You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by Attila Simon <sa...@cloudera.com> on 2016/10/07 10:25:16 UTC
Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
Review request for Flume.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Thanks,
Attila Simon
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
> On Oct. 7, 2016, 1:40 p.m., Bal�zs Don�t Bessenyei wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, lines 1243-1244
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1243>
> >
> > Why did these parameters get removed?
Please double check, it is there. (I guess reviewboard made you confused with marking it as a change)
> On Oct. 7, 2016, 1:40 p.m., Bal�zs Don�t Bessenyei wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 3104
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line3104>
> >
> > ~ and Kafka Channel?
fixed
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151790
-----------------------------------------------------------
On Oct. 10, 2016, 5:35 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 5:35 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Balázs Donát Bessenyei <be...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151790
-----------------------------------------------------------
flume-ng-doc/sphinx/FlumeUserGuide.rst
<https://reviews.apache.org/r/52627/#comment220296>
Why did these parameters get removed?
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 3101)
<https://reviews.apache.org/r/52627/#comment220298>
~ and Kafka Channel?
- Bal�zs Don�t Bessenyei
On Oct. 7, 2016, 1:27 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2016, 1:27 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Tristan Stevens <tr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review152035
-----------------------------------------------------------
Ship it!
LGTM
- Tristan Stevens
On Oct. 10, 2016, 6:04 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 6:04 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Balázs Donát Bessenyei <be...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review152031
-----------------------------------------------------------
Ship it!
Ship It!
- Bal�zs Don�t Bessenyei
On Oct. 10, 2016, 6:04 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 6:04 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Mike Percy <mp...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review152037
-----------------------------------------------------------
Ship it!
Ship It!
- Mike Percy
On Oct. 10, 2016, 11:04 a.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 11:04 a.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
(Updated Oct. 10, 2016, 6:04 p.m.)
Review request for Flume.
Changes
-------
Addressing Mike's comments. mvn site builds without error. New links were checked not to be broken.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs (updated)
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
Thanks,
Attila Simon
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
(Updated Oct. 10, 2016, 5:35 p.m.)
Review request for Flume.
Changes
-------
Addressing Donat's and Tristan's issues. mvn site generated the html without error.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs (updated)
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
Thanks,
Attila Simon
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
> On Oct. 10, 2016, 4:06 p.m., Mike Percy wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1337
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1337>
> >
> > I don't think it's necessary to link to the Cloudera article (actually it's not a blog, it's the CDH release notes which are not really relevant to the upstream docs). The KAFKA JIRA should be fine.
fixed everywhere
> On Oct. 10, 2016, 4:06 p.m., Mike Percy wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 3104
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line3104>
> >
> > I agree with Tristan that this information should not be repeated verbatim. I think we could simply add a link to this section (the channel section) from the source and sink component sections, but keep the component-specific examples where appropriate and helpful.
Please see my comment on Tristan's summary. (Also discussed with Mike offline)
> On Oct. 10, 2016, 4:06 p.m., Mike Percy wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 3206
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line3206>
> >
> > nit: please add spaces around the equals signs for consistency, here and elsewhere
fixed
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151993
-----------------------------------------------------------
On Oct. 10, 2016, 6:04 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 6:04 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
> On Oct. 10, 2016, 4:06 p.m., Mike Percy wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 3161
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line3161>
> >
> > I don't know what this means. Can you clarify what CN and SAN are? Are they part of the JAAS spec or something? Can you hyperlink those terms to documentation or provide a reference to where we can find more relevant information?
ietf references were added
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151993
-----------------------------------------------------------
On Oct. 10, 2016, 6:04 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 6:04 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Mike Percy <mp...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151993
-----------------------------------------------------------
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1334)
<https://reviews.apache.org/r/52627/#comment220666>
I don't think it's necessary to link to the Cloudera article (actually it's not a blog, it's the CDH release notes which are not really relevant to the upstream docs). The KAFKA JIRA should be fine.
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 3101)
<https://reviews.apache.org/r/52627/#comment220669>
I agree with Tristan that this information should not be repeated verbatim. I think we could simply add a link to this section (the channel section) from the source and sink component sections, but keep the component-specific examples where appropriate and helpful.
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 3158)
<https://reviews.apache.org/r/52627/#comment220670>
I don't know what this means. Can you clarify what CN and SAN are? Are they part of the JAAS spec or something? Can you hyperlink those terms to documentation or provide a reference to where we can find more relevant information?
