Using nodetool with SSL encryption.
Using nodetool
with SSL requires some JMX setup. Changes to
are required, and a configuration
file, ~/.cassandra/nodetool-ssl.properties
, is created.
Procedure
-
First, follow steps #1-5 in Enabling JMX
authentication.
-
To run
nodetool
with SSL encryption, some additional changes
are required to . The following
settings must be added to the file. Use the file path to the keystore and
truststore, and appropriate passwords for each file.
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/home/automaton/keystore.node0"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=cassandra"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/home/automaton/truststore.node0"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=cassandra"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"
-
Restart
Cassandra.
-
To run
nodetool
with SSL encryption, create a
.cassandra/nodetool-ssl.properties
file in your home or
client program directory with the following settings.
-Djavax.net.ssl.keyStore=/home/automaton/keystore.node0
-Djavax.net.ssl.keyStorePassword=cassandra
-Djavax.net.ssl.trustStore=/home/automaton/truststore.node0
-Djavax.net.ssl.trustStorePassword=cassandra
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Dcom.sun.management.jmxremote.registry.ssl=true
-
Start
nodetool
with the --ssl option for
encrypted connection for any nodetool
operation.
nodetool --ssl info ## Package installations
$ install_location/bin/nodetool -ssl info ## Tarball installations