[jira] [Comment Edited] (RATIS-636) Add documentation for configuration TLS

Sun, 04 Aug 2019 15:36:24 -0700 


    [ 
https://issues.apache.org/jira/browse/RATIS-636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16899689#comment-16899689
 ] 

Ankit Singhal edited comment on RATIS-636 at 8/4/19 10:35 PM:
--------------------------------------------------------------

Documentation looks good to me (though I have not tested TLS locally with Ratis 
yet).
Nit: For client configuration , to just differentiate , shouldn't it be 
client-private-key.pem and client.crt (with common CA for mutual TLS)?
{code}
+Clients to the StateMachine would construct a similar configuration:
+       
+```java
+RaftProperties properties = ...;
+
+GrpcConfigKeys.TLS.tlsEnabled(properties);
+GrpcConfigKeys.TLS.mutualAuthnEnabled(properties);
+properties.set(GrpcConfigKeys.TLS.PRIVATE_KEY_FILE_KEY, 
"/path/to/server-private-key.pem");
+properties.set(GrpcConfigKeys.TLS.TRUST_STORE_KEY, "/path/to/ca.crt");
+properties.set(GrpcConfigKeys.TLS.CERT_CHAIN_FILE_KEY, "/path/to/server.crt");
+
+RaftClient.Builder builder = RaftClient.newBuilder();
{code}


was (Author: [email protected]):
Documentation looks good to me (though I have not tested TLS locally with Ratis 
yet).
For client configuration , to just differentiate , shouldn't it be 
client-private-key.pem and client.crt (with common CA for mutual TLS)?
{code}
+Clients to the StateMachine would construct a similar configuration:
+       
+```java
+RaftProperties properties = ...;
+
+GrpcConfigKeys.TLS.tlsEnabled(properties);
+GrpcConfigKeys.TLS.mutualAuthnEnabled(properties);
+properties.set(GrpcConfigKeys.TLS.PRIVATE_KEY_FILE_KEY, 
"/path/to/server-private-key.pem");
+properties.set(GrpcConfigKeys.TLS.TRUST_STORE_KEY, "/path/to/ca.crt");
+properties.set(GrpcConfigKeys.TLS.CERT_CHAIN_FILE_KEY, "/path/to/server.crt");
+
+RaftClient.Builder builder = RaftClient.newBuilder();
{code}

> Add documentation for configuration TLS
> ---------------------------------------
>
>                 Key: RATIS-636
>                 URL: https://issues.apache.org/jira/browse/RATIS-636
>             Project: Ratis
>          Issue Type: Task
>          Components: LogService
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Major
>             Fix For: asf-site
>
>         Attachments: RATIS-636.001.patch
>
>
> Ratis already has the ability to set up gRPC with TLS. Document this pieces 
> of how this works, and how it might work for folks downstream.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to