You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@geode.apache.org by GitBox <gi...@apache.org> on 2022/05/13 00:14:32 UTC

[GitHub] [geode] davebarnes97 opened a new pull request, #7687: GEODE-10307: Doc changes needed for enable security-manager property

davebarnes97 opened a new pull request, #7687:
URL: https://github.com/apache/geode/pull/7687

   - Modified description of security-manager property to incorporate the distinctions requested in the ticket
   - Introduced some subheadings for readability
   - Added links to subheads in the Configuration Service section to allow a cross-reference from the modified security-manager section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [geode] animatedmax commented on a diff in pull request #7687: GEODE-10307: Doc changes needed for enable security-manager property

Posted by GitBox <gi...@apache.org>.

animatedmax commented on code in PR #7687:
URL: https://github.com/apache/geode/pull/7687#discussion_r872702479


##########
geode-docs/managing/security/enable_security.html.md.erb:
##########
@@ -34,11 +34,44 @@ For example:
 security-manager = com.example.security.MySecurityManager
 ```
 
+### Apply security-manager to All Members
+
 To ensure that the `security-manager` property is applied consistently across a cluster, follow these guidelines:
 
 - Specify the `security-manager` property in a properties file, such as `gemfire.properties`, **not** in a cluster configuration file (such as `cluster.properties`).
-- Specify the properties file when you start the first locator for the cluster. The locator will propagate the value to all members (locators and servers) that follow.
-- If you must specify the `security-manager` property for servers (neither necessary nor recommended) make sure its value is exactly identical to that specified for the first locator.
+
+- Specify the properties file when you start the first locator for the cluster.
+
+### Is Cluster Management Enabled?
+
+The next steps in applying the `security-manager` property across the cluster depend on whether
+cluster management is enabled. Cluster management is enabled when two conditions are met:
+
+- Every locator in the cluster sets `--enable-cluster-configuration=true`.
+
+- Every server in the cluster sets `--use-cluster-configuration=true`.
+
+These are the default settings, so unless you have changed them, cluster management is probably
+enabled for your system, but be sure and confirm before proceeding. Some systems that implement
+cluster management for most members might include a few servers that do not participate (for which
+`--use-cluster-configuration=false`). See [Using the Cluster Configuration
+Service](../../configuring/cluster_config/gfsh_persist.html#using-the-cluster-config-svc) for
+details.
+
+### Apply security-manager to Non-participating Servers
+
+- **If cluster management is enabled (the default),** the locator will propagate the
+    `security-manager` setting to all members (locators and servers) that are subsequently started.
+
+- **If cluster management is enabled but some servers do not participate in cluster
+  management,** (that is, servers for which `--use-cluster-configuration=false`) you

Review Comment:
   I would put the comma after the parenthetical "(that is, servers for which `--use-cluster-configuration=false`) instead of before.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [geode] davebarnes97 merged pull request #7687: GEODE-10307: Doc changes needed for enable security-manager property

Posted by GitBox <gi...@apache.org>.

davebarnes97 merged PR #7687:
URL: https://github.com/apache/geode/pull/7687


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [geode] animatedmax commented on a diff in pull request #7687: GEODE-10307: Doc changes needed for enable security-manager property

Posted by GitBox <gi...@apache.org>.

animatedmax commented on code in PR #7687:
URL: https://github.com/apache/geode/pull/7687#discussion_r872702479


##########
geode-docs/managing/security/enable_security.html.md.erb:
##########
@@ -34,11 +34,44 @@ For example:
 security-manager = com.example.security.MySecurityManager
 ```
 
+### Apply security-manager to All Members
+
 To ensure that the `security-manager` property is applied consistently across a cluster, follow these guidelines:
 
 - Specify the `security-manager` property in a properties file, such as `gemfire.properties`, **not** in a cluster configuration file (such as `cluster.properties`).
-- Specify the properties file when you start the first locator for the cluster. The locator will propagate the value to all members (locators and servers) that follow.
-- If you must specify the `security-manager` property for servers (neither necessary nor recommended) make sure its value is exactly identical to that specified for the first locator.
+
+- Specify the properties file when you start the first locator for the cluster.
+
+### Is Cluster Management Enabled?
+
+The next steps in applying the `security-manager` property across the cluster depend on whether
+cluster management is enabled. Cluster management is enabled when two conditions are met:
+
+- Every locator in the cluster sets `--enable-cluster-configuration=true`.
+
+- Every server in the cluster sets `--use-cluster-configuration=true`.
+
+These are the default settings, so unless you have changed them, cluster management is probably
+enabled for your system, but be sure and confirm before proceeding. Some systems that implement
+cluster management for most members might include a few servers that do not participate (for which
+`--use-cluster-configuration=false`). See [Using the Cluster Configuration
+Service](../../configuring/cluster_config/gfsh_persist.html#using-the-cluster-config-svc) for
+details.
+
+### Apply security-manager to Non-participating Servers
+
+- **If cluster management is enabled (the default),** the locator will propagate the
+    `security-manager` setting to all members (locators and servers) that are subsequently started.
+
+- **If cluster management is enabled but some servers do not participate in cluster
+  management,** (that is, servers for which `--use-cluster-configuration=false`) you

Review Comment:
   I would put the comma after the parenthetical "(that is, servers for which `--use-cluster-configuration=false`)" instead of before.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org