Problems with AWS Keyspaces

[vittoriocanilli]

Hello,

I have a PHP third-party application, which needs to access a Cassandra keyspace and it does not support TLS connections; I have set up a Cassandra keyspace in AWS Keyspaces, which requires TLS connections: therefore I am trying to use this proxy.

After that I have followed these instructions, I managed successfully to connect to my Cassandra keyspace on AWS Keyspaces locally via cqlsh.

Before configuring your proxy in a Kubernetes container (where the PHP third-party application is running), I am trying to run the cql-proxy image for some local tests:

docker run -p 9042:9042 \
  --rm datastax/cql-proxy:v0.1.3 \
  --contact-points="cassandra.eu-west-1.amazonaws.com" --username="${CASSANDRA_USERNAME}" \
  --password="${CASSANDRA_PASSWORD}" --port="9142" --bind="127.0.0.1:9042" \
  --proxy-cert-file="/path/to/sf-class2-root.crt" --debug

Unfortunately this simply returns the following error without further explanation:

cql-proxy: error: unable to connect to cluster context deadline exceeded

Am I missing something in the parameters passed for my test? Has somebody else tested this proxy solution with AWS Keyspaces already? Thanks in advance.

[mpenick]

cql-proxy doesn't currently support Proxy <--> Cassandra TLS. It only supports Client <--> Proxy and Proxy <--> Astra TLS. PRs welcome.

[vittoriocanilli]

Alright, thanks for the clarification.

[kamek-pf]

@vittoriocanilli I'm in a similar situation, did you find a solution ?

[mpenick]

Here's a PR that supports Proxy <--> Cassandra TLS: #103. It's not tested yet, but please give it a try!

[vittoriocanilli]

@kamek-pf sorry for the very late reply; eventually I have managed to achieve my goal by using a container with HAProxy instead of CqlProxy.