IBM Support

SSL with scala

Troubleshooting


Problem

Issue

When trying to connect using Scala with Kerberos authentication, you may receive the following error:

scala> val session=cluster.connect 
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: sqaz002udw11.russellreynolds.com/172.27.2.73:9042 (com.datastax.driver.core.exceptions.TransportException: [sqaz002udw11.russellreynolds.com/172.27.2.73:9042] Connection has been closed)) 
at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:237) 
at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:84) 
at com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.java:1622) 
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1540) 
at com.datastax.driver.core.Cluster.init(Cluster.java:151) 
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:333) 
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:308) 
at com.datastax.driver.core.Cluster.connect(Cluster.java:250) 
... 61 elided
 

Since the error is NoHostAvailableException, it's probably not Kerberos-related.

 

Solution

We found that ssl for client_encryption_options was true, so we had to get scala working with ssl. Here's the final code base:

import io.netty.handler.ssl.SslContextBuilder
import javax.net.ssl.TrustManagerFactory
import java.security.KeyStore
import com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions

val ks = KeyStore.getInstance("JKS")
val trustStore = new java.io.FileInputStream("/path/to/truststore.jks")
ks.load(trustStore, "XXXXXXXX".toCharArray())

val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)

val sslContext = javax.net.ssl.SSLContext.getInstance("TLS")
sslContext.init(null,tmf.getTrustManagers,null)

val sslOptions = RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sslContext).build()
 

import javax.security.auth.login.LoginContext
val lc = new LoginContext("DseClient")
lc.login

val subject = lc.getSubject
val hostAndPort = Seq("localhost","9042")

import com.datastax.driver.core.Cluster
import com.datastax.driver.dse.auth._

val cluster = Cluster.builder
.addContactPointsWithPorts(

new java.net.InetSocketAddress(
hostAndPort(0),hostAndPort(1).toInt))
.withAuthProvider(DseGSSAPIAuthProvider.builder().withSubject(subject).build())
.withSSL(sslOptions)
.build

val session = cluster.connect

val rs = session.execute("DROP TABLE IF EXISTS datascience.persons")

session.close
 

The key was moving away from RemoteEndpointAwareNettySSLOptions and toward RemoteEndpointAwareJdkSSLOptions. If using Netty, there are a lot of dependencies that are required.
 

Last Reviewed Date: 2023-12-08

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCR56","label":"IBM DataStax Enterprise"},"ARM Category":[{"code":"","label":""}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Historical Number

ka0Ui00000008FJIAY

Document Information

Modified date:
30 January 2026

UID

ibm17258787

Page Feedback