Connect SSTableloader to a secured cluster
If you run sstableloader locally on a Hyper-Converged Database (HCD) node that has client-to-node encryption enabled, no additional configuration is required for your sstableloader commands.
sstableloader automatically detects the encryption configuration.
However, additional configuration is required to run sstableloader over an encrypted connection in the following scenarios:
-
When connecting to an unsecured HCD node, such as a test cluster, and you want to encrypt your connection.
-
When connecting to an SSL-enabled node remotely.
Run sstableloader with SSL-encryption options:
-
Client-to-node encryption without enforced client authentication:
resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \ -tf org.apache.cassandra.thrift.SSLTransportFactory \ -ts PATH_TO_NODE_TRUSTSTORE.JKS \ -tspw TRUSTSTORE_PASSWORDProvide the path to the node truststore and the truststore password.
-
Client-to-node encryption with enforced client authentication:
resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \ -tf org.apache.cassandra.thrift.SSLTransportFactory \ -ts PATH_TO_NODE_TRUSTSTORE.JKS \ -tspw TRUSTSTORE_PASSWORD \ -ks PATH_TO_NODE_KEYSTORE.JKS \ -kspw KEYSTORE_PASSWORDUse these options when you want to set
require_client_auth=trueon the target node or the target node is configured withrequire_client_auth=true.You must provide the keystore and keystore password in addition to the truststore and truststore password.