search

avalanche123 / cassandra-web

A web interface for Apache Cassandra
http://avalanche123.com/cassandra-web/
MIT License
135 stars 52 forks source link

Error on running application #10

Closed jeremyjpj0916 closed 6 years ago

jeremyjpj0916 commented 6 years ago

Hello @avalanche123, super neat tool! I am really looking forward to trying this as UI's in the cassandra space are few and far between and yours seems elegant.

Few problems, I tried the application and received this in output:

# cassandra-web --hosts '10.86.xx.xx' --port '9042' --username 'cassAdmin' --password 'cassPassword' --bind 0.0.0.0:9393 --server-cert 'appServer.crt' --client-cert 'appServerTruststore.ca' --pri
vate-key 'appServer.key' --passphrase 'appServer' --log-level debug
D, [2018-05-09T11:59:52.140745 #14457] DEBUG -- : Populating policies and listeners with initial endpoints
D, [2018-05-09T11:59:52.141036 #14457] DEBUG -- : Host 10.86.xx.xx is found and up
I, [2018-05-09T11:59:52.141147 #14457]  INFO -- : Establishing control connection
D, [2018-05-09T11:59:52.141427 #14457] DEBUG -- : Connecting to 10.86.xx.xx 
D, [2018-05-09T11:59:52.142953 #14457] DEBUG -- : Host 10.86.xx.xx  refused connection (Cassandra::Errors::IOError: Connection reset by peer)
W, [2018-05-09T11:59:52.142998 #14457]  WARN -- : Host 10.86.xx.xx refused all connections
D, [2018-05-09T11:59:52.143038 #14457] DEBUG -- : Host 10.86.xx.xx  is down
D, [2018-05-09T11:59:52.143114 #14457] DEBUG -- : Starting to continuously refresh status of 10.86.168.39 in 0.5 seconds
D, [2018-05-09T11:59:52.143233 #14457] DEBUG -- : Connection to 10.86.xx.xx  failed (Cassandra::Errors::IOError: Connection reset by peer)
Cassandra::Errors::NoHostsAvailable: All attempted hosts failed: 10.86.xx.xx  (Cassandra::Errors::IOError: Connection reset by peer)

Do I need to pass certs with certain file extensions? I am not sure what could be causing this.

EDIT- Seeing this in C* logs, seems this app does not use ssl:

INFO  [epollEventLoopGroup-2-4] 2018-05-09 16:18:26,156 Message.java:623 - Unexpected exception during request; channel = [id: 0x509a9c9e, L:/10.86.xxx.xx:9042 ! R:/10.86.xxx.xx:58348]io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 040000000500000000

Yep that was def it, when I set in C* if I set optional true it worked

client_encryption_options:
    enabled: true
    # If enabled and optional is set to true encrypted and unencrypted connections are handled.
    optional: true

But we don't want non-encrypted traffic, any chance you can add ssl client option on tx to the C* calls? Would that be sinatra config related or?

jeremyjpj0916 commented 6 years ago

I think I found the spot to add it in bin/cassandra-web:

    options[:load_balancing_policy] = ::Cassandra::LoadBalancing::Policies::WhiteList.new(hosts, ::Cassandra::LoadBalancing::Policies::RoundRobin.new)
    options[:compression]           = :lz4
    options[:page_size]             = nil
    options[:ssl]                   = true

    cluster = ::Cassandra.cluster(options)