Connecting SSTableloader to a secured cluster

Steps (for a development environment) to configure the sstableloader (bulk loader) with Kerberos or SSL.

The sstableloader tool is also called bulk loader. If you run sstableloader from a DataStax Enterprise (DSE) node that has been configured for Kerberos or client-to-node/node-to-node encryption using SSL, no additional configuration is required for securing sstableloader operations. sstableloader automatically detects the configuration. On a development machine without SSL, configure Kerberos or SSL as follows:

To use SSL to connect to an unsecured DSE node from a development system, use the sstableloader script to load SSTables into a cluster with client-to-node/node-to-node SSL encryption enabled. Use the following basic options:

resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \
  -tf org.apache.cassandra.thrift.SSLTransportFactory \
  -ts path_to_node_truststore.jks \
  -tspw truststore-password

If you want to configure require_client_auth=true on the target, add the path to the keystore and keystore password, as shown in the following example:

resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \
  -tf org.apache.cassandra.thrift.SSLTransportFactory \
  -ts path_to_node_truststore.jks \
  -tspw truststore-password \
  -ks path_to_node_keystore.jks \
  -kspw keystore-password