Cassandra节点间加密是否可以选择通信?
[英]Is Optional Traffic Possible For Cassandra Inter-node Encryption?
问题描述
We can implement client-node encryption for C* with optional traffic (encrypted and unencrypted connections are handled). 
我们可以使用可选流量为C *实现客户端节点加密(处理加密和未加密连接)。
client_encryption_options:
enabled: false
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: conf/.keystore
keystore_password: cassandra
We don't have the same parameter available for inter-node communication. 我们没有可用于节点间通信的相同参数。
Is there a way we can tweak the apache source code for custom implementation of C* with optional traffic for inter-node encryption? 有没有办法我们可以通过可选的流量进行节点间加密来调整用于自定义C *实现的apache源代码?
Also can we implement inter-node encryption for C* without having a downtime? 我们还可以在没有停机的情况下为C *实现节点间加密吗?
Any links to apache source code for inter-node encryption would be great. 任何用于节点间加密的apache源代码链接都会很棒。
Thanks in advance 提前致谢
1 个解决方案
解决方案1
0 2019-05-24 11:16:07
There is a way to implement inter-node encryption without downtime by utilizing different ports for non-encrypted and encrypted traffic. 通过利用不同的端口进行非加密和加密的流量,有一种方法可以在不停机的情况下实现节点间加密。
Take a look at ssl_storage_port and storage_port in the cassandra.yaml file. 看一下cassandra.yaml文件中的ssl_storage_port和storage_port 。 One can utilize the different storage ports to effectively support optional encryption by supporting both ports for a short time. 通过在短时间内支持两个端口,可以利用不同的存储端口来有效地支持可选加密。
Note: In 4.0 Cassandra there is an optional flag on inter-node encryption and the ssl_storage_port is deprecated. 注意:在4.0 Cassandra中,节点间加密有一个可选标志,并且不推荐使用ssl_storage_port 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.