Summary: Applying security with the Command Line Interface
Overview
The Command Line Interface (CLI) can be used to manage and monitor a running system. It is mainly used for script automation, and when there is a limitation to run a Graphical User Interface. This section covers how security can be applied to the commands supported by the CLI tool.
Login/Logout
The Command Line Interface (CLI) has two modes - an interactive shell mode and a non-interactive mode. The difference in terms of security is the login stage. When in interactive mode, you can call the login command, supply credentials, and perform operations using this session. But, when in a non-interactive mode, you can execute only one command line at a time - no session is being managed.
Note that the login is being performed against the GSM. If the Grid is not secured, you can deploy without logging in. For example, you can deploy a secured Processing Unit into a non-secured Grid.
Interactive
Run the gs script and use the command line arguments -user and -password with the user credentials.
gs(.sh/bat) -user uuu -password ppp
or, run the gs script, and then use the login command
Run the gs script, and prefix any command with the command line arguments -user and -password.
gs(.sh/.bat) -user uuu -password ppp [command]
To logoutquit the interactive shell.
Deploy Command
The CLI deploy command accepts a -secured true/false used to deploy a secured Processing Unit with a secured Space. Common when deploying a data-grid. In order to pass the user credentials, use -user and -password arguments. This will implicitly deploy a secured Processing Unit, and the credentials will be propagated to the Processing Unit and its internal services.
Same syntax applies for deploy-space and pudeploy commands.
Here are some examples and how they are accomplished in both CLI modes:
login with user uuu and password ppp - this will log onto the Grid
deploy a non secured data-grid
deploy a secured data-grid
deploy a secured processor PU with user xxx and password yyy
The CLI space commands are basically all the same. They require that the user has sufficient privileges to perform operations on the data.
Note that the login is being performed against the Space; It doesn't matter if the GSM or GSC are secured. The login credentials should reflect the operations being performed on the service.
For example, for the space clean command, the user (uuu/ppp) needs Alter privileges.