I have opscenter/datastax-agent/DSE cassandra v6.8 installed on a virtualbox VM. I am able to start monitor non-SSL enabled cluster. When I enable SSL, opscenterd could not connect. (error in log file below). I suspect something is wrong with my keystore between the key and the cert. This is why the monitored cluster is refusing login.
I have tried all kinds of things using the DSE docs I could find during the past 4 days...
I have setup SSL on cluster and it is working with cqlsh on both 1-way and 2-way SSL with a PEM key and cert obtained from client-keystore.jks.
[connection] factory = cqlshlib.ssl.ssl_transport_factory [ssl] certfile = /root/.cassandra/client_cert.pem validate = false userkey = /root/.cassandra/client_key.pem usercert = /root/.cassandra/client_cert.pem
# cqlsh 10.0.2.50 --ssl Connected to OPS_Cluster at 10.0.2.50:9042.
client_encryption_options: enabled: true keystore: /etc/dse/cassandra/conf/client-keystore.jks keystore_password: myKeyPass truststore: /etc/dse/cassandra/conf/client-truststore.jks truststore_password: myKeyPass require_client_auth: false
To start, I reduced it back to 1-way SSL and edit OPS_Cluster.conf with this:
[cassandra] cql_port = 9042 seed_hosts = 10.0.2.50 ssl_keystore_password = myKeyPass ssl_keystore = /etc/dse/cassandra/conf/client-keystore.jks ssl_truststore_password = myKeyPass ssl_truststore = /etc/dse/cassandra/conf/client-truststore.jks
Verified the cert and key fingerprints also.
keytool -list -keystore /etc/dse/cassandra/conf/client-truststore.jks -storepass myKeyPass dse_cluster_client, Jul 30, 2020, trustedCertEntry, Certificate fingerprint (SHA1): 55:95:A2:37:11:94:FC:DD:79:42:15:57:D4:BB:41:13:55:FB:EB:25 node_cert, Aug 24, 2020, trustedCertEntry, Certificate fingerprint (SHA1): AB:6C:55:EC:0E:A0:3F:50:69:8D:5E:60:9C:64:13:1D:0C:68:56:B9
keytool -list -keystore /etc/dse/cassandra/conf/client-keystore.jks -storepass myKeyPass dse_cluster_client, Jul 30, 2020, PrivateKeyEntry, Certificate fingerprint (SHA1): 55:95:A2:37:11:94:FC:DD:79:42:15:57:D4:BB:41:13:55:FB:EB:25
[OPS_Cluster] ERROR: Error connecting to the cluster: Traceback (most recent call last): NoHostAvailable: All host(s) tried for query failed (tried: /10.0.2.50:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.0.2.50:9042] Connection has been closed))
ERROR [async-dispatch-5] 2020-08-24 22:11:11,076Z Can't connect to Cassandra (All host(s) tried for query failed (tried: /10.0.2.50:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.0.2.50:9042] Connection has been closed))), retrying soon.
INFO [CoreThread-0] 2020-08-24 15:12:29,986 NoSpamLogger.java:95 - Unexpected exception during request; channel = [id: 0xa6cae760, L:/10.0.2.50:9042 ! R:/10.0.2.50:55344] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: