Hi Pavel,
Under this [3]
https://ignite.apache.org/docs/latest/net-specific/net-configuration-options#configure-with-spring-xml<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/net-specific/net-configuration-options*configure-with-spring-xml__;Iw!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_t2Mrti2g$>
Which is the spring property which needs to be set for enabling SSL for
control script in server nodes?. Is this right
<property name="clientConnectorConfiguration">
<bean class="org.apache.ignite.configuration.ClientConnectorConfiguration">
<property name="sslEnabled" value="true"/>
</bean>
</property>
Regards
Satyajit
Restricted - External
From: Pavel Tupitsyn <ptupit...@apache.org>
Sent: Monday, September 16, 2024 12:36 PM
To: Mandal, Satyajit: IT (PUN) <satyajit.man...@barclays.com>
Cc: user@ignite.apache.org
Subject: Re: Self manageemnt script ( Control Scripts) + Ignite .NET Clusters
________________________________
CAUTION: This email originated from outside our organization -
ptupit...@apache.org<mailto:ptupit...@apache.org> Do not click on links, open
attachments, or respond unless you recognize the sender and can validate the
content is safe.
________________________________
Hi, control script [1] uses REST API
You can disable it or set up secret keys, SSL, etc, as described in the docs [2]
To do that from .NET, use IgniteConfiguration.SpringConfigUrl property [3]
[1]
https://ignite.apache.org/docs/latest/tools/control-script<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/tools/control-script__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_tllM7Y3g$>
[2]
https://ignite.apache.org/docs/latest/restapi<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/restapi__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_tBkkpV2Q$>
[3]
https://ignite.apache.org/docs/latest/net-specific/net-configuration-options#configure-with-spring-xml<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/net-specific/net-configuration-options*configure-with-spring-xml__;Iw!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_t2Mrti2g$>
On Mon, Sep 16, 2024 at 9:35 AM
<satyajit.man...@barclays.com<mailto:satyajit.man...@barclays.com>> wrote:
Hi Pavel,
How can we prevent self-management scripts ( Control scripts) to join the
cluster which has TLS/SSL enabled. Currently without certificates it is
able to join the cluster though TLS/SSL is enabled in Ignite .NET Cluster.
Is there any setting on server nodes which we are missing? Can’t find
this setting in Ignite .NET library (
ConnectorConfiguration.sslClientAuth=true )
Under this documentation nothing is mentioned
https://ignite.apache.org/docs/latest/security/ssl-tls<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/security/ssl-tls__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_sDIdKP2w$>
Found this under Gridgain documentation but can’t find this on Ignite
documentation.
https://www.gridgain.com/docs/latest/administrators-guide/security/ssl-tls<https://urldefense.com/v3/__https:/www.gridgain.com/docs/latest/administrators-guide/security/ssl-tls__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_u9w-eQpQ$>
Management Tools SSL/TLS Authentication
By default, management scripts such as control.sh|bat, management.sh|bat, and
snapshot-utility.sh|bat are not required to have client certificates.
To enable client certificate validation, set
ConnectorConfiguration.sslClientAuth=true on the server nodes.
Regards
Satyajit
Restricted - External
Barclays Execution Services Limited registered in England. Registered No.
1767980. Registered office: 1 Churchill Place, London, E14 5HP
Barclays Execution Services Limited provides support and administrative
services across Barclays group. Barclays Execution Services Limited is an
appointed representative of Barclays Bank UK plc and Barclays Bank plc.
Barclays Bank UK plc and Barclays Bank plc are authorised by the Prudential
Regulation Authority and regulated by the Financial Conduct Authority and the
Prudential Regulation Authority.
This email and any attachments are confidential and intended solely for the
addressee and may also be privileged or exempt from disclosure under applicable
law. If you are not the addressee, or have received this email in error, please
notify the sender and immediately delete it and any attachments from your
system. Do not copy, use, disclose or otherwise act on any part of this email
or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The
Barclays group does not accept responsibility for any loss arising from
unauthorised access to, or interference with, any internet communications by
any third party, or from the transmission of any viruses. Replies to this email
may be monitored by the Barclays group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not
relate to the business of the Barclays group is personal to the sender and is
not given or endorsed by the Barclays group.
Unless specifically indicated, this e-mail is not an offer to buy or sell or a
solicitation to buy or sell any securities, investment products or other
financial product or service, an official confirmation of any transaction, or
an official statement of Barclays.
Barclays Execution Services Limited registered in England. Registered No.
1767980. Registered office: 1 Churchill Place, London, E14 5HP
Barclays Execution Services Limited provides support and administrative
services across Barclays group. Barclays Execution Services Limited is an
appointed representative of Barclays Bank UK plc and Barclays Bank plc.
Barclays Bank UK plc and Barclays Bank plc are authorised by the Prudential
Regulation Authority and regulated by the Financial Conduct Authority and the
Prudential Regulation Authority.
This email and any attachments are confidential and intended solely for the
addressee and may also be privileged or exempt from disclosure under applicable
law. If you are not the addressee, or have received this email in error, please
notify the sender and immediately delete it and any attachments from your
system. Do not copy, use, disclose or otherwise act on any part of this email
or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The
Barclays group does not accept responsibility for any loss arising from
unauthorised access to, or interference with, any internet communications by
any third party, or from the transmission of any viruses. Replies to this email
may be monitored by the Barclays group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not
relate to the business of the Barclays group is personal to the sender and is
not given or endorsed by the Barclays group.
Unless specifically indicated, this e-mail is not an offer to buy or sell or a
solicitation to buy or sell any securities, investment products or other
financial product or service, an official confirmation of any transaction, or
an official statement of Barclays.
