Page MenuHomePhabricator
Create Task
Maniphest T281404

Cassandra command shell not working in sessionstore cluster
Closed, ResolvedPublic
Actions

Description

The Cassandra shell cqlsh cannot connect on the sessionstore nodes:

eevans@sessionstore1001:~$ c-cqlsh a
Connection error: ('Unable to connect to any servers', {'10.64.0.144': error(1, u"Tried connecting to [('10.64.0.144', 9042)]. Last error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)")})
eevans@sessionstore1001:~$

This was the result of a recent JDK upgrade to 8u292-b10-0+deb9u1, that disabled support for TLSv1 and TLSv1.1.

eevans@sessionstore1001:~$ egrep -A2 '^jdk.tls.disabledAlgorithms' /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves
eevans@sessionstore1001:~$

Details

SubjectRepoBranchLines +/-
cqlshrc.erb: Use TLSv1.2 for cqlsh client connectionsoperations/puppetproduction+1 -0
Customize query in gerrit

Event Timeline

Eevans created this task.Apr 28 2021, 7:12 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 28 2021, 7:12 PM
Eevans triaged this task as Medium priority.Apr 28 2021, 7:13 PM
gerritbot added a comment.Apr 28 2021, 7:19 PM

Change 683422 had a related patch set uploaded (by Eevans; author: Eevans):

[operations/puppet@production] cqlshrc.erb: Use TLSv1.2 for cqlsh client connections

https://gerrit.wikimedia.org/r/683422

gerritbot added a project: Patch-For-Review.Apr 28 2021, 7:19 PM
gerritbot added a comment.Apr 30 2021, 12:27 PM

Change 683422 merged by Hnowlan:

[operations/puppet@production] cqlshrc.erb: Use TLSv1.2 for cqlsh client connections

https://gerrit.wikimedia.org/r/683422

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2021, 1:10 PM
Eevans closed this task as Resolved.Apr 30 2021, 2:18 PM
AMooney edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.May 6 2021, 7:12 PM
AMooney moved this task from Inbox to Done on the Platform Team Workboards (Clinic Duty Team) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL