maedhroz commented on code in PR #2253: URL: https://github.com/apache/cassandra/pull/2253#discussion_r1158021107
########## conf/cassandra.yaml: ########## @@ -1360,6 +1360,7 @@ server_encryption_options: # during upgrade to 4.0; otherwise, set to false. legacy_ssl_storage_port_enabled: false # Set to a valid keystore if internode_encryption is dc, rack or all + # For configurating PEM based key material, refer to https://cassandra.apache.org/doc/latest/cassandra/operating/security.html#using-pem-based-key-material Review Comment: There is something similar for `num_tokens`, but even that is sort of a "best practices" reference, not something that describes the configuration format itself. The problem here is that what is at the URL in question won't necessarily be versioned along w/ the code itself, right? We already duplicate a small amount of information in the comments for server and client encryption. What about just adding a commented out section before `keystore` to both that looks something like this: ``` # Configure the way Cassandra creates SSL contexts. # To use PEM-based key material, see org.apache.cassandra.security.PEMBasedSslContextFactory # ssl_context_factory: # # Must be an instance of org.apache.cassandra.security.ISslContextFactory # class_name: org.apache.cassandra.security.DefaultSslContextFactory ``` `PEMBasedSslContextFactory` at least has comments that should be updated if necessary. (As an aside, this is one of the reasons something like CASSANDRA-17292 would be useful. There's no documentation-friendly hierarchy in our configuration format.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