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 3203)
<https://reviews.apache.org/r/52627/#comment220665>
nit: please add spaces around the equals signs for consistency, here and elsewhere
- Mike Percy
On Oct. 7, 2016, 6:27 a.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2016, 6:27 a.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1322
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1322>
> >
> > Confusingly, SSL refers to TLS not SSL. So even though the parameter is named SSL, the actual protocol is TLS
fixed everywhere
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1331
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1331>
> >
> > TLS based encryption with no authentication.
fixed everywhere with TLS based encryption with optional authentication.
client side and server side cert based authentication is available: http://kafka.apache.org/documentation#security_configclients
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1342
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1342>
> >
> > s/SSL/TLS
fixed everywhere
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1376
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1376>
> >
> > s/certification/certificate
fixed everywhere
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1377
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1377>
> >
> > s/certification/certificate
fixed everywhere
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, lines 1439-1453
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1439>
> >
> > Do we need to specify useTicketCache=false ? That's what I've used when configuring this so far. Although the default is false.
> >
> > Also, I've not set storeKey=true before.
useTicketCache is false by default that is why I left it out (ie it has no effect).
storeKey=true was recommended by kafka documentation for long running processes and this is what Kerb5 docs also recommended. http://kafka.apache.org/documentation#security_kerberos_sasl_clientconfig
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, lines 1458-1459
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1458>
> >
> > Are we not documenting this?
flume ships with 0.9.0.1 so removed
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 2887
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line2887>
> >
> > It's an oxymoron for the Sink to need to do offset migration. Therefore let's rephrase to:
> >
> > Unlike the Kafka Source / Kafka Channel a "client" section is not required, unless it is needed by other connecting components.
fixed
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1323
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1323>
> >
> > Presumably we can't use this as we only ship the 0.9 client API in Flume 1.7?
removed 0.10 and SASL/Plaintext everywhere
> On Oct. 7, 2016, 7:44 p.m., Tristan Stevens wrote:
> > flume-ng-doc/sphinx/FlumeUserGuide.rst, line 1434
> > <https://reviews.apache.org/r/52627/diff/3/?file=1526446#file1526446line1434>
> >
> > Since the Kafka Source may also connect to Zookeeper for offset migration, the "Client" section was also added to this example. This won't be needed unless you require offset migration, or you require this section for other secure components.
fixed for source and channel.
On Oct. 7, 2016, 7:44 p.m., Attila Simon wrote:
> > Great job Simon - thanks for the time you've put into this.
> >
> > I've got a feeling however that we're unnecessarily duplicating some of the wordage here. Could we take the whole "Security and Kafka *" section and place under the "Security" section - and just make it clear which bits apply to consumers (Source and Channel) and which bits apply to Producers (Sink and Channel)? I think this would make it tidier and also aid maintainability.
> >
> > Some of the comments apply to both Source and Sink, but I've only raised them once. I also take the point that they are probably also defects in the Channel bit, that you didn't write. Sorry about that!
I gave a lot of thought to this. From user experience point of view it looked really terrible to read the common parts in a single place then jump forth and back to have the specifics keeping in mind the base information instead of having the related information as a whole in a single place. I know it came with the price of docs duplication but the gain was better reader experience.
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151849
-----------------------------------------------------------
On Oct. 10, 2016, 5:35 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 5:35 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Tristan Stevens <tr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151849
-----------------------------------------------------------
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1319)
<https://reviews.apache.org/r/52627/#comment220449>
Confusingly, SSL refers to TLS not SSL. So even though the parameter is named SSL, the actual protocol is TLS
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1320)
<https://reviews.apache.org/r/52627/#comment220478>
Presumably we can't use this as we only ship the 0.9 client API in Flume 1.7?
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1328)
<https://reviews.apache.org/r/52627/#comment220458>
TLS based encryption with no authentication.
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1339)
<https://reviews.apache.org/r/52627/#comment220460>
s/SSL/TLS
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1373)
<https://reviews.apache.org/r/52627/#comment220461>
s/certification/certificate
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1374)
<https://reviews.apache.org/r/52627/#comment220462>
s/certification/certificate
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 1431)
<https://reviews.apache.org/r/52627/#comment220479>
Since the Kafka Source may also connect to Zookeeper for offset migration, the "Client" section was also added to this example. This won't be needed unless you require offset migration, or you require this section for other secure components.
flume-ng-doc/sphinx/FlumeUserGuide.rst (lines 1436 - 1450)
<https://reviews.apache.org/r/52627/#comment220476>
Do we need to specify useTicketCache=false ? That's what I've used when configuring this so far. Although the default is false.
