kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject [kafka] branch trunk updated: MINOR: Update dynamic broker configuration doc for truststore update (#4954)
Date Thu, 10 May 2018 15:55:21 GMT
This is an automated email from the ASF dual-hosted git repository.

jgus pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 830ee16  MINOR: Update dynamic broker configuration doc for truststore update (#4954)
830ee16 is described below

commit 830ee16d0d043bad281ba25ed7287f7d45ac9c09
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
AuthorDate: Thu May 10 16:55:15 2018 +0100

    MINOR: Update dynamic broker configuration doc for truststore update (#4954)
    
    Reviewers: Manikumar Reddy O <manikumar.reddy@gmail.com>, Jason Gustafson <jason@confluent.io>
---
 docs/configuration.html | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/configuration.html b/docs/configuration.html
index b76fbbb..8c86534 100644
--- a/docs/configuration.html
+++ b/docs/configuration.html
@@ -105,6 +105,20 @@
   configured for that listener. For other listeners, no trust validation is performed on
the keystore by the broker. Certificates
   must be signed by the same certificate authority that signed the old certificate to avoid
any client authentication failures.
 
+  <h5>Updating SSL Truststore of an Existing Listener</h5>
+  Broker truststores may be updated dynamically without restarting the broker to add or remove
certificates.
+  Updated truststore will be used to authenticate new client connections. The config name
must be prefixed with the
+  listener prefix <code>listener.name.{listenerName}.</code> so that only the
truststore config of a specific listener
+  is updated. The following configs may be updated in a single alter request at per-broker
level:
+  <ul>
+    <li><code>ssl.truststore.type</code></li>
+    <li><code>ssl.truststore.location</code></li>
+    <li><code>ssl.truststore.password</code></li>
+  </ul>
+  If the listener is the inter-broker listener, the update is allowed only if the existing
keystore for that listener is trusted by
+  the new truststore. For other listeners, no trust validation is performed by the broker
before the update. Removal of CA certificates
+  used to sign client certificates from the new truststore can lead to client authentication
failures.
+
   <h5>Updating Default Topic Configuration</h5>
   Default topic configuration options used by brokers may be updated without broker restart.
The configs are applied to topics
   without a topic config override for the equivalent per-topic config. One or more of these
configs may be overridden at
@@ -137,6 +151,8 @@
     <li><code>log.message.timestamp.difference.max.ms</code></li>
   </ul>
 
+  From Kafka version 2.0.0 onwards, unclean leader election is automatically enabled by the
controller when the config
+  <code>unclean.leader.election.enable</code> is dynamically updated.
   In Kafka version 1.1.x, changes to <code>unclean.leader.election.enable</code>
take effect only when a new controller is elected.
   Controller re-election may be forced by running:
 

-- 
To stop receiving notification emails like this one, please contact
jgus@apache.org.

Mime
View raw message