사전 조건: DSBulk를 사용하여 데이터를 업로드하기 전에 완료해야 하는 단계

아직 등록하지 않은 경우의 단계에 따라 AWS 계정에 가입합니다설 AWS Identity and Access Management정.

Amazon Keyspaces에 대한 AWS 자격 증명 생성 및 구성의 단계에 따라 자격 증명을 생성합니다.

JKS 신뢰 저장소 파일을 생성합니다.

1. 다음 디지털 인증서를 다운로드하고 파일을 로컬 또는 홈 디렉터리에 저장합니다.

   1. AmazonRootCA1

   2. AmazonRootCA2

   3. AmazonRootCA3

   4. AmazonRootCA4

   5. Starfield 클래스 2 루트(선택 사항 – 이전 버전과의 호환성을 위해)

   인증서를 다운로드하려면 다음 명령을 사용할 수 있습니다.

   curl -O https://www.amazontrust.com/repository/AmazonRootCA1.pem
   curl -O https://www.amazontrust.com/repository/AmazonRootCA2.pem
   curl -O https://www.amazontrust.com/repository/AmazonRootCA3.pem
   curl -O https://www.amazontrust.com/repository/AmazonRootCA4.pem
   curl -O https://certs.secureserver.net/repository/sf-class2-root.crt

   참고

   Amazon Keyspaces는 이전에 Starfield Class 2 CA에 고정된 TLS 인증서를 사용했습니다. AWS 는 Amazon Trust Services(Amazon Root CA 1~4)에 따라 발급된 인증서 AWS 리전 로 모두 마이그레이션하고 있습니다. CAs 이 전환 중에 Amazon Root CAs1~4와 Starfield 루트를 모두 신뢰하도록 클라이언트를 구성하여 모든 리전에서 호환성을 보장합니다.

2. 디지털 인증서를 trustStore 파일로 변환하고 키 스토어에 추가합니다.

   openssl x509 -outform der -in AmazonRootCA1.pem -out temp_file.der
   keytool -import -alias amazon-root-ca-1 -keystore cassandra_truststore.jks -file temp_file.der
   
   openssl x509 -outform der -in AmazonRootCA2.pem -out temp_file.der
   keytool -import -alias amazon-root-ca-2 -keystore cassandra_truststore.jks -file temp_file.der
   
   openssl x509 -outform der -in AmazonRootCA3.pem -out temp_file.der
   keytool -import -alias amazon-root-ca-3 -keystore cassandra_truststore.jks -file temp_file.der
   
   openssl x509 -outform der -in AmazonRootCA4.pem -out temp_file.der
   keytool -import -alias amazon-root-ca-4 -keystore cassandra_truststore.jks -file temp_file.der
                
   openssl x509 -outform der -in sf-class2-root.crt -out temp_file.der
   keytool -import -alias cassandra -keystore cassandra_truststore.jks -file temp_file.der

   마지막 단계에서는 키 스토어에 대한 암호를 생성하고 각 인증서를 신뢰해야 합니다. 대화형 명령은 다음과 같습니다.

   Enter keystore password:  
   Re-enter new password: 
   Owner: CN=Amazon Root CA 1, O=Amazon, C=US
   Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
   Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca
   Valid from: Tue May 26 00:00:00 UTC 2015 until: Sun Jan 17 00:00:00 UTC 2038
   Certificate fingerprints:
        SHA1: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
        SHA256: 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
   Signature algorithm name: SHA256withRSA
   Subject Public Key Algorithm: 2048-bit RSA key
   Version: 3
   
   Extensions: 
   
   #1: ObjectId: 2.5.29.19 Criticality=true
   BasicConstraints:[
     CA:true
     PathLen:2147483647
   ]
   
   #2: ObjectId: 2.5.29.15 Criticality=true
   KeyUsage [
     DigitalSignature
     Key_CertSign
     Crl_Sign
   ]
   
   #3: ObjectId: 2.5.29.14 Criticality=false
   SubjectKeyIdentifier [
   KeyIdentifier [
   0000: 84 18 CC 85 34 EC BC 0C   94 94 2E 08 59 9C C7 B2  ....4.......Y...
   0010: 10 4E 0A 08                                        .N..
   ]
   ]
   
   Trust this certificate? [no]:  yes
   Certificate was added to keystore
   Enter keystore password:  
   Owner: CN=Amazon Root CA 2, O=Amazon, C=US
   Issuer: CN=Amazon Root CA 2, O=Amazon, C=US
   Serial number: 66c9fd29635869f0a0fe58678f85b26bb8a37
   Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040
   Certificate fingerprints:
        SHA1: 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
        SHA256: 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
   Signature algorithm name: SHA384withRSA
   Subject Public Key Algorithm: 4096-bit RSA key
   Version: 3
   
   Extensions: 
   
   #1: ObjectId: 2.5.29.19 Criticality=true
   BasicConstraints:[
     CA:true
     PathLen:2147483647
   ]
   
   #2: ObjectId: 2.5.29.15 Criticality=true
   KeyUsage [
     DigitalSignature
     Key_CertSign
     Crl_Sign
   ]
   
   #3: ObjectId: 2.5.29.14 Criticality=false
   SubjectKeyIdentifier [
   KeyIdentifier [
   0000: B0 0C F0 4C 30 F4 05 58   02 48 FD 33 E5 52 AF 4B  ...L0..X.H.3.R.K
   0010: 84 E3 66 52                                        ..fR
   ]
   ]
   
