Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

Ryan Quey avatar image
Ryan Quey asked ·

How do you configure JanusGraph to connect to Datastax Astra?

I'm having a hard time figuring out how you would setup authentication between JanusGraph and Datastax Astra. It doesn't seem like the secure connect bundle could be used in this case. Moreover, I can't find a way to set the Astra API token in order to use the Astra REST API.


Is it possible to connect JanusGraph with Datastax Astra? If so how could this be implemented?

graphastra
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

I'm not sure if it's possible but I'd be happy to help if you're willing to try. A few months ago, I managed to get the GoCQL driver (not a DataStax driver) to connect to Astra (see post #3753) with help from the DataStax Cloud team (the team behind Astra).

Preparation

First up, you will need to download the secure-connect zipped bundle for your Astra database.

Unzip your copy of secure-connect-your_astra_db.zip which will contain the following files:

ca.crt
cert
cert.pfx
config.json
cqlshrc
identity.jks
key
trustStore.jks

The config.json file contains the following:

  • host - the contact point for the CQL driver
  • port - the CQL client port
  • keyspace - the name of the keyspace you created
  • trustStoreLocation - trustStore.jks is the truststore
  • trustStorePassword - your truststore password
  • keyStoreLocation - identity.jks is the keystore
  • keyStorePassword - your keystore password

JanusGraph

Using the information above, you will need to configure the following:

storage.hostname
storage.port
storage.username
storage.password
storage.cql.keyspace
storage.cql.ssl.*

Let me know how you go. Cheers!

EDIT: I removed references to storage.cassandra.ssl.* since it relates to the old Thrift protocol which was deprecated years ago.

10 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Ok great thanks! Yeah I'll give it a try

0 Likes 0 · ·

Awesome! I'd be interested to know which bits you've tried too that didn't work. Cheers!

0 Likes 0 · ·

I'm having trouble with the ssl keystore's password in the keystore configs..

For `storage.cql.ssl.keystore.storepassword` I'm using the `keyStorePassword` from config.json in my secure bundle.

For `storage.cql.ssl.keystore.keypassword` I'm not sure what to put. I tried "changeit", after reading this post, but that didn't work. I also tried using the `keyStorePassword` from config.json in my secure bundle in here as well, but then I get:

com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: a3123f45-abc-123a-12ab-123a1a0001a1-us-east1.db.astra.datastax.com/12.34.567.891:12345 (com.datastax.driver.core.exceptions.TransportException: [a3123f45-abc-123a-12ab-123a1a0001a1-us-east1.db.astra.datastax.com/12.34.567.891:12345] Channel has been closed))


Any guesses what I need to put for these values?

0 Likes 0 · ·

Current config:

gremlin.graph=org.janusgraph.core.JanusGraphFactory
storage.backend=cql 
storage.hostname=my-host-us-east1.db.astra.datastax.com 
storage.cql.keyspace=janusgraph 
storage.port=12345 
storage.username=ryan 
storage.password=p455w0rd 
storage.cql.ssl.enabled=true 
storage.cql.ssl.client-authentication-enabled=true 
storage.cql.ssl.truststore.location=/home/ubuntu/projects/janus-graph-tutorial/creds/trustStore.jks 
storage.cql.ssl.truststore.password=value-of-trustStorePassword 
storage.cql.ssl.keystore.keypassword=value-of-keyStorePassword 
storage.cql.ssl.keystore.storepassword=value-of-keyStorePassword 
storage.cql.ssl.keystore.location=/home/ubuntu/projects/janus-graph-tutorial/creds/identity.jks 
# trying since I saw in config.json. Fails the same with or without this one.
storage.cql.local-datacenter=caas-dc 

Note that I'm using storage.cql rather than storage.cassandra keys since it looks like storage.cassandra is for thrift (according to the docs)

0 Likes 0 · ·

Have you tried leaving it blank?

0 Likes 0 · ·
Ryan Quey avatar image Ryan Quey Erick Ramirez ♦♦ ·

Yeah, when I try that, I get:

java.lang.IllegalArgumentException: Invalid configuration value for [root.storage.cql.ssl.keystore.keypassword
0 Likes 0 · ·
Show more comments

Perhaps this is affecting something as well, I just saw this exception in the logs:

6280 [JanusGraph Cluster-nio-worker-0] WARN  io.netty.channel.AbstractChannelHandlerContext  - An exception 'java.lang.IndexOutOfBoundsException: index 337' [enable DEBUG level for full stacktrace] was thrown by a user handler's exceptionCaught() method while handling the following exception:
io.netty.handler.codec.DecoderException: com.datastax.driver.core.exceptions.FrameTooLongException: Response frame exceeded maximum allowed length

Also, for what it's worth, it looks like JanusGraph is using DataStax Java driver 3.9.0 for Apache Cassandra (at least, JanusGraph 0.5.2, which is what I'm using)

0 Likes 0 · ·

I would ignore this warning for now. My suspicion is that since the SSL handshake isn't working, the response header in the message frame is garbled so the driver doesn't know the start/end of the messages on the wire. If you're interested, I've described what the CQL native protocol message looks like in #7876 and would help you understand what I mean about the frame being garbled. Cheers!

1 Like 1 · ·
Ryan Quey avatar image Ryan Quey Erick Ramirez ♦♦ ·

Ah, that's helpful. Thanks

0 Likes 0 · ·