Hello,
We are currently using ScyllaDB with Scylla Manager Open Source, and I’ve encountered an issue. When running the sctool status
command, the CQL returns a TIMEOUT SSL error.
I couldn’t find specific information in the documentation regarding the correct configuration for SSL keys. While our application is configured to use SSL correctly with the necessary certificates, my attempts to apply the same configuration to the manager have been unsuccessful.
Could you please provide guidance on how to properly configure SSL for Scylla Manager?
Thank you.
Bundle:
scylla-manager --version
3.2.8-0.20240517.5f324acd2
scylla --version
5.4.6-0.20240418.10f137e367e3
3 Machines (for the Scylla Cluster) + 1 machine (for the Scylla Manager + scylla)
Everything runs on baremetal.
The Output:
ubuntu@scylla-manager:~$ sctool status -c REDACTED
Datacenter: REDACTED
╭────┬─────────────────────┬──────────┬────────────┬───────────┬──────┬──────────┬────────┬───────┬──────────────────────────────────────╮
│ │ CQL │ REST │ Address │ Uptime │ CPUs │ Memory │ Scylla │ Agent │ Host ID │
├────┼─────────────────────┼──────────┼────────────┼───────────┼──────┼──────────┼────────┼───────┼──────────────────────────────────────┤
│ UN │ TIMEOUT SSL (853ms) │ UP (0ms) │ 10.1.0.101 │ 25h27m45s │ 32 │ 125.736G │ 5.4.6 │ 3.2.8 │ REDACTED │
│ UN │ TIMEOUT SSL (852ms) │ UP (0ms) │ 10.1.0.102 │ 25h49m29s │ 32 │ 125.736G │ 5.4.6 │ 3.2.8 │ REDACTED │
│ UN │ TIMEOUT SSL (853ms) │ UP (1ms) │ 10.1.0.103 │ 25h39m15s │ 32 │ 125.736G │ 5.4.6 │ 3.2.8 │ REDACTED │
╰────┴─────────────────────┴──────────┴────────────┴───────────┴──────┴──────────┴────────┴───────┴──────────────────────────────────────╯
My last(current) attempt for the /etc/scylla-manager/scylla-manager.yaml
on the manager machine.
Note: The scylla at 127.0.0.1 is a standalone node reserved for the manager.
http: 127.0.0.1:5080
https: 127.0.0.1:5443
database:
hosts:
- 127.0.0.1
user: REDACTED
password: REDACTED
keyspace: scylla_manager
replication_factor: 1
ssl:
cert_file: /etc/scylla/ssl/certs/node_cadb.pem
validate: false