本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
先决条件:在上传数据之前必须完成的步骤 DSBulk
在开始本教程之前,您必须完成以下任务:
-
如果您还没有这样做,请按照中的步骤注册一个 AWS 帐户设置 AWS Identity and Access Management。
-
按照为 Amazon Keyspaces 创建和配置 AWS 证书中的步骤创建凭证。
创建 JKS 信任存储文件。
下载以下数字证书并将文件保存在本地或您的主目录中。
AmazonRootCA1
AmazonRootCA2
AmazonRootCA3
AmazonRootCA4
Starfield Class 2 Root(可选 — 为了向后兼容)
要下载证书,您可以使用以下命令。
curl -O https://www.amazontrust.com/repository/AmazonRootCA1.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA2.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA3.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA4.pem curl -O https://certs.secureserver.net/repository/sf-class2-root.crt注意
Amazon Keyspaces 之前使用锚定在 Starfield Class 2 CA 上的 TLS 证书。 AWS 正在将所有证书全部迁移 AWS 区域 到根据亚马逊信任服务(Amazon Root CAs 1—4)颁发的证书。在此过渡期间,将客户端配置为同时信任 Amazon Root CAs 1—4 和 Starfield 根,以确保所有区域之间的兼容性。
将数字证书转换为 TrustStore 文件并将其添加到密钥库中。
openssl x509 -outform der -in AmazonRootCA1.pem -out temp_file.der keytool -import -alias amazon-root-ca-1 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA2.pem -out temp_file.der keytool -import -alias amazon-root-ca-2 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA3.pem -out temp_file.der keytool -import -alias amazon-root-ca-3 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA4.pem -out temp_file.der keytool -import -alias amazon-root-ca-4 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in sf-class2-root.crt -out temp_file.der keytool -import -alias cassandra -keystore cassandra_truststore.jks -file temp_file.der在最后一步中,您需要为密钥库创建密码并信任每个证书。交互式命令如下所示。
Enter keystore password: Re-enter new password: Owner: CN=Amazon Root CA 1, O=Amazon, C=US Issuer: CN=Amazon Root CA 1, O=Amazon, C=US Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca Valid from: Tue May 26 00:00:00 UTC 2015 until: Sun Jan 17 00:00:00 UTC 2038 Certificate fingerprints: SHA1: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 SHA256: 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 84 18 CC 85 34 EC BC 0C 94 94 2E 08 59 9C C7 B2 ....4.......Y... 0010: 10 4E 0A 08 .N.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 2, O=Amazon, C=US Issuer: CN=Amazon Root CA 2, O=Amazon, C=US Serial number: 66c9fd29635869f0a0fe58678f85b26bb8a37 Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A SHA256: 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 4096-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B0 0C F0 4C 30 F4 05 58 02 48 FD 33 E5 52 AF 4B ...L0..X.H.3.R.K 0010: 84 E3 66 52 ..fR ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 3, O=Amazon, C=US Issuer: CN=Amazon Root CA 3, O=Amazon, C=US Serial number: 66c9fd5749736663f3b0b9ad9e89e7603f24a Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E SHA256: 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC (secp256r1) key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AB B6 DB D7 06 9E 37 AC 30 86 07 91 70 C7 9C C4 ......7.0...p... 0010: 19 B1 78 C0 ..x. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 4, O=Amazon, C=US Issuer: CN=Amazon Root CA 4, O=Amazon, C=US Serial number: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE SHA256: E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 Signature algorithm name: SHA384withECDSA Subject Public Key Algorithm: 384-bit EC (secp384r1) key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: D3 EC C7 3A 65 6E CC E1 DA 76 9A 56 FB 9C F3 86 ...:en...v.V.... 0010: 6D 57 E5 81 mW.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Serial number: 0 Valid from: Tue Jun 29 17:39:16 UTC 2004 until: Thu Jun 29 17:39:16 UTC 2034 Certificate fingerprints: SHA1: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A SHA256: 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 Signature algorithm name: SHA1withRSA (weak) Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: BF 5F B7 D1 CE DD 1F 86 F4 5B 55 AC DC D7 10 C2 ._.......[U..... 0010: 0E A9 88 E7 .... ] [OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US] SerialNumber: [ 00] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: BF 5F B7 D1 CE DD 1F 86 F4 5B 55 AC DC D7 10 C2 ._.......[U..... 0010: 0E A9 88 E7 .... ] ] Warning: The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update. Trust this certificate? [no]: yes Certificate was added to keystore
-
设置 Cassandra 查询语言 Shell (cqlsh) 连接,并按照使用 cqlsh 连接 Amazon Keyspaces 中的步骤确认您可以连接到 Amazon Keyspaces。
-
下载并安装 DSBulk。
要下载 DSBulk,您可以使用以下代码。
curl -OL https://downloads.datastax.com/dsbulk/dsbulk-1.8.0.tar.gz然后解压 tar 文件并将其 DSBulk 添加到您的文件中
PATH,如以下示例所示。tar -zxvf dsbulk-1.8.0.tar.gz # add the DSBulk directory to the path export PATH=$PATH:./dsbulk-1.8.0/bin创建一个
application.conf文件来存储要使用的设置 DSBulk。您可以将以下示例保存为./dsbulk_keyspaces.conf。如果您不在本地节点上,请将localhost替换为本地 Cassandra 集群的联系点,例如 DNS 名称或 IP 地址。记下文件名和路径,因为稍后您需要在dsbulk load命令中指定这些内容。datastax-java-driver { basic.contact-points = [ "localhost"] advanced.auth-provider { class = software.aws.mcs.auth.SigV4AuthProvider aws-region =us-east-1} }要启用 SigV4 支持,请从下载阴影
jar文件GitHub并将其放在 DSBulk lib文件夹中,如下例所示。curl -O -L https://github.com/aws/aws-sigv4-auth-cassandra-java-driver-plugin/releases/download/4.0.6-shaded-v2/aws-sigv4-auth-cassandra-java-driver-plugin-4.0.6-shaded.jar
