You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by Naveen <na...@gmail.com> on 2020/12/20 13:05:46 UTC
configuring DBEaver to connect to Ignite cluster with SSL enabled
Hi
Any pointers towards this
Not finding any option on DBEaver tool to configure SSL certificates,
Does DBEaver support configuring Ingite cluster enabled with SSL
Thanks
Naveen
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
I believe I told you what to do specifically. You can also just append all
of your SSL-related settings to JDBC connection string, like you will do
with sqlline tool.
Regards,
--
Ilya Kasnacheev
пн, 28 дек. 2020 г. в 10:41, Naveen <na...@gmail.com>:
> HI Ilya
>
> Almost there, but still not completely done.
>
> For a moment, it got connected and saw all the schemas, but later it never
> connected.
> This is what I have done,
> <
> http://apache-ignite-users.70518.x6.nabble.com/file/t1478/DBeaverIssues.gif>
>
>
> Interesting, I could see entries on my node logs
>
> [2020-12-28 10:59:49,588][WARN
> ][grid-timeout-worker-#23][ClientListenerNioListener] Unable to perform
> handshake within timeout [timeout=240000, remoteAddr=/10.171.66.32:60423]
>
> ANd, on DBEeaver side, this is the error I keep getting
>
> Failed to connect to Ignite cluster
> [url=jdbc:ignite:thin://XXX.XXX.XXXX:10800/PUBLIC]
> Failed to read incoming message (not enough data).
>
> I believe still something is missing here
>
> Thanks
> Naveen
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: configuring DBEaver to connect to Ignite cluster with SSL
enabled
Posted by Naveen <na...@gmail.com>.
HI Ilya
Almost there, but still not completely done.
For a moment, it got connected and saw all the schemas, but later it never
connected.
This is what I have done,
<http://apache-ignite-users.70518.x6.nabble.com/file/t1478/DBeaverIssues.gif>
Interesting, I could see entries on my node logs
[2020-12-28 10:59:49,588][WARN
][grid-timeout-worker-#23][ClientListenerNioListener] Unable to perform
handshake within timeout [timeout=240000, remoteAddr=/10.171.66.32:60423]
ANd, on DBEeaver side, this is the error I keep getting
Failed to connect to Ignite cluster
[url=jdbc:ignite:thin://XXX.XXX.XXXX:10800/PUBLIC]
Failed to read incoming message (not enough data).
I believe still something is missing here
Thanks
Naveen
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
This may be caused by https://issues.apache.org/jira/browse/IGNITE-11312
You can either wait for 2.9.1 which will fix it, or prepend all properties'
names with "ignite.jdbc."
Regards,
--
Ilya Kasnacheev
чт, 24 дек. 2020 г. в 14:10, Naveen <na...@gmail.com>:
> I did specify SSLContextFactory like below
>
>
> <property name="sslContextFactory">
> <bean class="org.apache.ignite.ssl.SslContextFactory">
> <property name="keyStoreFilePath"
> value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-keystore.jks"/>
> <property name="keyStorePassword" value="XXXXXXX"/>
> <property name="trustStoreFilePath"
>
> value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-truststore.jks"/>
> <property name="trustStorePassword" value="XXXXXX"/>
> </bean>
> </property>
>
> and sslEnabled enables like below
>
> <property name="clientConnectorConfiguration">
> <bean
> class="org.apache.ignite.configuration.ClientConnectorConfiguration">
> <property name="sslEnabled" value="true"/>
> </bean>
> </property>
>
> And, we were able to connect from any Java API and Ignite SQLLine console
> as
> well, only from DBEaever we are not able to connect
>
> SSL socket factory, how do we specify this ?
>
> Thanks
> Naveen
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: configuring DBEaver to connect to Ignite cluster with SSL
enabled
Posted by Naveen <na...@gmail.com>.
I did specify SSLContextFactory like below
<property name="sslContextFactory">
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-keystore.jks"/>
<property name="keyStorePassword" value="XXXXXXX"/>
<property name="trustStoreFilePath"
value="/usr/apache-ignite-2.8.1-bin/config/ignitedev-node1-truststore.jks"/>
<property name="trustStorePassword" value="XXXXXX"/>
</bean>
</property>
and sslEnabled enables like below
<property name="clientConnectorConfiguration">
<bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
<property name="sslEnabled" value="true"/>
</bean>
</property>
And, we were able to connect from any Java API and Ignite SQLLine console as
well, only from DBEaever we are not able to connect
SSL socket factory, how do we specify this ?
