Using the CLI in a Secured Environment

This page explains how security can be applied to the commands supported by the CLI tool.

Login/Logout

The Command Line Interface (CLI) has two modes - an interactive shell mode and a non-interactive mode. The difference in terms of security is the login stage. When in interactive mode, you can call the login command, supply credentials, and perform operations using this session. But, when in a non-interactive mode, you can execute only one command line at a time - no session is being managed.

Note that the login is being performed against the GSM. If the Grid is not secured, you can deploy without logging in. For example, you can deploy a secured Processing Unit into a non-secured Grid.

Run the gs script and use the command line arguments -user and -password with the user credentials.

gs(.sh/bat) -user uuu -password ppp

or, run the gs script, and then use the login command

gs(.sh/bat)
gs> login -user uuu -password ppp
gs> ...

Run the gs script, and prefix any command with the command line arguments -user and -password.

gs(.sh/.bat) -user uuu -password ppp [command]

To logout quit the interactive shell.

Deploy Command

The CLI deploy command accepts a -secured true/false used to deploy a secured Processing Unit with a secured Space. Common when deploying a data-grid. In order to pass the user credentials, use -user and -password arguments. This will implicitly deploy a secured Processing Unit, and the credentials will be propagated to the Processing Unit and its internal services.

Same syntax applies for deploy-space and pudeploy commands.

Here are some examples and how they are accomplished in both CLI modes:

  1. login with user uuu and password ppp - this will log onto the Grid
  2. deploy a non secured data-grid
  3. deploy a secured data-grid
  4. deploy a secured processor PU with user xxx and password yyy
gs(.sh/bat)
gs> login -user uuu -password ppp
gs> deploy /templates/datagrid
gs> deploy -secured true -override-name myDataGrid /templates/datagrid
gs> deploy -user xxx -password yyy processor
gs -user uuu -password ppp deploy /templates/datagrid
gs -user uuu -password ppp deploy -secured true -override-name myDataGrid /templates/datagrid
gs -user uuu -password ppp deploy -user xxx -password yyy processor

Undeploy Command

The CLI undeploy command of a processing unit is done on its managing GSM. If the GSM is not secured, then no credentials are needed.

gs(.sh/bat)
gs> login -user uuu -password ppp
gs> undeploy processor
gs -user uuu -password ppp undeploy processor

Space Command

The CLI space commands are basically all the same. They require that the user has sufficient privileges to perform operations on the data.

Note that the login is being performed against the Space; It doesn't matter if the GSM or GSC are secured. The login credentials should reflect the operations being performed on the service.

For example, for the space clean command, the user (uuu/ppp) needs Alter privileges.

gs(.sh/bat)
gs> login -user uuu -password ppp
gs> space clean -url jini://*/*/space
gs -user uuu -password ppp space clean -url jini://*/*/space

For the space copy command, the user needs Read privileges on the source space (copied from) and Write privileges on the target space (copied to).

gs(.sh/bat)
gs> login -user uuu -password ppp
gs> space copy jini://*/*/sourceSpace jini://*/*/targetSpace
gs -user uuu -password ppp space copy jini://*/*/sourceSpace jini://*/*/targetSpace