No Documentation available for Hector with SSL

[fatemabw]

Hello,

I am trying to implement Hector (in JAVA) with SSL security enabled to communicate with cassandra cluster on which client-node encryption is enabled, but unfortunately getting some errors. I know I have not implemented SSL code correctly because not enough documentation of Hector with SSL security is available to help me out.

I am trying this from couple of weeks and still getting errors. Request you to please upload some kind of documentation or guide for this. Any kind of help is appreciated.

Thanks,
Fatema.

My Eclipse code:

package cassandra;

import me.prettyprint.cassandra.serializers.StringSerializer;
//import me.prettyprint.cassandra.service.CassandraHostConfigurator;
//import me.prettyprint.cassandra.service.ThriftKsDef;
import me.prettyprint.hector.api.Cluster;
import me.prettyprint.hector.api.Keyspace;
import me.prettyprint.hector.api.ddl.ColumnFamilyDefinition;
import me.prettyprint.hector.api.ddl.ComparatorType;
import me.prettyprint.hector.api.factory.HFactory;
import me.prettyprint.hector.api.mutation.Mutator;
//import me.prettyprint.cassandra.connection.security.SSLHelper;

import java.lang.System;
//import org.apache.cassandra.config.EncryptionOptions;
//import org.apache.cassandra.config.*;
import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;

public class Encypted_client_insert {
Cluster cluster = null;
Keyspace keySpace =null;
// TSSLTransportParameters params = new TSSLTransportParameters();

//EncryptionOptions e;
//EncryptionOptions c = null;
//SSLHelper s=null;

public void insert() {
    cluster = HFactory.getOrCreateCluster("Test Cluster", "192.168.73.143:9160");
    keySpace =  HFactory.createKeyspace("testkeyspace2", cluster);
    ColumnFamilyDefinition cf = HFactory.createColumnFamilyDefinition("testkeyspace2","testcolumn",ComparatorType.UTF8TYPE);

    StringSerializer stringSerializer = StringSerializer.get();
    Mutator<String> mutator = HFactory.createMutator(keySpace, stringSerializer);
    mutator.insert("names", cf.getName(), HFactory.createStringColumn("1", "j"));
    mutator.insert("names", cf.getName(), HFactory.createStringColumn("2", "K"));
    mutator.insert("names", cf.getName(), HFactory.createStringColumn("3", "J"));
    System.out.println("Done..");

}
public void encrypt(){

 /*     try1
  *     e.keystore = "/home/fatemabw/.keystore";
  *     e.keystore_password = "xxxxxxx";
  *         e.truststore = "/home/fatemabw/.truststore";
  *         e.truststore_password = "xxxxxxx";
*/   

 // try2
 System.setProperty("ssl.truststore", "/home/fatemabw/.truststore");
 System.setProperty("ssl.truststore.password", "xxxxxx");
 System.setProperty("ssl.protocol", "TLS");
 System.setProperty("ssl.store.type", "JKS");
 System.setProperty("ssl.cipher.suites", "TLS_RSA_WITH_AES_128_CBC_SHA");

    /*    try3 
    * params.requireClientAuth(true);
    * params.setKeyStore("/home/fatemabw/.keystore", "xxxxxx");
    */
}

public static void main(String[] args) {
    // TODO Auto-generated method stub
    Encypted_client_insert sample = new Encypted_client_insert();
        sample.encrypt();    
    sample.insert();
}
}

The error which I am getting -

16 [main] INFO me.prettyprint.cassandra.connection.CassandraHostRetryService - Downed Host Retry service started with queue size -1 and retry delay 10s
44 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - SSL enabled for client<->server communications.
45 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - Properties:
45 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.truststore = /home/fatemabw/.truststore
45 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.protocol = TLS
45 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.store.type = JKS
45 [main] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.cipher.suites = TLS_RSA_WITH_AES_128_CBC_SHA
149 [main] ERROR me.prettyprint.cassandra.connection.HConnectionManager - Could not start connection pool for host 192.168.73.142(192.168.73.142):9160
149 [main] INFO me.prettyprint.cassandra.connection.CassandraHostRetryService - Host detected as down was added to retry queue: 192.168.73.142(192.168.73.142):9160
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - SSL enabled for client<->server communications.
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - Properties:
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.truststore = /home/fatemabw/.truststore
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.protocol = TLS
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.store.type = JKS
151 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] INFO me.prettyprint.cassandra.connection.factory.HThriftClientFactoryImpl - ssl.cipher.suites = TLS_RSA_WITH_AES_128_CBC_SHA
152 [Hector.me.prettyprint.cassandra.connection.CassandraHostRetryService-1] WARN me.prettyprint.cassandra.connection.CassandraHostRetryService - Downed 192.168.73.142(192.168.73.142):9160 host still appears to be down: Could not get client socket:
239 [main] INFO me.prettyprint.cassandra.service.JmxMonitor - Registering JMX me.prettyprint.cassandra.service_Test Cluster:ServiceType=hector,MonitorType=hector
Exception in thread "main" me.prettyprint.hector.api.exceptions.HectorException: All host pools marked down. Retry burden pushed out to client.
at me.prettyprint.cassandra.connection.HConnectionManager.getClientFromLBPolicy(HConnectionManager.java:394)
at me.prettyprint.cassandra.connection.HConnectionManager.operateWithFailover(HConnectionManager.java:249)
at me.prettyprint.cassandra.model.ExecutingKeyspace.doExecuteOperation(ExecutingKeyspace.java:113)
at me.prettyprint.cassandra.model.MutatorImpl.execute(MutatorImpl.java:243)
at me.prettyprint.cassandra.model.MutatorImpl.insert(MutatorImpl.java:69)
at cassandra.Encypted_client_insert.insert(Encypted_client_insert.java:45)
at cassandra.Encypted_client_insert.main(Encypted_client_insert.java:85)

[patricioe]

What Cassandra and Hector version are you running?

This is the factory with some java docs you may want to read: https://github.com/hector-client/hector/blob/master/core/src/main/java/me/prettyprint/cassandra/connection/factory/HKerberosSaslThriftClientFactoryImpl.java

and the docs to Kerberos info: http://hector-client.github.io/hector/build/html/content/security.html

[fatemabw]

Hi,
I am using Hector-core-1.1-2 & Cassandra 1.1.0
So, is that mean I need to implement Kerberos security first, in my code, to have SSL connection to my encrypted database? Because previously I haven't implemented Kerberos, I only tried to use SSL connection in my code to communicate with Cassandra database.

Thanks,
Fatema.

[yovand]

Hello Fatema,

I am also using Hector Java client to connect Cassandra 2.2.5, I need to connect the DB via SSL.
I have generated keystore in the DB server and configured the same in cassandra.yaml , also enabled client-node and inter-node encryption.

it works well using cqlsh but not via the code (hector client).

I see that you have used the same technique to connect using SSL, Could you please help us if you have solved the problem?

it's a pressing need for me now.

Thanks in Advance.

//Dickson