[geode] branch support/1.15 updated: GEODE-10307: Doc changes needed for enable security-manager property (#7687)

Fri, 13 May 2022 13:27:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

dbarnes pushed a commit to branch support/1.15
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/support/1.15 by this push:
     new 08fe5c543c GEODE-10307: Doc changes needed for enable security-manager 
property (#7687)
08fe5c543c is described below

commit 08fe5c543c1ebf6c9b09776a1b1e16afac7acb41
Author: Dave Barnes <[email protected]>
AuthorDate: Fri May 13 13:20:56 2022 -0700

    GEODE-10307: Doc changes needed for enable security-manager property (#7687)
    
    * GEODE-10307: Doc changes needed for enable security-manager property
---
 .../cluster_config/gfsh_persist.html.md.erb        |  8 ++---
 .../managing/security/enable_security.html.md.erb  | 37 ++++++++++++++++++++--
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/geode-docs/configuring/cluster_config/gfsh_persist.html.md.erb 
b/geode-docs/configuring/cluster_config/gfsh_persist.html.md.erb
index 93b34335cf..e7a4bb9473 100644
--- a/geode-docs/configuring/cluster_config/gfsh_persist.html.md.erb
+++ b/geode-docs/configuring/cluster_config/gfsh_persist.html.md.erb
@@ -21,7 +21,7 @@ limitations under the License.
 
 The <%=vars.product_name_long%> cluster configuration service persists cluster 
configurations created by `gfsh` commands to the locators in a cluster and 
distributes the configurations to members of the cluster.
 
-## Why Use the Cluster Configuration Service
+## <a id="why-use-the-cluster-config-svc" class="no-quick-link"></a>Why Use 
the Cluster Configuration Service
 
 We highly recommend that you use the `gfsh` command line 
 and the cluster configuration service as the primary mechanism
@@ -38,7 +38,7 @@ You can use the cluster configuration service to:
 -   Start additional servers without having to configure each server 
separately.
 -   Configure some servers to host certain regions and other servers to host 
different regions, and configure all servers to host a set of common regions.
 
-## Using the Cluster Configuration Service
+## <a id="using-the-cluster-config-svc" class="no-quick-link"></a>Using the 
Cluster Configuration Service
 
 To use the cluster configuration service in <%=vars.product_name%>, you must 
use dedicated, standalone locators in your deployment. You cannot use the 
cluster configuration service with co-located locators (locators running in 
another process such as a server) or in multicast environments.
 
@@ -54,7 +54,7 @@ command after starting up a locator.
 
 Subsequently, any servers that you start with `gfsh` that have 
`--use-cluster-configuration` set to `true` will pick up the cluster 
configuration from the locator as well as any appropriate group-level 
configurations (for member groups they belong to). To disable the cluster 
configuration service on a server, you must start the server with the 
`--use-cluster-configuration` parameter set to `false`. By default, the 
parameter is set to true.
 
-## How the Cluster Configuration Service Works
+## <a id="how-the-cluster-config-svc-works" class="no-quick-link"></a>How the 
Cluster Configuration Service Works
 
 When you use `gfsh` commands to create <%=vars.product_name_long%> regions, 
disk-stores, and other objects, the cluster configuration service saves the 
configurations on each locator in the cluster. If you specify a group when 
issuing these commands, a separate configuration is saved containing only 
configurations that apply to the group.
 
@@ -62,7 +62,7 @@ When you use `gfsh` to start new <%=vars.product_name_long%> 
servers, the locato
 
 <img src="../../images_svg/cluster_config_overview.svg" 
id="concept_r22_hyw_bl__image_jjc_vhb_y4" class="image" />
 
-## gfsh Commands that Create Cluster Configurations
+## <a id="gfsh-commands-that-create-cluster-configs" 
class="no-quick-link"></a>gfsh Commands that Create Cluster Configurations
 
 The following `gfsh` commands cause the configuration to be written to all 
locators in the cluster (the locators write the configuration to disk):
 
diff --git a/geode-docs/managing/security/enable_security.html.md.erb 
b/geode-docs/managing/security/enable_security.html.md.erb
index a86428feba..72b8dff5d8 100644
--- a/geode-docs/managing/security/enable_security.html.md.erb
+++ b/geode-docs/managing/security/enable_security.html.md.erb
@@ -34,11 +34,44 @@ For example:
 security-manager = com.example.security.MySecurityManager
 ```
 
+### Apply security-manager to All Members
+
 To ensure that the `security-manager` property is applied consistently across 
a cluster, follow these guidelines:
 
 - Specify the `security-manager` property in a properties file, such as 
`gemfire.properties`, **not** in a cluster configuration file (such as 
`cluster.properties`).
-- Specify the properties file when you start the first locator for the 
cluster. The locator will propagate the value to all members (locators and 
servers) that follow.
-- If you must specify the `security-manager` property for servers (neither 
necessary nor recommended) make sure its value is exactly identical to that 
specified for the first locator.
+
+- Specify the properties file when you start the first locator for the cluster.
+
+### Is Cluster Management Enabled?
+
+The next steps in applying the `security-manager` property across the cluster 
depend on whether
+cluster management is enabled. Cluster management is enabled when two 
conditions are met:
+
+- Every locator in the cluster sets `--enable-cluster-configuration=true`.
+
+- Every server in the cluster sets `--use-cluster-configuration=true`.
+
+These are the default settings, so unless you have changed them, cluster 
management is probably
+enabled for your system, but be sure and confirm before proceeding. Some 
systems that implement
+cluster management for most members might include a few servers that do not 
participate (for which
+`--use-cluster-configuration=false`). See [Using the Cluster Configuration
+Service](../../configuring/cluster_config/gfsh_persist.html#using-the-cluster-config-svc)
 for
+details.
+
+### Apply security-manager to Non-participating Servers
+
+- **If cluster management is enabled (the default),** the locator will 
propagate the
+    `security-manager` setting to all members (locators and servers) that are 
subsequently started.
+
+- **If cluster management is enabled but some servers do not participate in 
cluster
+  management** (that is, servers for which 
`--use-cluster-configuration=false`), you
+  must specify the `security-manager` property for those non-participating 
servers. Make sure its
+  value is exactly identical to that specified for the first locator.
+
+- **If cluster management is not enabled,** you must specify the 
`security-manager` property for
+    all servers. Make sure its value is exactly identical to that specified 
for the first locator.
+
+### Callbacks
 
 All components of the system invoke the same callbacks.
 Here are descriptions of the components and the connections that they

Reply via email to