----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52627/#review151849 -----------------------------------------------------------
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1319) <https://reviews.apache.org/r/52627/#comment220449> Confusingly, SSL refers to TLS not SSL. So even though the parameter is named SSL, the actual protocol is TLS flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1320) <https://reviews.apache.org/r/52627/#comment220478> Presumably we can't use this as we only ship the 0.9 client API in Flume 1.7? flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1328) <https://reviews.apache.org/r/52627/#comment220458> TLS based encryption with no authentication. flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1339) <https://reviews.apache.org/r/52627/#comment220460> s/SSL/TLS flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1373) <https://reviews.apache.org/r/52627/#comment220461> s/certification/certificate flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1374) <https://reviews.apache.org/r/52627/#comment220462> s/certification/certificate flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1431) <https://reviews.apache.org/r/52627/#comment220479> Since the Kafka Source may also connect to Zookeeper for offset migration, the "Client" section was also added to this example. This won't be needed unless you require offset migration, or you require this section for other secure components. flume-ng-doc/sphinx/FlumeUserGuide.rst (lines 1436 - 1450) <https://reviews.apache.org/r/52627/#comment220476> Do we need to specify useTicketCache=false ? That's what I've used when configuring this so far. Although the default is false. Also, I've not set storeKey=true before. flume-ng-doc/sphinx/FlumeUserGuide.rst (lines 1455 - 1456) <https://reviews.apache.org/r/52627/#comment220477> Are we not documenting this? flume-ng-doc/sphinx/FlumeUserGuide.rst (line 2884) <https://reviews.apache.org/r/52627/#comment220480> It's an oxymoron for the Sink to need to do offset migration. Therefore let's rephrase to: Unlike the Kafka Source / Kafka Channel a "client" section is not required, unless it is needed by other connecting components. Great job Simon - thanks for the time you've put into this. I've got a feeling however that we're unnecessarily duplicating some of the wordage here. Could we take the whole "Security and Kafka *" section and place under the "Security" section - and just make it clear which bits apply to consumers (Source and Channel) and which bits apply to Producers (Sink and Channel)? I think this would make it tidier and also aid maintainability. Some of the comments apply to both Source and Sink, but I've only raised them once. I also take the point that they are probably also defects in the Channel bit, that you didn't write. Sorry about that! - Tristan Stevens On Oct. 7, 2016, 1:27 p.m., Attila Simon wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52627/ > ----------------------------------------------------------- > > (Updated Oct. 7, 2016, 1:27 p.m.) > > > Review request for Flume. > > > Bugs: FLUME-2971 > https://issues.apache.org/jira/browse/FLUME-2971 > > > Repository: flume-git > > > Description > ------- > > The patch aims to extend the existing documentation of secure Kafka channel > with describing SSL+Plaintext setup as well as providing the whole package > (SSL+Kerberos+Plain) for KafkaSource and KafkaSink. > > > Diffs > ----- > > flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38 > > Diff: https://reviews.apache.org/r/52627/diff/ > > > Testing > ------- > > "mvn site" generated the user guide without an error message in the html. > Embedded links are checked not to be broken. > > Known to require attention: Content of the jaas file has to be checked > focusing on the requirement of the Client section in every setup. > > > Thanks, > > Attila Simon > >
