Connect Fabric to Cassandra in TLS mode
The following steps should be taken in order to connect Fabric to Cassandra in TLS mode.
Step 1 - Transfer the Cassandra Keys and Certificates to All Fabric Nodes
Tar and copy the Cassandra keys and certificates into all the Fabric nodes in the cluster.
- Prepare a tar file with all the certificates on one of the Cassandra nodes, as shown in the below example
tar -czvf keys.tar.gz -C $INSTALL_DIR/.cassandra_ssl .
- Copy the Cassandra keys and certificates to the Fabric nodes
# copy to all Fabric nodes
# 172.27.0.102 represents IP address of each node
scp keys.tar.gz fabric@172.27.0.102:/opt/apps/fabric/
In case of a Docker installation, use the following commands to copy between running containers
docker cp cassandra:/opt/apps/cassandra/keys.tar.gz ./
docker cp keys.tar.gz fabric:/usr/local/k2view/
Step 2 - Set Fabric to connect to Cassandra
Stop Fabric
k2fabric stop.Extract the
keys.tar.gzfile
mkdir -p $K2_HOME/.cassandra_ssl && tar -zxvf keys.tar.gz -C $K2_HOME/.cassandra_ssl
Edit the
$K2_HOME/config/jvm.optionsfile using the appropriate passwords and certification files:sed -i "s@#SSL=false@SSL=true@" $K2_HOME/config/config.ini sed -i "s@#PORT=$.*@PORT=9142@" $K2_HOME/config/config.ini sed -i "s@^USER=.*@USER=k2admin@" $K2_HOME/config/config.ini sed -i "s@^PASSWORD=.*@PASSWORD=Q1w2e3r4t5@" $K2_HOME/config/config.ini sed -i 's@#-Djavax.net.ssl.keyStore=.*@-Djavax.net.ssl.keyStore=$K2_HOME/.cassandra_ssl/cassandra.keystore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.keyStorePassword=.*@-Djavax.net.ssl.keyStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStore=.*@-Djavax.net.ssl.trustStore=$K2_HOME/.cassandra_ssl/cassandra.truststore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStorePassword=.*@-Djavax.net.ssl.trustStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.optionsStart the Fabric service on each node:
k2fabric start.
Connect Fabric to Cassandra in TLS mode
The following steps should be taken in order to connect Fabric to Cassandra in TLS mode.
Step 1 - Transfer the Cassandra Keys and Certificates to All Fabric Nodes
Tar and copy the Cassandra keys and certificates into all the Fabric nodes in the cluster.
- Prepare a tar file with all the certificates on one of the Cassandra nodes, as shown in the below example
tar -czvf keys.tar.gz -C $INSTALL_DIR/.cassandra_ssl .
- Copy the Cassandra keys and certificates to the Fabric nodes
# copy to all Fabric nodes
# 172.27.0.102 represents IP address of each node
scp keys.tar.gz fabric@172.27.0.102:/opt/apps/fabric/
In case of a Docker installation, use the following commands to copy between running containers
docker cp cassandra:/opt/apps/cassandra/keys.tar.gz ./
docker cp keys.tar.gz fabric:/usr/local/k2view/
Step 2 - Set Fabric to connect to Cassandra
Stop Fabric
k2fabric stop.Extract the
keys.tar.gzfile
mkdir -p $K2_HOME/.cassandra_ssl && tar -zxvf keys.tar.gz -C $K2_HOME/.cassandra_ssl
Edit the
$K2_HOME/config/jvm.optionsfile using the appropriate passwords and certification files:sed -i "s@#SSL=false@SSL=true@" $K2_HOME/config/config.ini sed -i "s@#PORT=$.*@PORT=9142@" $K2_HOME/config/config.ini sed -i "s@^USER=.*@USER=k2admin@" $K2_HOME/config/config.ini sed -i "s@^PASSWORD=.*@PASSWORD=Q1w2e3r4t5@" $K2_HOME/config/config.ini sed -i 's@#-Djavax.net.ssl.keyStore=.*@-Djavax.net.ssl.keyStore=$K2_HOME/.cassandra_ssl/cassandra.keystore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.keyStorePassword=.*@-Djavax.net.ssl.keyStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStore=.*@-Djavax.net.ssl.trustStore=$K2_HOME/.cassandra_ssl/cassandra.truststore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStorePassword=.*@-Djavax.net.ssl.trustStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.optionsStart the Fabric service on each node:
k2fabric start.
