You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2020/12/23 02:12:54 UTC

[GitHub] [skywalking] wu-sheng commented on a change in pull request #6060: Support building gRPC TLS channel but CA file is not required

wu-sheng commented on a change in pull request #6060:
URL: https://github.com/apache/skywalking/pull/6060#discussion_r547599818



##########
File path: apm-sniffer/apm-agent-core/src/main/java/org/apache/skywalking/apm/agent/core/conf/Config.java
##########
@@ -124,6 +124,11 @@
          * Keep tracing even the backend is not available.
          */
         public static boolean KEEP_TRACING = false;
+
+        /**
+         * Should TLS enabled for gRPC channels
+         */
+        public static boolean IS_GRPC_CHANNEL_TLS_FORCED = true;

Review comment:
       Change this name to `FORCE_TLS`. There is only gRPC transport.

##########
File path: docs/en/setup/service-agent/java-agent/TLS.md
##########
@@ -19,6 +19,10 @@ Only support **no mutual auth**.
 ### Agent config
 - Place `ca.crt` into `/ca` folder in agent package. Notice, `/ca` is not created in distribution, please create it by yourself.
 
-Agent open TLS automatically after the `/ca/ca.crt` file detected.
+Agent will open TLS upon the following config value. If it's true, TLS will be forced to use, and TLS works by default.
+At the same time, a trust manager will be constructed for TLS authentication once the `/ca/ca.crt` file detected.

Review comment:
       ```suggestion
   - Agent open TLS automatically after the `/ca/ca.crt` file detected.
   - TLS with no CA mode could be activated by this setting.
   ```

##########
File path: docs/en/setup/service-agent/java-agent/TLS.md
##########
@@ -19,6 +19,10 @@ Only support **no mutual auth**.
 ### Agent config
 - Place `ca.crt` into `/ca` folder in agent package. Notice, `/ca` is not created in distribution, please create it by yourself.
 
-Agent open TLS automatically after the `/ca/ca.crt` file detected.
+Agent will open TLS upon the following config value. If it's true, TLS will be forced to use, and TLS works by default.
+At the same time, a trust manager will be constructed for TLS authentication once the `/ca/ca.crt` file detected.
+```
+agent.is_grpc_channel_tls_forced=${SW_AGENT_IS_GRPC_CHANNEL_TLS_FORCED:true}
+```

Review comment:
       Also, there is a config table in the agent setup doc, please update it too.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org