Apache Ignite Documentation

GridGain Developer Hub - Apache Ignitetm

Welcome to the Apache Ignite developer hub run by GridGain. Here you'll find comprehensive guides and documentation to help you start working with Apache Ignite as quickly as possible, as well as support if you get stuck.

 

GridGain also provides Community Edition which is a distribution of Apache Ignite made available by GridGain. It is the fastest and easiest way to get started with Apache Ignite. The Community Edition is generally more stable than the Apache Ignite release available from the Apache Ignite website and may contain extra bug fixes and features that have not made it yet into the release on the Apache website.

 

Let's jump right in!

 

Documentation     Ask a Question     Download

 

Javadoc     Scaladoc     Examples

Securing Connection Between Nodes

Ignite allows you to use SSL socket communication to provide a secure connection among all Ignite nodes. To use it, set the Factory<SSLContext> and configure the SSL section in the Ignite configuration. Ignite provides a default SSL context factory, org.apache.ignite.ssl.SslContextFactory, which uses a configurable keystore to initialize the SSL context.

<bean id="cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
  <property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="keyStoreFilePath" value="keystore/server.jks"/>
      <property name="keyStorePassword" value="123456"/>
      <property name="trustStoreFilePath" value="keystore/trust.jks"/>
      <property name="trustStorePassword" value="123456"/>
    </bean>
  </property>
</bean>
IgniteConfiguration igniteCfg = new IgniteConfiguration();

SslContextFactory factory = new SslContextFactory();

factory.setKeyStoreFilePath("keystore/server.jks");
factory.setKeyStorePassword("123456".toCharArray());
factory.setTrustStoreFilePath("keystore/trust.jks");
factory.setTrustStorePassword("123456".toCharArray());

igniteCfg.setSslContextFactory(factory);

In some cases, it is useful to disable certificate validation on the client side, such as when connecting to a server with a self-signed certificate. This can be achieved by setting a disabled trust manager to this factory, which can be obtained by the getDisabledTrustManager method.

<bean id="cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
  <property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="keyStoreFilePath" value="keystore/server.jks"/>
      <property name="keyStorePassword" value="123456"/>
      <property name="trustManagers">
        <bean class="org.apache.ignite.ssl.SslContextFactory" factory-method="getDisabledTrustManager"/>
     </property>
    </bean>
  </property>
</bean>
IgniteConfiguration igniteCfg = new IgniteConfiguration();

SslContextFactory factory = new SslContextFactory();

factory.setKeyStoreFilePath("keystore/server.jks");
factory.setKeyStorePassword("123456".toCharArray());
factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());

igniteCfg.setSslContextFactory(factory);

If security is configured, then the logs will include communication encrypted=on

INFO: Security status [authentication=off, communication encrypted=on]

SSL and TLS

Ignite allows the use of different encryption types. The following algorithms are supported http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext and can be set by using the setProtocol method. TLS encryption is the default.

<bean id="cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
  <property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="protocol" value="SSL"/>
      ...
    </bean>
  </property>
  ...
</bean>
IgniteConfiguration igniteCfg = new IgniteConfiguration();

SslContextFactory factory = new SslContextFactory();

...
  
factory.setProtocol("TLS");

igniteCfg.setSslContextFactory(factory);

Configuration

The following configuration parameters can be configured on SslContextFactory.

Setter Method
Description
Default

setKeyAlgorithm

Sets the key manager algorithm that will be used to create a key manager. Notice that in most cases the default value work well. However, on the Android platform, this value need to be set to X509.

SunX509

setKeyStoreFilePath

Sets the path to the key store file. This is a mandatory parameter since the SSL context can not be initialized without a key manager.

N/A

setKeyStorePassword

Sets the key store password.

N/A

setKeyStoreType

Sets the key store type used in context initialization.

JKS

setProtocol

Sets the protocol for secure transport.

TLS

setTrustStoreFilePath

Sets the path to the trust store file.

N/A

setTrustStorePassword

Sets the trust store password.

N/A

setTrustStoreType

Sets the trust store type used in context initialization.

JKS

setTrustManagers

Sets the pre-configured trust managers.

'N/A`