Connect Fabric to Cassandra in TLS mode
The following steps for connecting Fabric to Cassandra in TLS mode
Step 1 - Transfer The Cassandra Keys and Certificates to All Fabric Nodes
Tar and copy them to all Fabric nodes in the cluster.
- prepare tar file with all the certificates on one of the cassandra nodes as in the example bellow
tar -czvf keys.tar.gz -C $INSLATT_DIR/.cassandra_ssl .
- copy to the fabric nodes
# copy to all Fabric nodes
# 172.27.0.102 represents IP address of each node
scp keys.tar.gz fabric@172.27.0.102:/opt/apps/fabric/
In case Docker installation use following commands to copy between running containers
docker cp cassandra:/opt/apps/cassandra/keys.tar.gz ./
docker cp keys.tar.gz fabric:/usr/local/k2view/
Step 2 - Set Fabric to connect to Cassandra
Stop Fabric
k2fabric stopextract the
keys.tar.gzfile
mkdir -p $K2_HOME/.cassandra_ssl && tar -zxvf keys.tar.gz -C $K2_HOME/.cassandra_ssl
Edit the
$K2_HOME/config/jvm.optionsfile using the appropriate passwords and certification files:sed -i "s@#SSL=false@SSL=true@" $K2_HOME/config/config.ini sed -i "s@#PORT=$.*@PORT=9142@" $K2_HOME/config/config.ini sed -i "s@^USER=.*@USER=k2admin@" $K2_HOME/config/config.ini sed -i "s@^PASSWORD=.*@PASSWORD=Q1w2e3r4t5@" $K2_HOME/config/config.ini sed -i 's@#-Djavax.net.ssl.keyStore=.*@-Djavax.net.ssl.keyStore=$K2_HOME/.cassandra_ssl/cassandra.keystore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.keyStorePassword=.*@-Djavax.net.ssl.keyStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStore=.*@-Djavax.net.ssl.trustStore=$K2_HOME/.cassandra_ssl/cassandra.truststore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStorePassword=.*@-Djavax.net.ssl.trustStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.optionsStart the Fabric service on each node:
k2fabric start
Connect Fabric to Cassandra in TLS mode
The following steps for connecting Fabric to Cassandra in TLS mode
Step 1 - Transfer The Cassandra Keys and Certificates to All Fabric Nodes
Tar and copy them to all Fabric nodes in the cluster.
- prepare tar file with all the certificates on one of the cassandra nodes as in the example bellow
tar -czvf keys.tar.gz -C $INSLATT_DIR/.cassandra_ssl .
- copy to the fabric nodes
# copy to all Fabric nodes
# 172.27.0.102 represents IP address of each node
scp keys.tar.gz fabric@172.27.0.102:/opt/apps/fabric/
In case Docker installation use following commands to copy between running containers
docker cp cassandra:/opt/apps/cassandra/keys.tar.gz ./
docker cp keys.tar.gz fabric:/usr/local/k2view/
Step 2 - Set Fabric to connect to Cassandra
Stop Fabric
k2fabric stopextract the
keys.tar.gzfile
mkdir -p $K2_HOME/.cassandra_ssl && tar -zxvf keys.tar.gz -C $K2_HOME/.cassandra_ssl
Edit the
$K2_HOME/config/jvm.optionsfile using the appropriate passwords and certification files:sed -i "s@#SSL=false@SSL=true@" $K2_HOME/config/config.ini sed -i "s@#PORT=$.*@PORT=9142@" $K2_HOME/config/config.ini sed -i "s@^USER=.*@USER=k2admin@" $K2_HOME/config/config.ini sed -i "s@^PASSWORD=.*@PASSWORD=Q1w2e3r4t5@" $K2_HOME/config/config.ini sed -i 's@#-Djavax.net.ssl.keyStore=.*@-Djavax.net.ssl.keyStore=$K2_HOME/.cassandra_ssl/cassandra.keystore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.keyStorePassword=.*@-Djavax.net.ssl.keyStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStore=.*@-Djavax.net.ssl.trustStore=$K2_HOME/.cassandra_ssl/cassandra.truststore@g' $K2_HOME/config/jvm.options sed -i 's@#-Djavax.net.ssl.trustStorePassword=.*@-Djavax.net.ssl.trustStorePassword=Q1w2e3r4t5@g' $K2_HOME/config/jvm.optionsStart the Fabric service on each node:
k2fabric start
