biao li
Reputation: 121
Does GridGain support SSL connection between each cluster member?
Does GridGain support SSL connection between each cluster member? If yes, can you show me how to do that?
Thanks, Bill
Upvotes: 0
Views: 180
Answers (2)
map7000
Reputation: 1
Ignite (and GridGain) allows you to use SSL for all possible connections. To use SSL connection between nodes define property sslContextFactory in IgniteConfiguration.
<bean id="cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
<property name="sslContextFactory">
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath" value="keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="trustStoreFilePath" value="keystore/trust.jks"/>
<property name="trustStorePassword" value="123456"/>
</bean>
</property>
</bean>
You can also check official security documentation. https://apacheignite.readme.io/docs/ssltls
Upvotes: 0
Valentin Kulichenko
Reputation: 8390
GridGain supports SSL only for client connections (GridGain provides .NET and C++ thin clients), but not for communication between nodes.
To enable SSL for client connections, configure your server nodes like this:
<bean id="grid.cfg" class="org.gridgain.grid.GridConfiguration">
<!-- Enable REST. -->
<property name="restEnabled" value="true"/>
<!-- Client connection configuration. -->
<property name="clientConnectionConfiguration">
<bean class="org.gridgain.grid.GridClientConnectionConfiguration">
<!-- Enable SSL. -->
<property name="restTcpSslEnabled" value="true"/>
<!-- Provide SSL context factory (required). -->
<property name="restTcpSslContextFactory">
<bean class="org.gridgain.client.ssl.GridSslBasicContextFactory">
<property name="keyStoreFilePath" "keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="trustStoreFilePath" "keystore/trust.jks"/>
<property name="trustStorePassword" value="123456"/>
</bean>
</property>
</bean>
</property>
</bean>
You will also need to provide SSL context factory on client configuration.
Upvotes: 2
Related Questions
- Cloud Run, is it possible to connect SSL/TLS database server
- How to put self-signed certificate to each node of GKE cluster?
- Cluster authentication
- Connect to Ignite Cluster over SSL using JDBC Thin Client
- Does GridGain support auto discovery on Amazon EC2?
- GridGain - programmatically opening nodes using SSH through Grid.startNodes API
- Does GridGain support backup of distributed lock?
- Does GridGain support distributed lock?
- Gridgain visor and Wan replication available only on Enterprise?
- Connecting to a Grid Cluster With GridGain