Also, I've not set storeKey=true before.
flume-ng-doc/sphinx/FlumeUserGuide.rst (lines 1455 - 1456)
<https://reviews.apache.org/r/52627/#comment220477>
Are we not documenting this?
flume-ng-doc/sphinx/FlumeUserGuide.rst (line 2884)
<https://reviews.apache.org/r/52627/#comment220480>
It's an oxymoron for the Sink to need to do offset migration. Therefore let's rephrase to:
Unlike the Kafka Source / Kafka Channel a "client" section is not required, unless it is needed by other connecting components.
Great job Simon - thanks for the time you've put into this.
I've got a feeling however that we're unnecessarily duplicating some of the wordage here. Could we take the whole "Security and Kafka *" section and place under the "Security" section - and just make it clear which bits apply to consumers (Source and Channel) and which bits apply to Producers (Sink and Channel)? I think this would make it tidier and also aid maintainability.
Some of the comments apply to both Source and Sink, but I've only raised them once. I also take the point that they are probably also defects in the Channel bit, that you didn't write. Sorry about that!
- Tristan Stevens
On Oct. 7, 2016, 1:27 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2016, 1:27 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
> On Oct. 10, 2016, 4:10 p.m., Mike Percy wrote:
> > Nice work! FYI I copied the patched documentation into a GitHub gist for easy reading (v2 of the patch): https://gist.github.com/mpercy/40017fd82cc21af41ddb7cba2b2f4600 since GitHub knows how to render ReStructuredText. Consider posting a gist link to the rendered document for ease of review next time you make large documentation contributions like this.
good idea Mike, will do!
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151999
-----------------------------------------------------------
On Oct. 10, 2016, 6:04 p.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2016, 6:04 p.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Mike Percy <mp...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/#review151999
-----------------------------------------------------------
Nice work! FYI I copied the patched documentation into a GitHub gist for easy reading (v2 of the patch): https://gist.github.com/mpercy/40017fd82cc21af41ddb7cba2b2f4600 since GitHub knows how to render ReStructuredText. Consider posting a gist link to the rendered document for ease of review next time you make large documentation contributions like this.
- Mike Percy
On Oct. 7, 2016, 6:27 a.m., Attila Simon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52627/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2016, 6:27 a.m.)
>
>
> Review request for Flume.
>
>
> Bugs: FLUME-2971
> https://issues.apache.org/jira/browse/FLUME-2971
>
>
> Repository: flume-git
>
>
> Description
> -------
>
> The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
>
>
> Diffs
> -----
>
> flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
>
> Diff: https://reviews.apache.org/r/52627/diff/
>
>
> Testing
> -------
>
> "mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
>
> Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
>
>
> Thanks,
>
> Attila Simon
>
>
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
(Updated Oct. 7, 2016, 1:27 p.m.)
Review request for Flume.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs (updated)
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
Thanks,
Attila Simon
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
(Updated Oct. 7, 2016, 11:18 a.m.)
Review request for Flume.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing (updated)
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Known to require attention: Content of the jaas file has to be checked focusing on the requirement of the Client section in every setup.
Thanks,
Attila Simon
Re: Review Request 52627: FLUME-2971. Document secure Kafka
Sink/Source/Channel setup
Posted by Attila Simon <sa...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52627/
-----------------------------------------------------------
(Updated Oct. 7, 2016, 11:13 a.m.)
Review request for Flume.
Bugs: FLUME-2971
https://issues.apache.org/jira/browse/FLUME-2971
Repository: flume-git
Description
-------
The patch aims to extend the existing documentation of secure Kafka channel with describing SSL+Plaintext setup as well as providing the whole package (SSL+Kerberos+Plain) for KafkaSource and KafkaSink.
Diffs (updated)
-----
flume-ng-doc/sphinx/FlumeUserGuide.rst ab71d38
Diff: https://reviews.apache.org/r/52627/diff/
Testing
-------
"mvn site" generated the user guide without an error message in the html. Embedded links are checked not to be broken.
Thanks,
Attila Simon