Hi,
I am doing Stage migration to the Cassandra/ Elastic clusters. Normally connection to clusters are secured by ssl.
Does any one had chance to use migration tool when there is secure communication ssl/https with cassandra/ elastic clusters?
I am not able to initialize migration in Migration Tool
but when I will turn off security (so no ssl, no https) initialization goes fine
I am not so familiar with certificates but in our cluster there is one - the same cert for each node:
so for all Cassandra nodes it is cert
CN: dma-cassandra.comp.local
for all elastic nodes it is cert:
CN: dma-elastic.comp.local
is it ok one cert for each node
or maybe it is not ok and I need to eg. add all nodes to "Subject Alternative Names" ?
so eg. for elastic cert:
DNS Name = dma-elastic-01.comp.local
DNS Name = dma-elastic-02.comp.local
DNS Name = dma-elastic-03.comp.local
DNS Name = dma-elastic-04.comp.local
etc
Hi Piotr,
I found an internal backlog item indicating the CassandraCluster migration tool does not support connecting to a TLS-enabled Cassandra, so I'm afraid this is not supported yet.
An insecure workaround could be to disable the TLS encryption during the migration and enable it again afterward, but I can understand if this is not allowed or a good alternative as this would be a big compromise on security.
Hi Jens,
so it is ok to make migration without encryption and later turn on encryption on elastic and cassandra?
Yes I think that should work
Hi Piotr, which DataMiner version are you running? DataMiner can only connect to a TLS enabled Elasticsearch from 10.2.0 CU0 onwards and to a TLS 1.2 enabled Cassandra from 10.2.0 CU1 onwards.