Thanks
Naveen
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
Did you also specify a SSL socket factory?
Regards,
--
Ilya Kasnacheev
ср, 23 дек. 2020 г. в 18:18, Naveen <na...@gmail.com>:
> I do this entry in the server config
>
> <property name="clientConnectorConfiguration">
> <bean
> class="org.apache.ignite.configuration.ClientConnectorConfiguration">
> <property name="sslEnabled" value="true"/>
> </bean>
> </property>
>
> But still not able to configure DBeaver to connect, am I still missing
> something
>
> Thanks
> NAveen
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: configuring DBEaver to connect to Ignite cluster with SSL
enabled
Posted by Naveen <na...@gmail.com>.
I do this entry in the server config
<property name="clientConnectorConfiguration">
<bean
class="org.apache.ignite.configuration.ClientConnectorConfiguration">
<property name="sslEnabled" value="true"/>
</bean>
</property>
But still not able to configure DBeaver to connect, am I still missing
something
Thanks
NAveen
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
Please check this link:
https://ignite.apache.org/docs/latest/security/ssl-tls#ssl-for-clients
Regards,
--
Ilya Kasnacheev
вт, 22 дек. 2020 г. в 13:27, Naveen <na...@gmail.com>:
> Where do I do this ClientConnectorConfiguration ?
> Is it on the server node we need to add this to the config XML which we use
> to start the Ignite node ?
> if so, can you pls share the code snippet I should be adding
>
> Thanks
> Naveen
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: configuring DBEaver to connect to Ignite cluster with SSL
enabled
Posted by Naveen <na...@gmail.com>.
Where do I do this ClientConnectorConfiguration ?
Is it on the server node we need to add this to the config XML which we use
to start the Ignite node ?
if so, can you pls share the code snippet I should be adding
Thanks
Naveen
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
Looks OK. Did you also enable SSL in the ClientConnectorConfiguration?
Regards,
--
Ilya Kasnacheev
пн, 21 дек. 2020 г. в 16:44, Naveen <na...@gmail.com>:
> I did mention all these 5 properties mentioned, but still fails with the
> following message Failed to read incoming message (not enough data). Is
> there is something I am missing here Thanks
> ------------------------------
> Sent from the Apache Ignite Users mailing list archive
> <http://apache-ignite-users.70518.x6.nabble.com/> at Nabble.com.
>
Re: configuring DBEaver to connect to Ignite cluster with SSL
enabled
Posted by Naveen <na...@gmail.com>.
<http://apache-ignite-users.70518.x6.nabble.com/file/t1478/DBeavr_issue.jpg>
I did mention all these 5 properties mentioned, but still fails with the
following messageFailed to read incoming message (not enough data).Is there
is something I am missing hereThanks
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: configuring DBEaver to connect to Ignite cluster with SSL enabled
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
You just need to set the following connection properties in dbeaver's
connection settings:
https://ignite.apache.org/docs/latest/SQL/JDBC/jdbc-driver
sslMode
Enables SSL connection. Available modes:
-
require: SSL protocol is enabled on the client. Only SSL connection is
available.
-
disable: SSL protocol is disabled on the client. Only plain connection
is supported.
sslClientCertificateKeyStoreUrl
URL of the client key store file. This is a mandatory parameter since SSL
context cannot be initialized without a key manager. If sslMode is require
and the key store URL isn’t specified in the Ignite properties, the value
of the JSSE property javax.net.ssl.keyStore is used.
sslClientCertificateKeyStorePassword
Client key store password.
If sslMode is require and the key store password isn’t specified in the
Ignite properties, the JSSE property javax.net.ssl.keyStorePassword is used.
sslTrustCertificateKeyStoreUrl
URL of the trust store file. This is an optional parameter; however, one of
these properties must be set: sslTrustCertificateKeyStoreUrl or sslTrustAll
If sslMode is require and the trust store URL isn’t specified in the Ignite
properties, the JSSE property javax.net.ssl.trustStore is used.
sslTrustCertificateKeyStorePassword
Trust store password.
If sslMode is require and the trust store password isn’t specified in the
Ignite properties, the JSSE property javax.net.ssl.trustStorePassword is
used.
Regards,
--
Ilya Kasnacheev
вс, 20 дек. 2020 г. в 16:06, Naveen <na...@gmail.com>:
> Hi
>
> Any pointers towards this
> Not finding any option on DBEaver tool to configure SSL certificates,
> Does DBEaver support configuring Ingite cluster enabled with SSL
>
> Thanks
> Naveen
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>