You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ratis.apache.org by "Ankit Singhal (JIRA)" <ji...@apache.org> on 2019/08/04 22:35:00 UTC
[jira] [Commented] (RATIS-636) Add documentation for configuration
TLS
[ https://issues.apache.org/jira/browse/RATIS-636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16899689#comment-16899689 ]
Ankit Singhal commented on RATIS-636:
-------------------------------------
Documentation looks good to me (though I have not tested TLS locally with Ratis yet).
For client configuration , to just differentiate , shouldn't it be client-private-key.pem and client.crt (with common CA for mutual TLS)?
{code}
+Clients to the StateMachine would construct a similar configuration:
+
+```java
+RaftProperties properties = ...;
+
+GrpcConfigKeys.TLS.tlsEnabled(properties);
+GrpcConfigKeys.TLS.mutualAuthnEnabled(properties);
+properties.set(GrpcConfigKeys.TLS.PRIVATE_KEY_FILE_KEY, "/path/to/server-private-key.pem");
+properties.set(GrpcConfigKeys.TLS.TRUST_STORE_KEY, "/path/to/ca.crt");
+properties.set(GrpcConfigKeys.TLS.CERT_CHAIN_FILE_KEY, "/path/to/server.crt");
+
+RaftClient.Builder builder = RaftClient.newBuilder();
{code}
> Add documentation for configuration TLS
> ---------------------------------------
>
> Key: RATIS-636
> URL: https://issues.apache.org/jira/browse/RATIS-636
> Project: Ratis
> Issue Type: Task
> Components: LogService
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Major
> Fix For: asf-site
>
> Attachments: RATIS-636.001.patch
>
>
> Ratis already has the ability to set up gRPC with TLS. Document this pieces of how this works, and how it might work for folks downstream.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)