tolbertam commented on code in PR #4293: URL: https://github.com/apache/cassandra/pull/4293#discussion_r2254829048
########## doc/modules/cassandra/pages/managing/tools/sstable/sstableloader.adoc: ########## @@ -142,11 +142,24 @@ Initial hosts must be specified (-d) == Use a Config File for SSL Clusters -If SSL encryption is enabled in the cluster, use the --conf-path option -with sstableloader to point the tool to the cassandra.yaml with the -relevant server_encryption_options (e.g., truststore location, -algorithm). This will work better than passing individual ssl options -shown above to sstableloader on the command line. +The sstableloader tool connects to the Cassandra server's native port to fetch cluster metadata and to the storage +(internode) port to stream SSTables. If SSL encryption is required only for the native port, you can provide the +necessary SSL options directly via the command line. However, if SSL encryption is required for both native and +internode (storage) ports, it is recommended to use the --conf-path option with sstableloader to specify a +cassandra.yaml file that includes the appropriate client_encryption_options for the native port and +server_encryption_options for the storage port. This approach is necessary because there are no command-line options to Review Comment: ```suggestion cassandra.yaml file that includes the appropriate `client_encryption_options` for the native port and `server_encryption_options` for the storage port. This approach is necessary because there are no command-line options to ``` ########## doc/modules/cassandra/pages/managing/tools/sstable/sstableloader.adoc: ########## @@ -142,11 +142,24 @@ Initial hosts must be specified (-d) == Use a Config File for SSL Clusters -If SSL encryption is enabled in the cluster, use the --conf-path option -with sstableloader to point the tool to the cassandra.yaml with the -relevant server_encryption_options (e.g., truststore location, -algorithm). This will work better than passing individual ssl options -shown above to sstableloader on the command line. +The sstableloader tool connects to the Cassandra server's native port to fetch cluster metadata and to the storage +(internode) port to stream SSTables. If SSL encryption is required only for the native port, you can provide the +necessary SSL options directly via the command line. However, if SSL encryption is required for both native and +internode (storage) ports, it is recommended to use the --conf-path option with sstableloader to specify a +cassandra.yaml file that includes the appropriate client_encryption_options for the native port and +server_encryption_options for the storage port. This approach is necessary because there are no command-line options to +configure internode SSL settings directly. In case, command line options are provided for the native port connection, +they will override the settings in the cassandra.yaml file for the native port, but the storage port will still use the +server_encryption_options from the cassandra.yaml file. Review Comment: ```suggestion `server_encryption_options` from the cassandra.yaml file. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For additional commands, e-mail: pr-h...@cassandra.apache.org