   Trust this certificate? [no]:  yes
   Certificate was added to keystore
   Enter keystore password:  
   Owner: CN=Amazon Root CA 3, O=Amazon, C=US
   Issuer: CN=Amazon Root CA 3, O=Amazon, C=US
   Serial number: 66c9fd5749736663f3b0b9ad9e89e7603f24a
   Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040
   Certificate fingerprints:
        SHA1: 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
        SHA256: 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
   Signature algorithm name: SHA256withECDSA
   Subject Public Key Algorithm: 256-bit EC (secp256r1) key
   Version: 3
   
   Extensions: 
   
   #1: ObjectId: 2.5.29.19 Criticality=true
   BasicConstraints:[
     CA:true
     PathLen:2147483647
   ]
   
   #2: ObjectId: 2.5.29.15 Criticality=true
   KeyUsage [
     DigitalSignature
     Key_CertSign
     Crl_Sign
   ]
   
   #3: ObjectId: 2.5.29.14 Criticality=false
   SubjectKeyIdentifier [
   KeyIdentifier [
   0000: AB B6 DB D7 06 9E 37 AC   30 86 07 91 70 C7 9C C4  ......7.0...p...
   0010: 19 B1 78 C0                                        ..x.
   ]
   ]
   
   Trust this certificate? [no]:  yes
   Certificate was added to keystore
   Enter keystore password:  
   Owner: CN=Amazon Root CA 4, O=Amazon, C=US
   Issuer: CN=Amazon Root CA 4, O=Amazon, C=US
   Serial number: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e
   Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040
   Certificate fingerprints:
        SHA1: F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
        SHA256: E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
   Signature algorithm name: SHA384withECDSA
   Subject Public Key Algorithm: 384-bit EC (secp384r1) key
   Version: 3
   
   Extensions: 
   
   #1: ObjectId: 2.5.29.19 Criticality=true
   BasicConstraints:[
     CA:true
     PathLen:2147483647
   ]
   
   #2: ObjectId: 2.5.29.15 Criticality=true
   KeyUsage [
     DigitalSignature
     Key_CertSign
     Crl_Sign
   ]
   
   #3: ObjectId: 2.5.29.14 Criticality=false
   SubjectKeyIdentifier [
   KeyIdentifier [
   0000: D3 EC C7 3A 65 6E CC E1   DA 76 9A 56 FB 9C F3 86  ...:en...v.V....
   0010: 6D 57 E5 81                                        mW..
   ]
   ]
   
   Trust this certificate? [no]:  yes
   Certificate was added to keystore
   Enter keystore password:  
   Owner: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
   Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
   Serial number: 0
   Valid from: Tue Jun 29 17:39:16 UTC 2004 until: Thu Jun 29 17:39:16 UTC 2034
   Certificate fingerprints:
        SHA1: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
        SHA256: 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58
   Signature algorithm name: SHA1withRSA (weak)
   Subject Public Key Algorithm: 2048-bit RSA key
   Version: 3
   
   Extensions: 
   
   #1: ObjectId: 2.5.29.35 Criticality=false
   AuthorityKeyIdentifier [
   KeyIdentifier [
   0000: BF 5F B7 D1 CE DD 1F 86   F4 5B 55 AC DC D7 10 C2  ._.......[U.....
   0010: 0E A9 88 E7                                        ....
   ]
   [OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US]
   SerialNumber: [    00]
   ]
   
   #2: ObjectId: 2.5.29.19 Criticality=false
   BasicConstraints:[
     CA:true
     PathLen:2147483647
   ]
   
   #3: ObjectId: 2.5.29.14 Criticality=false
   SubjectKeyIdentifier [
   KeyIdentifier [
   0000: BF 5F B7 D1 CE DD 1F 86   F4 5B 55 AC DC D7 10 C2  ._.......[U.....
   0010: 0E A9 88 E7                                        ....
   ]
   ]
   
   
   Warning:
   The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.
   
   Trust this certificate? [no]:  yes
   Certificate was added to keystore

Cassandra 쿼리 언어 쉘(cqlsh) 연결을 설정하고 cqlsh 사용하여 Amazon Keyspace에 접속의 단계에 따라 Amazon Keyspaces에 연결할 수 있는지 확인합니다.

DSBulk를 다운로드하여 설치합니다.

1. DSBulk를 다운로드하려면 다음 코드를 사용할 수 있습니다.

   curl -OL https://downloads.datastax.com/dsbulk/dsbulk-1.8.0.tar.gz

2. 그런 후 다음 예제와 같이 tar 파일의 압축을 풀고 PATH에 DSBulk를 추가합니다.

   tar -zxvf dsbulk-1.8.0.tar.gz
   # add the DSBulk directory to the path
   export PATH=$PATH:./dsbulk-1.8.0/bin

3. DSBulk에서 사용할 설정을 저장할 application.conf 파일을 생성합니다. ./dsbulk_keyspaces.conf로 다음 예제를 저장할 수 있습니다. 로컬 노드에 있지 않은 경우 localhost를 로컬 Cassandra 클러스터의 연락처(예: DNS 이름 또는 IP 주소)로 바꿉니다. 나중에 dsbulk load 명령에서 지정해야 하므로 파일 이름과 경로를 기록해 둡니다.

   datastax-java-driver {
     basic.contact-points = [ "localhost"]
     advanced.auth-provider {
           class = software.aws.mcs.auth.SigV4AuthProvider
           aws-region = us-east-1
     }
   }

4. SigV4 지원을 활성화하려면 GitHub에서 음영 처리된 jar 파일을 다운로드하고 다음 예와 같이 DSBulk lib 폴더에 저장합니다.

   curl -O -L https://github.com/aws/aws-sigv4-auth-cassandra-java-driver-plugin/releases/download/4.0.6-shaded-v2/aws-sigv4-auth-cassandra-java-driver-plugin-4.0.6-shaded.jar