RE: Self manageemnt script ( Control Scripts) + Ignite .NET Clusters

[satyajit.mandal.barclays.com via user]

Hi  Pavel,

Under this [3] 
https://ignite.apache.org/docs/latest/net-specific/net-configuration-options#configure-with-spring-xml<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/net-specific/net-configuration-options*configure-with-spring-xml__;Iw!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_t2Mrti2g$>


Which  is the spring  property  which  needs  to  be set for enabling SSL for  
control  script  in server nodes?. Is  this right

<property name="clientConnectorConfiguration">
    <bean class="org.apache.ignite.configuration.ClientConnectorConfiguration">
        <property name="sslEnabled" value="true"/>
    </bean>
</property>

Regards
Satyajit





Restricted - External
From: Pavel Tupitsyn <ptupit...@apache.org>
Sent: Monday, September 16, 2024 12:36 PM
To: Mandal, Satyajit: IT (PUN) <satyajit.man...@barclays.com>
Cc: user@ignite.apache.org
Subject: Re: Self manageemnt script ( Control Scripts) + Ignite .NET Clusters

________________________________
CAUTION: This email originated from outside our organization - 
ptupit...@apache.org<mailto:ptupit...@apache.org> Do not click on links, open 
attachments, or respond unless you recognize the sender and can validate the 
content is safe.
________________________________
Hi, control script [1] uses REST API
You can disable it or set up secret keys, SSL, etc, as described in the docs [2]

To do that from .NET, use IgniteConfiguration.SpringConfigUrl property [3]

[1] 
https://ignite.apache.org/docs/latest/tools/control-script<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/tools/control-script__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_tllM7Y3g$>
[2] 
https://ignite.apache.org/docs/latest/restapi<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/restapi__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_tBkkpV2Q$>
[3] 
https://ignite.apache.org/docs/latest/net-specific/net-configuration-options#configure-with-spring-xml<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/net-specific/net-configuration-options*configure-with-spring-xml__;Iw!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_t2Mrti2g$>

On Mon, Sep 16, 2024 at 9:35 AM 
<satyajit.man...@barclays.com<mailto:satyajit.man...@barclays.com>> wrote:
Hi  Pavel,

How can  we prevent  self-management scripts ( Control  scripts)  to  join  the 
cluster  which  has TLS/SSL  enabled.  Currently  without certificates it is 
able  to  join the cluster  though  TLS/SSL  is enabled in  Ignite .NET Cluster.

Is  there  any  setting on  server nodes  which  we are missing? Can’t  find  
this setting  in  Ignite .NET library ( 
ConnectorConfiguration.sslClientAuth=true )

Under  this  documentation  nothing  is  mentioned

https://ignite.apache.org/docs/latest/security/ssl-tls<https://urldefense.com/v3/__https:/ignite.apache.org/docs/latest/security/ssl-tls__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_sDIdKP2w$>


Found  this under Gridgain  documentation  but  can’t  find  this  on  Ignite 
documentation.
https://www.gridgain.com/docs/latest/administrators-guide/security/ssl-tls<https://urldefense.com/v3/__https:/www.gridgain.com/docs/latest/administrators-guide/security/ssl-tls__;!!G7x19LdBoP0e!gtpU5npObMPEjX3StNsMcSsddmuefqYW_SR0k69GAfx10cZ_8TdnCTAPA-5JL4VR403eRoBNiFBQF3Jk5_u9w-eQpQ$>
Management Tools SSL/TLS Authentication
By default, management scripts such as control.sh|bat, management.sh|bat, and 
snapshot-utility.sh|bat are not required to have client certificates.
To enable client certificate validation, set 
ConnectorConfiguration.sslClientAuth=true on the server nodes.

Regards
Satyajit









Restricted - External

Barclays Execution Services Limited registered in England. Registered No. 
1767980. Registered office: 1 Churchill Place, London, E14 5HP

Barclays Execution Services Limited provides support and administrative 
services across Barclays group. Barclays Execution Services Limited is an 
appointed representative of Barclays Bank UK plc and Barclays Bank plc. 
Barclays Bank UK plc and Barclays Bank plc are authorised by the Prudential 
Regulation Authority and regulated by the Financial Conduct Authority and the 
Prudential Regulation Authority.

This email and any attachments are confidential and intended solely for the 
addressee and may also be privileged or exempt from disclosure under applicable 
law. If you are not the addressee, or have received this email in error, please 
notify the sender and immediately delete it and any attachments from your 
system. Do not copy, use, disclose or otherwise act on any part of this email 
or its attachments.

Internet communications are not guaranteed to be secure or virus-free. The 
Barclays group does not accept responsibility for any loss arising from 
unauthorised access to, or interference with, any internet communications by 
any third party, or from the transmission of any viruses. Replies to this email 
may be monitored by the Barclays group for operational or business reasons.

Any opinion or other information in this email or its attachments that does not 
relate to the business of the Barclays group is personal to the sender and is 
not given or endorsed by the Barclays group.

Unless specifically indicated, this e-mail is not an offer to buy or sell or a 
solicitation to buy or sell any securities, investment products or other 
financial product or service, an official confirmation of any transaction, or 
an official statement of Barclays.

Barclays Execution Services Limited registered in England. Registered No. 
1767980. Registered office: 1 Churchill Place, London, E14 5HP

Barclays Execution Services Limited provides support and administrative 
services across Barclays group. Barclays Execution Services Limited is an 
appointed representative of Barclays Bank UK plc and Barclays Bank plc. 
Barclays Bank UK plc and Barclays Bank plc are authorised by the Prudential 
Regulation Authority and regulated by the Financial Conduct Authority and the 
Prudential Regulation Authority. 

This email and any attachments are confidential and intended solely for the 
addressee and may also be privileged or exempt from disclosure under applicable 
law. If you are not the addressee, or have received this email in error, please 
notify the sender and immediately delete it and any attachments from your 
system. Do not copy, use, disclose or otherwise act on any part of this email 
or its attachments.

Internet communications are not guaranteed to be secure or virus-free. The 
Barclays group does not accept responsibility for any loss arising from 
unauthorised access to, or interference with, any internet communications by 
any third party, or from the transmission of any viruses. Replies to this email 
may be monitored by the Barclays group for operational or business reasons.

Any opinion or other information in this email or its attachments that does not 
relate to the business of the Barclays group is personal to the sender and is 
not given or endorsed by the Barclays group.

Unless specifically indicated, this e-mail is not an offer to buy or sell or a 
solicitation to buy or sell any securities, investment products or other 
financial product or service, an official confirmation of any transaction, or 
an official statement of Barclays.