-proto_dist inet_tls

Michael Johnson mj at mediatemple.net
Fri Oct 12 14:49:18 EDT 2012


Has anyone successfully configured riak so that the erlang cluster
communication happens over SSL?  I ask because as near as I can tell it
simply does not work.  The default vm.args (
https://github.com/basho/riak/blob/master/rel/files/vm.args) contains the
following lines:

## To enable SSL encryption of the Erlang intra-cluster communication,
## un-comment the three lines below and make certain that the paths
## point to correct PEM data files.  See docs TODO for details.

## -proto_dist inet_ssl
## -ssl_dist_opt client_certfile "{{platform_etc_dir}}/erlclient.pem"
## -ssl_dist_opt server_certfile "{{platform_etc_dir}}/erlserver.pem"

This information is not correct for current versions of erlang (including
the one basho bundles in the binary packages).  Instead of '-proto_dist
inet_ssl' it should be '-proto_dist inet_tls'

Once I correct that problem, the beam process will start, however, nodetool
cannot talk to the node and thus the initscript fails (while leaving a
running riak process).  At first I suspected this might be a problem with
nodetool, but I cannot join the nodes together.

I am starting to think this may be a problem with erlang and thus just not
going to work.  I'm going to try following the instructions at
http://www.erlang.org/doc/apps/ssl/ssl_distribution.html to build a simple
test app that handles the cluster communication over SSL, so then I should
know if this is a riak problem or if it is an erlang problem.

In the mean time, if anyone has information one way or the other, it would
be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20121012/74b93fd9/attachment.html>


More information about the riak-users mailing list