configuring DBEaver to connect to Ignite cluster with SSL enabled

classic Classic list List threaded Threaded
12 messages Options
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

configuring DBEaver to connect to Ignite cluster with SSL enabled

Hi

Any pointers towards this
Not finding any option on DBEaver tool to configure SSL certificates,
Does DBEaver support configuring Ingite cluster enabled with SSL

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!

You just need to set the following connection properties in dbeaver's connection settings:

sslMode

Enables SSL connection. Available modes:

  • require: SSL protocol is enabled on the client. Only SSL connection is available.

  • disable: SSL protocol is disabled on the client. Only plain connection is supported.

sslClientCertificateKeyStoreUrl

URL of the client key store file. This is a mandatory parameter since SSL context cannot be initialized without a key manager. If sslMode is require and the key store URL isn’t specified in the Ignite properties, the value of the JSSE property javax.net.ssl.keyStore is used.

sslClientCertificateKeyStorePassword

Client key store password.

If sslMode is require and the key store password isn’t specified in the Ignite properties, the JSSE property javax.net.ssl.keyStorePassword is used.

sslTrustCertificateKeyStoreUrl

URL of the trust store file. This is an optional parameter; however, one of these properties must be set: sslTrustCertificateKeyStoreUrl or sslTrustAll

If sslMode is require and the trust store URL isn’t specified in the Ignite properties, the JSSE property javax.net.ssl.trustStore is used.

sslTrustCertificateKeyStorePassword

Trust store password.

If sslMode is require and the trust store password isn’t specified in the Ignite properties, the JSSE property javax.net.ssl.trustStorePassword is used.


Regards,
--
Ilya Kasnacheev


вс, 20 дек. 2020 г. в 16:06, Naveen <[hidden email]>:
Hi

Any pointers towards this
Not finding any option on DBEaver tool to configure SSL certificates,
Does DBEaver support configuring Ingite cluster enabled with SSL

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

I did mention all these 5 properties mentioned, but still fails with the following message Failed to read incoming message (not enough data). Is there is something I am missing here Thanks

Sent from the Apache Ignite Users mailing list archive at Nabble.com.
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!

Looks OK. Did you also enable SSL in the ClientConnectorConfiguration?

Regards,
--
Ilya Kasnacheev


пн, 21 дек. 2020 г. в 16:44, Naveen <[hidden email]>:
I did mention all these 5 properties mentioned, but still fails with the following message Failed to read incoming message (not enough data). Is there is something I am missing here Thanks

Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Where do I do this ClientConnectorConfiguration ?
Is it on the server node we need to add this to the config XML which we use
to start the Ignite node ?
if so, can you pls share the code snippet I should be adding

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!


Regards,
--
Ilya Kasnacheev


вт, 22 дек. 2020 г. в 13:27, Naveen <[hidden email]>:
Where do I do this ClientConnectorConfiguration ?
Is it on the server node we need to add this to the config XML which we use
to start the Ignite node ?
if so, can you pls share the code snippet I should be adding

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

I do this entry in the server config

<property name="clientConnectorConfiguration">
    <bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
        <property name="sslEnabled" value="true"/>
    </bean>
</property>

But still not able to configure DBeaver to connect, am I still missing
something

Thanks
NAveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!

Did you also specify a SSL socket factory?

Regards,
--
Ilya Kasnacheev


ср, 23 дек. 2020 г. в 18:18, Naveen <[hidden email]>:
I do this entry in the server config

<property name="clientConnectorConfiguration">
    <bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
        <property name="sslEnabled" value="true"/>
    </bean>
</property>

But still not able to configure DBeaver to connect, am I still missing
something

Thanks
NAveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

I did specify SSLContextFactory like below


<property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="keyStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-keystore.jks"/>
      <property name="keyStorePassword" value="XXXXXXX"/>
      <property name="trustStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-truststore.jks"/>
      <property name="trustStorePassword" value="XXXXXX"/>
    </bean>
  </property>

and sslEnabled enables like  below

  <property name="clientConnectorConfiguration">
    <bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
        <property name="sslEnabled" value="true"/>
    </bean>
  </property>

And, we were able to connect from any Java API and Ignite SQLLine console as
well, only from DBEaever we are not able to connect

SSL socket factory, how do we specify this ?

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!


You can either wait for 2.9.1 which will fix it, or prepend all properties' names with "ignite.jdbc."

Regards,
--
Ilya Kasnacheev


чт, 24 дек. 2020 г. в 14:10, Naveen <[hidden email]>:
I did specify SSLContextFactory like below


<property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="keyStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-keystore.jks"/>
      <property name="keyStorePassword" value="XXXXXXX"/>
      <property name="trustStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-truststore.jks"/>
      <property name="trustStorePassword" value="XXXXXX"/>
    </bean>
  </property>

and sslEnabled enables like  below

  <property name="clientConnectorConfiguration">
    <bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
        <property name="sslEnabled" value="true"/>
    </bean>
  </property>

And, we were able to connect from any Java API and Ignite SQLLine console as
well, only from DBEaever we are not able to connect

SSL socket factory, how do we specify this ?

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Naveen Naveen
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

HI Ilya

Almost there, but still not completely done.

For a moment, it got connected and saw all the schemas, but later it never
connected.
This is what I have done,
<http://apache-ignite-users.70518.x6.nabble.com/file/t1478/DBeaverIssues.gif>

Interesting, I could see entries on my node logs

[2020-12-28 10:59:49,588][WARN
][grid-timeout-worker-#23][ClientListenerNioListener] Unable to perform
handshake within timeout [timeout=240000, remoteAddr=/10.171.66.32:60423]

ANd, on DBEeaver side, this is the error I keep getting

Failed to connect to Ignite cluster
[url=jdbc:ignite:thin://XXX.XXX.XXXX:10800/PUBLIC]
  Failed to read incoming message (not enough data).

I believe still something is missing here

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: configuring DBEaver to connect to Ignite cluster with SSL enabled

Hello!

I believe I told you what to do specifically. You can also just append all of your SSL-related settings to JDBC connection string, like you will do with sqlline tool.

Regards,
--
Ilya Kasnacheev


пн, 28 дек. 2020 г. в 10:41, Naveen <[hidden email]>:
HI Ilya

Almost there, but still not completely done.

For a moment, it got connected and saw all the schemas, but later it never
connected.
This is what I have done,
<http://apache-ignite-users.70518.x6.nabble.com/file/t1478/DBeaverIssues.gif>

Interesting, I could see entries on my node logs

[2020-12-28 10:59:49,588][WARN
][grid-timeout-worker-#23][ClientListenerNioListener] Unable to perform
handshake within timeout [timeout=240000, remoteAddr=/10.171.66.32:60423]

ANd, on DBEeaver side, this is the error I keep getting

Failed to connect to Ignite cluster
[url=jdbc:ignite:thin://XXX.XXX.XXXX:10800/PUBLIC]
  Failed to read incoming message (not enough data).

I believe still something is missing here

Thanks
Naveen



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/