We had a 4 node cassandra cluster with gazzang. I want to know how to encrypt the data and check whether the data is encrypted or not?
Full disclosure, I work for Gazzang and followup questions can be sent directly to support@gazzang.com
First you should confirm that zNcrypt is installed and running, the best way to verify that is by checking out this Gazzang support FAQ article. https://gazzang.zendesk.com/entries/28400268-How-do-I-confirm-that-zncrypt-is-running-and-protecting-my-data- Once you have confirmed zNcrypt is installed and running you can run a df command and you should see a zNcrypt filesystems mounted like below.
[root@node-001 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 97G 2.8G 90G 3% /
/dev/md0 2.7T 202M 2.6T 1% /data
/dev/sda1 99M 21M 73M 23% /boot
tmpfs 7.8G 0 7.8G 0% /dev/shm
/data/zncrypt/storage/encrypted_private 2.7T 202M 2.6T 1% /data/zncrypt/ezncrypted
/data/zncrypt/ezncrypted 2.7T 202M 2.6T 1% /data/zncrypt/ezncrypted
You can confirm zNcrypt is encrypting the data by printing the encrypted data with a cat or strings command.
[root@node-001 ~]# sudo strings /data/zncrypt/storage/encrypted_private/var/lib/cassandra/* | more
Using the strings command should output to your screen non-human readable data.
If you further would like to confirm the data is completely encrypted when you shutdown the cassandra service, you can unmount zncrypt and confirm there is no data in cleartext anywhere in the filesystem.
[root@node-001 ~]# sudo /etc/init.d/zncrypt-mount stop
[root@node-001 ~]# sudo strings /data/zncrypt/*/*/*/*/*/* | more
Again, using the strings command should output to your screen non-human readable data.
You will need to restart zncrypt after you verify the data is encrypted [root@node-001 ~]# sudo /etc/init.d/zncrypt-mount stop