How to connect to Deephaven from another Java program

Included in this package are some classes that demonstrate how to connect to Deephaven and either run a query directly, or connect to an existing Persistent Query.

Set up

These examples rely on some external resources, both to compile and to run.

1. The contents of /usr/illumon/latest/java_lib from a Deephaven installation of the same version as the server you are connecting to. This will provide all of the necessary underlying jar files needed.

2. The contents of a client-side Deephaven instance resources directory. This will contain all of the configuration files needed for a client to connect to the specified server.

   • On a Linux client, this will be under ~/iris/.programfiles/<instance name>/resources.
   • On a Windows client, this will be under %APPDATA%/Local/Illumon/<instance name>/resources.

3. A configured private key for private key exchange. See instructions below.

4. Several parameters passed into the Java command line:

   • -DConfiguration.rootFile=/path/to/your/iris-common.prop: This is the base configuration file, located in your resources directory from item #2. The client needs to know where to find this file.
   • -Dcom.fishlib.configuration.PropertyInputStreamLoader.override=com.fishlib.configuration.PropertyInputStreamLoaderTraditional: This instructs the client to use your local property files, and not to try to retrieve property files from etcd. This string should be entered exactly as it is depicted here.
   • AuthenticationClientManager.defaultPrivateKeyFile=/path/to/your/key/priv-<iris user name>.base64.txt: This is the private key from item #3, entering the path as needed.
   • -Dtls.passphrase.file=/path/to/your/resources/truststore_passphrase: The TLS truststore passphrase information. Enter the absolute path here.
   • -Dtls.truststore=/path/to/your/resources/truststore-iris.p12: The TLS truststore itself. Enter the absolute path here.

Instructions for setting up private keys

The authentication server can authenticate a user using a private key, when that key corresponds to a user and public key stored in the ACL database. Public keys may also be appended to /etc/sysconfig/illumon.d/resources/dsakeys.txt (path set by property authentication.server.authorizedkeys.file). When public keys are stored in dsakeys.txt, they must be reloaded using auth_server_reload_tool for changes to take effect. If the auth server is running in Kubernetes, it needs to be restarted instead.

1. On any of Deephaven server, run: /usr/illumon/latest/bin/generate-iris-keys <iris user name>. The default key length is 2048 bits. You can override that with a seconds parameter: /usr/illumon/latest/bin/generate-iris-keys <iris user name> <bits>
2. This will generate pub-<iris user name>.base64.txt and priv-<iris user name>.base64.txt in the current directory.
3. Store the generated public key in the ACL database using the command , sudo -u irisadmin /usr/illumon/latest/bin/iris iris_db_user_mod -import_key <path to key>/pub-<iris user name>.base64.txt.
4. Move priv-<iris user name>.base64.txt to the client system connecting to the server. This file is effectively a password. It should be stored only where it will be used and must be protected by appropriate filesystem permissions.