我在从 JanusGraph docker 容器连接到 Azure 中设置的 Cassandra 集群时遇到问题。撰写文件(修改后 docker-compose-cql-es )如下所示:
version: "3"
services:
janusgraph:
image: docker.io/janusgraph/janusgraph:latest
container_name: jce-janusgraph
environment:
JANUS_PROPS_TEMPLATE: cassandra-es
janusgraph.storage.backend: cql
janusgraph.storage.hostname: 10.2.0.6,10.2.0.9
janusgraph.index.search.hostname: jce-elastic
janusgraph.storage.username: cassandra
janusgraph.storage.password: *****
SSL_VERSION: TLSv1_2
SSL_VALIDATE: 'false'
ports:
- "8182:8182"
networks:
- jce-network
healthcheck:
test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
interval: 10s
timeout: 30s
retries: 3
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0
container_name: jce-elastic
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "http.host=0.0.0.0"
- "network.host=0.0.0.0"
- "transport.host=127.0.0.1"
- "cluster.name=docker-cluster"
- "xpack.security.enabled=false"
- "discovery.zen.minimum_master_nodes=1"
ports:
- "9200:9200"
networks:
- jce-network
networks:
jce-network:
volumes:
janusgraph-default-data:
我可以通过 cqlsh 连接到集群,并在 bash 中进行一些修改:
export SSL_VERSION=TLSv1_2
export SSL_VALIDATE=false
不幸的是,这在 Docker 容器中根本不起作用。我不断收到以下错误:
All host(s) tried for query failed (tried: /10.2.0.9:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.9:9042] Connection has been closed), /10.2.0.6:9042 (com.datastax.driver.core.exceptions.TransportException: [/10.2.0.6:9042] Connection has been closed))
那么,有什么方法可以信任来自 docker 容器的证书吗?我不控制 Cassandra 实例,因此无法关闭 SSL。
最佳答案
尝试使用 OpenSSL 提取公钥,它有所帮助。
openssl s_client -connect <ip-of-node> -showcerts
将 0 级证书复制到文本文件中,包括 ---begin-- ---end--- 行并以 .pem 扩展名保存。然后将.pem证书转换为.crt格式:
openssl x509 -outform der -in <cert>.pem -out <cert>.crt
使用以下命令将证书导入到 JKS 信任库:
keytool -import -alias <cert-alias> -file <cert>.crt -storetype JKS -keystore server.truststore
创建了包含以下内容的属性文件(检查java版本):
storage.backend=cql
storage.hostname=<ip of cassanrda instances>
storage.username=cassandra
storage.password=<password>
storage.cql.ssl.enabled=true
storage.cql.ssl.truststore.location=/usr/lib/jvm/java-<java-version>-openjdk-amd64/jre/lib/security/cacerts
storage.cql.ssl.truststore.password=changeit
cache.db-cache=true
cache.db-cache-clean-wait=20
cache.db-cache-time=180000
cache.db-cache-size=0.25
index.search.backend=lucene
index.search.directory=<folder for indices>
然后我使用 gremlin shell 创建了带有图形的工厂,最终一切正常。
graph = JanusGraphFactory.open('<properties file>')
g = graph.traversal()
通过这些步骤,所有内容都可以打包到 Dockerfile 中。
关于azure - 从 Janus Graph docker 容器连接到 Azure Cassandra 托管实例,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68031608/