Has anyone successfully configured riak so that the erlang cluster
communication happens over SSL? I ask because as near as I can tell it
simply does not work. The default vm.args (
https://github.com/basho/riak/blob/master/rel/files/vm.args) contains the
following lines:
## To enable SSL encryption of the Erlang intra-cluster communication,
## un-comment the three lines below and make certain that the paths
## point to correct PEM data files. See docs TODO for details.
## -proto_dist inet_ssl
## -ssl_dist_opt client_certfile "{{platform_etc_dir}}/erlclient.pem"
## -ssl_dist_opt server_certfile "{{platform_etc_dir}}/erlserver.pem"
This information is not correct for current versions of erlang (including
the one basho bundles in the binary packages). Instead of '-proto_dist
inet_ssl' it should be '-proto_dist inet_tls'
Once I correct that problem, the beam process will start, however, nodetool
cannot talk to the node and thus the initscript fails (while leaving a
running riak process). At first I suspected this might be a problem with
nodetool, but I cannot join the nodes together.
I am starting to think this may be a problem with erlang and thus just not
going to work. I'm going to try following the instructions at
http://www.erlang.org/doc/apps/ssl/ssl_distribution.html to build a simple
test app that handles the cluster communication over SSL, so then I should
know if this is a riak problem or if it is an erlang problem.
In the mean time, if anyone has information one way or the other, it would
be appreciated.
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
