Created
February 26, 2017 00:45
-
-
Save txthai/781bffa13dd40af067cb885eb6e945a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Within each Cassandra node, start a Bash session | |
sudo docker exec -it csc bash | |
# Update and install Vim | |
apt-get update | |
apt-get install -qy vim | |
# Create a directory to store the Cassandra SSL certificates | |
mkdir /etc/cassandra/sslcert | |
# Copy the truststore and relevant keystore from the host to the Cassandra SSL certificate directory | |
cp /host/* /etc/cassandra/sslcert | |
# Change to the Cassandra SSL certificate directory | |
cd /etc/cassandra/sslcert | |
# For CSC1 | |
cp 10.90.209.155.jks server-keystore.jks | |
cp generic-server-truststore.jks server-truststore.jks | |
# For CSC2 | |
cp 10.90.209.196.jks server-keystore.jks | |
cp generic-server-truststore.jks server-truststore.jks | |
# For CSC3 | |
cp 10.90.209.199.jks server-keystore.jks | |
cp generic-server-truststore.jks server-truststore.jks | |
# Within each node, set the ownership of the directory and contents to cassandra | |
chown -R cassandra:cassandra /etc/cassandra/sslcert | |
# Modify the YAML file | |
vim /etc/cassandra/cassandra.yaml | |
# Modify the Server Encryption Options section, currently line number 1002 | |
server_encryption_options: | |
internode_encryption: all | |
keystore: /etc/cassandra/sslcert/server-keystore.jks | |
keystore_password: myKeyPass | |
truststore: /etc/cassandra/sslcert/server-truststore.jks | |
truststore_password: truststorePass | |
# More advanced defaults below: | |
protocol: TLS | |
algorithm: SunX509 | |
store_type: JKS | |
cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA] | |
require_client_auth: true | |
# Save and exit YAML file | |
# Restart the docker container | |
sudo docker restart csc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment