GEODE-3868: Client security example should use SSL#45
GEODE-3868: Client security example should use SSL#45sboorlagadda merged 4 commits intoapache:developfrom sboorlagadda:clientSecurit_ssl
Conversation
Updated the example to use SSL between all members and client/server.
sboorlagadda
requested review from
PurelyApplied,
jdeppe-pivotal,
jinmeiliao and
pdxrunner
davebarnes97
left a comment
davebarnes97
left a comment
There was a problem hiding this comment.
Approved - Good material! I suggest few language tweaks, none are showstoppers:
top-level README.md:
- "run against latest" -> "run against the latest"
- "you can checkout" -> "you can check out"
clientSecurity/README.md:
- "Geode cluster, also it demonstrates use" -> "Geode cluster. It also demonstrates the use"
- "between all members and between client/server" -> "between all members and between a client and a server"
upthewaterspout
left a comment
upthewaterspout
left a comment
There was a problem hiding this comment.
Looks pretty good.
I think the example should have a separate keystore and truststore for the client and the server, because that is what users should be doing in practice.
| about your suggestions at [dev@geode.apache.org](mailto:dev@geode.apache.org) | ||
| or submit a [pull request](https://github.com/apache/geode/pull/new/develop). | ||
|
|
||
| # Apache Geode Version |
There was a problem hiding this comment.
I think we should just tell people to check out the master branch, which should be the default. That will have the examples that run against the latest geode release.
We shouldn't point people at the snapshot releases per apache policy.
clientSecurity/scripts/start.gfsh
Outdated
| # Recall that the --classpath option is specified relative to the locator's working directory. | ||
|
|
||
| start locator --name=locator --bind-address=127.0.0.1\ | ||
| start locator --name=locator --bind-address=127.0.0.1 --connect=false --enable-cluster-configuration=false\ |
There was a problem hiding this comment.
Isn't this --enable-cluster-configuration=false overwritten by the use of a security manager?
There was a problem hiding this comment.
I don't think we want to show examples of not using cluster configuration...do we?
There was a problem hiding this comment.
same comment here, we do not want to show an example with cluster configuration disabled.
There was a problem hiding this comment.
Fixed. I agree we shouldnt be showing a wrong example. I was trying to make the example work with relative paths which is the easiest way for developers to run the examples. GEODE-4332 fixes not to retrieve cluster configuration service status when auto-connect is false, with this fix we are good providing keystore relative to locator`s JVM and then a second step gfsh can connect to the locator with paths relative to gfsh jvm.
7 participants
Updated the example to use SSL between all members and
between client/server.