cassandra.service.ExceptionsTranslatorImpl.translate(ExceptionsTranslatorImpl.java:39)
        at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:151)
        at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:145)
        at me.prettyprint.cassandra.service.Operation.executeAndSetResult(Operation.java:104)
        at me.prettyprint.cassandra.connection.HConnectionManager.operateWithFailover(HConnectionManager.java:253)
        at me.prettyprint.cassandra.service.AbstractCluster.describeClusterName(AbstractCluster.java:155)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93)
        at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:298)
        at clj_hector.core$cluster_name.invoke(core.clj:40)
        at opsagent.cassandra$setup_cassandra$f__376__auto____929$fn__949.invoke(cassandra.clj:360)
        at opsagent.cassandra$setup_cassandra$f__376__auto____929.invoke(cassandra.clj:358)
        at clojure.lang.AFn.run(AFn.java:24)
        at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.thrift.transport.TTransportException
        at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:132)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84)
        at org.apache.thrift.transport.TFramedTransport.readFrame(TFramedTransport.java:141)
        at org.apache.thrift.transport.TFramedTransport.read(TFramedTransport.java:101)
        at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84)
        at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378)
        at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)
        at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:204)
        at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:69)
        at org.apache.cassandra.thrift.Cassandra$Client.recv_describe_cluster_name(Cassandra.java:1101)
        at org.apache.cassandra.thrift.Cassandra$Client.describe_cluster_name(Cassandra.java:1089)
        at me.prettyprint.cassandra.service.AbstractCluster$2.execute(AbstractCluster.java:149)
        ... 15 more

但是,有时,一切都很顺利,所以它确实看起来像是竞争条件。我按照另一张票的唯一答案中提出的说明进行操作,并在 address.yaml 中手动配置了代理的 ssl 设置:

thrift_ssl_truststore: /etc/dse/conf/.truststore 
thrift_ssl_truststore_password: XYZ

现在,ssl 部分可以工作了,但是 Hector 在尝试运行请求时出现错误:

ERROR [thrift-processor-1] 2014-03-12 03:34:42,420 Error when proccessing thrift callme.prettyprint.hector.api.exceptions.HInvalidRequestException: InvalidRequestException(why:You have not logged in)

我确实启用了内部身份验证。但是,现在代理上手动配置了 SSL 连接,似乎忽略了 opscenter 发送的凭据。

在 Cassandra 中启用内部身份验证/授权的同时,是否有适当的解决方案使 SSL 通信与代理一起工作?

答案1

不幸的是,导致第一个问题的相同错误也可能导致身份验证详细信息无法正确设置。不过,您也可以在 address.yaml 中指定它们。

thrift_user: <username>
thrift_pass: <password>

相关内容