个人中心
gpt4 book ai didi

ssl - 打开 cassandra 节点间加密导致 "Unable to gossip with any seeds"异常

转载 作者:太空宇宙 更新时间:2023-11-03 12:59:14 25 4
gpt4 key购买 nike

我正在尝试打开 cassandra (2.1) 节点间加密。出于测试目的,我正在尝试启动一个 2 节点集群。

我在 2 个单独的 ec2 实例上的 docker 容器内运行每个节点。没有节点间加密,一切都按预期工作。

我正在使用以下脚本生成 ssl key (取自 https://docs.jboss.org/author/display/RHQ/Cassandra+Node+To+Node+Encryption?_sscc=t):

  for ((a=0; a < NUMBER_OF_NODES ; a++))
  do
     node_id=node${a}

     echo -e "Start building certificates for ${node_id}"
     echo -e "=========================================="
     rm -vf ./${node_id}.keystore
     rm -vf ./${node_id}.cer

     #1 Generate key and store
     ${java_folder}/keytool -genkey -v -keyalg RSA -keysize 1024 -alias ${node_id} -keystore ${node_id}.keystore -storepass "${node_id}store" -dname 'CN=RHQ' -keypass "${node_id}store" -validity 3650

     #2 Extract public certificate
     ${java_folder}/keytool -export -v -alias ${node_id} -file ${node_id}.cer -keystore ${node_id}.keystore -storepass "${node_id}store"

     #3 Add public certificate to global keystore
     ${java_folder}/keytool -import -v -trustcacerts -alias ${node_id} -file ${node_id}.cer -keystore global.truststore -storepass 'globalstore' -noprompt

     echo -e "========================================="
     echo -e "Done building certificates for ${node_id}\n\n"
  done

我还将以下配置添加到每个节点的 cassandra.yml 文件(node0 相应更改):

server_encryption_options:
   internode_encryption: all
   keystore: /keystores/node0.keystore
   keystore_password: node0store
   truststore: /keystores/global.truststore
   truststore_password: globalstore

node1 配置有 node0 作为种子。我启动 node0,并等待它启动,我没有看到任何异常,一切都按预期进行。然后我启动 node1,它会抛出以下内容(仅当调试级别设置为“trace”时):

TRACE 08:14:16 unable to connect to 172.12.1.11/172.12.1.11
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
        at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671) ~[na:1.7.0_65]
        at sun.security.ssl.InputRecord.read(InputRecord.java:504) ~[na:1.7.0_65]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) ~[na:1.7.0_65]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_65]
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) ~[na:1.7.0_65]
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ~[na:1.7.0_65]
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.7.0_65]
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) ~[na:1.7.0_65]
        at org.apache.cassandra.io.util.DataOutputStreamPlus.flush(DataOutputStreamPlus.java:55) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.net.OutboundTcpConnection.connect(OutboundTcpConnection.java:347) [apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.net.OutboundTcpConnection.run(OutboundTcpConnection.java:163) [apache-cassandra-2.1.1.jar:2.1.1]
TRACE 08:14:17 Expired 0 entries
TRACE 08:14:20 Expired 0 entries
TRACE 08:14:22 Expired 0 entries
TRACE 08:14:25 Expired 0 entries
TRACE 08:14:27 Expired 0 entries
TRACE 08:14:30 Expired 0 entries
TRACE 08:14:32 Expired 0 entries
DEBUG 08:14:34 Copy GC in 14ms.  CMS Old Gen: 9537256 -> 14901648; Eden Space: 41943040 -> 0; Survivor Space: 5242872 -> 5242880
TRACE 08:14:35 Expired 0 entries
ERROR 08:14:37 Exception encountered during startup
java.lang.RuntimeException: Unable to gossip with any seeds
        at org.apache.cassandra.gms.Gossiper.doShadowRound(Gossiper.java:1221) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.StorageService.checkForEndpointCollision(StorageService.java:457) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:700) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:637) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:529) ~[apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:324) [apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:443) [apache-cassandra-2.1.1.jar:2.1.1]
        at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:532) [apache-cassandra-2.1.1.jar:2.1.1]
java.lang.RuntimeException: Unable to gossip with any seeds
        at org.apache.cassandra.gms.Gossiper.doShadowRound(Gossiper.java:1221)
        at org.apache.cassandra.service.StorageService.checkForEndpointCollision(StorageService.java:457)
        at org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:700)
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:637)
        at org.apache.cassandra.service.StorageService.initServer(StorageService.java:529)
        at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:324)
        at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:443)
        at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:532)
Exception encountered during startup: Unable to gossip with any seeds

还值得注意的是,在 node0 上,端口 7001 已打开并可由 node1 访问。

最佳答案

通常情况下,问题与环境配置有关,与实际的 cassandra 设置无关。

我在 coreos 集群上的 docker 容器内运行隔离的 cassandra 实例。忘记了etcd默认的ssl端口和cassandra默认的ssl节点间通信端口都是7001。

当更改其中一个系统以使用备用端口号时,问题已解决。我认为错误消息可能更清楚(并且不需要跟踪调试级别)。更清晰的错误消息可以节省我跟踪网络数据包寻找答案的时间。

关于ssl - 打开 cassandra 节点间加密导致 "Unable to gossip with any seeds"异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27375411/

25 4 0
文章推荐: ssl - Apache 轴自定义 TrustManager
文章推荐: c# - 使用正则表达式从 SQL 查询中提取表和列
文章推荐: c# - 如何简化 href 属性,这样我就不会得到 "the given paths format is not supported"?
文章推荐: python - Tkinter 动画将不起作用
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com