本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
先決條件:您必須先完成的步驟,才能使用 DSBulk 上傳資料
您必須完成下列任務,才能開始本教學課程。
-
如果您尚未這麼做,請依照 中的步驟註冊 AWS 帳戶設定 AWS Identity and Access Management。
-
依照 中的步驟建立登入資料建立和設定 Amazon Keyspaces 的 AWS 登入資料。
建立 JKS 信任存放區檔案。
下載下列數位憑證,並將檔案儲存在本機或主目錄中。
AmazonRootCA1
AmazonRootCA2
AmazonRootCA3
AmazonRootCA4
Starfield Class 2 根目錄 (選用 – 用於回溯相容性)
若要下載憑證,您可以使用下列命令。
curl -O https://www.amazontrust.com/repository/AmazonRootCA1.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA2.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA3.pem curl -O https://www.amazontrust.com/repository/AmazonRootCA4.pem curl -O https://certs.secureserver.net/repository/sf-class2-root.crt注意
Amazon Keyspaces 先前使用錨定至 Starfield 類別 2 CA 的 TLS 憑證。 AWS 正在將所有 遷移 AWS 區域 至根據 Amazon Trust Services (Amazon 根 CAs 發行的憑證。在此轉換期間,請將用戶端設定為信任 Amazon 根 CAs1–4 和 Starfield 根,以確保所有區域的相容性。
將數位憑證轉換為 trustStore 檔案,並將其新增至金鑰存放區。
openssl x509 -outform der -in AmazonRootCA1.pem -out temp_file.der keytool -import -alias amazon-root-ca-1 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA2.pem -out temp_file.der keytool -import -alias amazon-root-ca-2 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA3.pem -out temp_file.der keytool -import -alias amazon-root-ca-3 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in AmazonRootCA4.pem -out temp_file.der keytool -import -alias amazon-root-ca-4 -keystore cassandra_truststore.jks -file temp_file.der openssl x509 -outform der -in sf-class2-root.crt -out temp_file.der keytool -import -alias cassandra -keystore cassandra_truststore.jks -file temp_file.der在最後一個步驟中,您需要為金鑰存放區建立密碼,並信任每個憑證。互動式命令看起來像這樣。
Enter keystore password: Re-enter new password: Owner: CN=Amazon Root CA 1, O=Amazon, C=US Issuer: CN=Amazon Root CA 1, O=Amazon, C=US Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca Valid from: Tue May 26 00:00:00 UTC 2015 until: Sun Jan 17 00:00:00 UTC 2038 Certificate fingerprints: SHA1: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 SHA256: 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 84 18 CC 85 34 EC BC 0C 94 94 2E 08 59 9C C7 B2 ....4.......Y... 0010: 10 4E 0A 08 .N.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 2, O=Amazon, C=US Issuer: CN=Amazon Root CA 2, O=Amazon, C=US Serial number: 66c9fd29635869f0a0fe58678f85b26bb8a37 Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A SHA256: 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 4096-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B0 0C F0 4C 30 F4 05 58 02 48 FD 33 E5 52 AF 4B ...L0..X.H.3.R.K 0010: 84 E3 66 52 ..fR ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 3, O=Amazon, C=US Issuer: CN=Amazon Root CA 3, O=Amazon, C=US Serial number: 66c9fd5749736663f3b0b9ad9e89e7603f24a Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E SHA256: 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC (secp256r1) key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AB B6 DB D7 06 9E 37 AC 30 86 07 91 70 C7 9C C4 ......7.0...p... 0010: 19 B1 78 C0 ..x. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: CN=Amazon Root CA 4, O=Amazon, C=US Issuer: CN=Amazon Root CA 4, O=Amazon, C=US Serial number: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e Valid from: Tue May 26 00:00:00 UTC 2015 until: Sat May 26 00:00:00 UTC 2040 Certificate fingerprints: SHA1: F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE SHA256: E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 Signature algorithm name: SHA384withECDSA Subject Public Key Algorithm: 384-bit EC (secp384r1) key Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: D3 EC C7 3A 65 6E CC E1 DA 76 9A 56 FB 9C F3 86 ...:en...v.V.... 0010: 6D 57 E5 81 mW.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore Enter keystore password: Owner: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Serial number: 0 Valid from: Tue Jun 29 17:39:16 UTC 2004 until: Thu Jun 29 17:39:16 UTC 2034 Certificate fingerprints: SHA1: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A SHA256: 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 Signature algorithm name: SHA1withRSA (weak) Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: BF 5F B7 D1 CE DD 1F 86 F4 5B 55 AC DC D7 10 C2 ._.......[U..... 0010: 0E A9 88 E7 .... ] [OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US] SerialNumber: [ 00] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: BF 5F B7 D1 CE DD 1F 86 F4 5B 55 AC DC D7 10 C2 ._.......[U..... 0010: 0E A9 88 E7 .... ] ] Warning: The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update. Trust this certificate? [no]: yes Certificate was added to keystore
-
設定 Cassandra Query Language shell (cqlsh) 連線,並依照 中的步驟確認您可以連線至 Amazon Keyspaces使用 cqlsh 連線至 Amazon Keyspaces。
-
下載並安裝 DSBulk。
若要下載 DSBulk,您可以使用下列程式碼。
curl -OL https://downloads.datastax.com/dsbulk/dsbulk-1.8.0.tar.gz然後解壓縮 tar 檔案,並將 DSBulk 新增至您的
PATH,如下列範例所示。tar -zxvf dsbulk-1.8.0.tar.gz # add the DSBulk directory to the path export PATH=$PATH:./dsbulk-1.8.0/bin建立
application.conf檔案以存放 DSBulk 要使用的設定。您可以將下列範例儲存為./dsbulk_keyspaces.conf。如果您不在本機節點上,請將localhost取代為本機 Cassandra 叢集的聯絡點,例如 DNS 名稱或 IP 地址。請記下檔案名稱和路徑,因為您稍後需要在dsbulk load命令中指定此項目。datastax-java-driver { basic.contact-points = [ "localhost"] advanced.auth-provider { class = software.aws.mcs.auth.SigV4AuthProvider aws-region =us-east-1} }若要啟用 SigV4 支援,請從 GitHub
下載著色 jar檔案,並將其放在 DSBulklib資料夾中,如下列範例所示。curl -O -L https://github.com/aws/aws-sigv4-auth-cassandra-java-driver-plugin/releases/download/4.0.6-shaded-v2/aws-sigv4-auth-cassandra-java-driver-plugin-4.0.6-shaded.jar
