Hi Jan,
The dev mailing list is for the development of Cassandra only. The most
appropriate place for a question about OpsCenter is probably a
StackOverflow post tagged with "datastax-opscenter".
On Tue, May 26, 2015 at 5:59 AM, Jan Kesten <j...@dg6obo.de> wrote:
> Hi all,
>
> I am trying to setup internode and client encryption on cassandra. I set
> up a small ca, generated the certificates, distributed them and configured
> the nodes to use them.
>
> Internode encryption worked straight forward, cqlsh after I added "--ssl".
>
> But I am not able to setup OpsCenter (running 5.1.1). Two issues:
>
> 1. I added the ca file path, for me /etc/opscenter/cassandra_ca.pem, as
> asked. I cant save the cluster until I add a keystore even if I did not set
> a mark for client verification - also I cant find any documentation which
> keystore is meant here. Since OpsCenter is python these are obviously not
> the jks keystores from cassandra.
>
> I guess that it is meant in that way, the individual nodes present thier
> certificate to opscenter which would verify it against the ca-store.
>
> 2. Trying to connect gives me an error in opscenterd.log:
>
> 2015-05-26 10:34:27+0000 [] INFO: Using SSL when checking thrift
> connection: /etc/opscenter/cassandra_ca.pem, client_pem=None,
> client_key=None,
> validate=True
> 2015-05-26 10:34:27+0000 [] INFO: Starting factory
> <opscenterd.ThriftService.NoReconnectCassandraClientFactory instance at
> 0x7fa490ff97a0>
> 2015-05-26 10:34:27+0000 [] Unhandled Error
> Traceback (most recent call last):
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", line
> 84, in callWithLogger
> return callWithContext({"system": lp}, func, *args, **kw)
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/log.py", line
> 69, in callWithContext
> return context.call({ILogContext: newCtx}, func, *args, **kw)
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py",
> line 59, in callWithContext
> return self.currentContext().callWithContext(ctx, func, *args,
> **kw)
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/python/context.py",
> line 37, in callWithContext
> return func(*args,**kw)
> --- <exception caught here> ---
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/epollreactor.py",
> line 220, in _doReadOrWrite
> why = selectable.doWrite()
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py",
> line 664, in doConnect
> self._connectDone()
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/ssl.py",
> line 160, in _connectDone
> self.startTLS(self.ctxFactory)
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py",
> line 561, in startTLS
> if Connection.startTLS(self, ctx, client):
> File
> "/usr/share/opscenter/lib/py-debian/2.7/amd64/twisted/internet/tcp.py",
> line 402, in startTLS
> self.socket = SSL.Connection(ctx.getContext(), self.socket)
> File "/usr/lib/python2.7/dist-packages/opscenterd/SslUtils.py",
> line 54, in getContext
>
> File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line
> 303, in load_verify_locations
> raise TypeError("cafile must be None or a byte string")
> exceptions.TypeError: cafile must be None or a byte string
>
> 2015-05-26 10:34:27+0000 [] INFO: <twisted.internet.ssl.Connector
> instance at 0x7fa490ff9a70> will retry in 2 seconds
> 2015-05-26 10:34:27+0000 [] INFO: Unhandled error in Deferred:
> 2015-05-26 10:34:27+0000 [] Unhandled Error
> Traceback (most recent call last):
> Failure: twisted.internet.error.ConnectError: An error occurred
> while connecting: [Failure instance: Traceback (failure with no frames):
> <type 'exceptions.TypeError'>: cafile must be None or a byte string
> ].
>
> Any hints about this?
>
> Thanks in advance,
> Jan
>
--
Tyler Hobbs
DataStax <http://datastax.com/>
