打开cassandra节点间encryption原因“无法与任何种子闲谈”exception
我正在尝试将cassandra(2.1)节点间encryption。 出于testing目的,我试图启动一个2节点集群。
我正在两个独立的ec2实例上运行Docker容器内的每个节点。 没有节点间encryption,一切都按预期工作。
我使用以下脚本(取自https://docs.jboss.org/author/display/RHQ/Cassandra+Node+To+Node+Encryption?_sscc=t )生成ssl密钥:
for ((a=0; a < NUMBER_OF_NODES ; a++)) do node_id=node${a} echo -e "Start building certificates for ${node_id}" echo -e "==========================================" rm -vf ./${node_id}.keystore rm -vf ./${node_id}.cer #1 Generate key and store ${java_folder}/keytool -genkey -v -keyalg RSA -keysize 1024 -alias ${node_id} -keystore ${node_id}.keystore -storepass "${node_id}store" -dname 'CN=RHQ' -keypass "${node_id}store" -validity 3650 #2 Extract public certificate ${java_folder}/keytool -export -v -alias ${node_id} -file ${node_id}.cer -keystore ${node_id}.keystore -storepass "${node_id}store" #3 Add public certificate to global keystore ${java_folder}/keytool -import -v -trustcacerts -alias ${node_id} -file ${node_id}.cer -keystore global.truststore -storepass 'globalstore' -noprompt echo -e "=========================================" echo -e "Done building certificates for ${node_id}\n\n" done 我还将以下configuration添加到每个节点的cassandra.yml文件( node0更改):
server_encryption_options: internode_encryption: all keystore: /keystores/node0.keystore keystore_password: node0store truststore: /keystores/global.truststore truststore_password: globalstore
node1configuration为node0作为种子。 我开始node0,并等待,直到它开始,我没有看到例外,一切都按预期工作。 然后,我启动node1,它引发以下(只有当debugging级别设置为“跟踪”):
TRACE 08:14:16 unable to connect to 172.12.1.11/172.12.1.11 javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671) ~[na:1.7.0_65] at sun.security.ssl.InputRecord.read(InputRecord.java:504) ~[na:1.7.0_65] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) ~[na:1.7.0_65] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_65] at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) ~[na:1.7.0_65] at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ~[na:1.7.0_65] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.7.0_65] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) ~[na:1.7.0_65] at org.apache.cassandra.io.util.DataOutputStreamPlus.flush(DataOutputStreamPlus.java:55) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.net.OutboundTcpConnection.connect(OutboundTcpConnection.java:347) [apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.net.OutboundTcpConnection.run(OutboundTcpConnection.java:163) [apache-cassandra-2.1.1.jar:2.1.1] TRACE 08:14:17 Expired 0 entries TRACE 08:14:20 Expired 0 entries TRACE 08:14:22 Expired 0 entries TRACE 08:14:25 Expired 0 entries TRACE 08:14:27 Expired 0 entries TRACE 08:14:30 Expired 0 entries TRACE 08:14:32 Expired 0 entries DEBUG 08:14:34 Copy GC in 14ms. CMS Old Gen: 9537256 -> 14901648; Eden Space: 41943040 -> 0; Survivor Space: 5242872 -> 5242880 TRACE 08:14:35 Expired 0 entries ERROR 08:14:37 Exception encountered during startup java.lang.RuntimeException: Unable to gossip with any seeds at org.apache.cassandra.gms.Gossiper.doShadowRound(Gossiper.java:1221) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.StorageService.checkForEndpointCollision(StorageService.java:457) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:700) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.StorageService.initServer(StorageService.java:637) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.StorageService.initServer(StorageService.java:529) ~[apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:324) [apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:443) [apache-cassandra-2.1.1.jar:2.1.1] at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:532) [apache-cassandra-2.1.1.jar:2.1.1] java.lang.RuntimeException: Unable to gossip with any seeds at org.apache.cassandra.gms.Gossiper.doShadowRound(Gossiper.java:1221) at org.apache.cassandra.service.StorageService.checkForEndpointCollision(StorageService.java:457) at org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:700) at org.apache.cassandra.service.StorageService.initServer(StorageService.java:637) at org.apache.cassandra.service.StorageService.initServer(StorageService.java:529) at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:324) at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:443) at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:532) Exception encountered during startup: Unable to gossip with any seeds
还值得注意的是, node0端口7001是打开的,并且由node1访问。
通常情况下,问题与环境configuration有关,而与实际的cassandra设置无关。
我正在运行一个在coreos集群上的docker容器内部隔离的cassandra实例。 我忘了默认的etcd ssl端口和cassandra默认的ssl节点间通信端口都是7001。
当更改其中一个系统使用替代端口号时,问题已解决。 我认为错误信息可能会更清楚(并且不需要跟踪debugging级别)。 一个更清晰的错误消息可以节省我一些时间跟踪networking数据包的答案。