Connection settings #3985
Connection settings #3985
Conversation
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
24 times, most recently
from
f23f4e3 to
2dde692
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
3 times, most recently
from
b617c53 to
c897016
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
deb84b2 to
766f226
Compare
| To configure traffic encryption, you need to set the special :ref:`URI parameters <index-uri-several-params>` for a particular connection. | ||
| The parameters can be set for the following ``box.cfg`` options and ``nex.box`` method: | ||
|
|
||
| * :ref:`box.cfg.listen <cfg_basic-listen>` -- on the server side. |
There was a problem hiding this comment.
Shouldn't we add it into the box.cfg options description (and net.box too)?
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
2 times, most recently
from
d06270d to
9a658eb
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
9a658eb to
15980fa
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
2 times, most recently
from
cb5c4c6 to
ba20c30
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
ba20c30 to
f2df0e8
Compare
| To communicate to and between cluster instances, Tarantool uses a :ref:`binary protocol <box_protocol>` called iproto. | ||
| The corresponding :ref:`iproto <configuration_reference_iproto>` section in :ref:`YAML configuration <configuration>` lets you configure various connection settings: | ||
|
|
||
| - One or several URIs used to listen for incoming requests. |
There was a problem hiding this comment.
Can we explicitly map these settings to connection types (the first list on this page): which settings are used for which connections?
There was a problem hiding this comment.
Not exactly. iproto.listen is used for all purposes: communicating between instances, administration using tt/TCM, and so on. Advertise URI is only applied to replication and sharding. In the new intro, I've converted the first list to a regular sentence. Looks like the list with connection settings is more important and the second list shouldn't add additional distraction.
| Listen URI | ||
| ---------- | ||
|
|
||
| To configure URIs used to listen for incoming requests, use the :ref:`iproto.listen <configuration_reference_iproto_listen>` configuration option. |
There was a problem hiding this comment.
As a non-expert reader, I don't quite understand from this wording, what requests are we talking about. Are these data requests (select from spaces)? Internal cluster requests? Or just any network requests from whoever connects to this URI?
There was a problem hiding this comment.
Good point. I'm not sure that we should give examples of requests right here. From the intro, it should be clear a high-level idea on why connections are required. There are too many request types that can come from other instances and external systems: internal replication requests, sharding requests, data definition and data manipulation requests, and so on. I feel that concrete info should live in corresponding topics. A user can open the Binary protocol section linked in a note to see a tons of request types :)
There was a problem hiding this comment.
I don't mean that we should describe all possible requests, but maybe provide general conceptual info in an explicit human-friendly form.
Like, this is the basic option. It is required on any instance to enable external connections to it.
Also, we can add a navigating link to Advertise URI by writing a sentence about the relation between the two URI types. Why do we need the two at all?
As an idea: we can expand the intro to explain all key entities in it (listen URI, advertise URI, secure connections) and then leave all subsections as is - just showing the usage examples.
There was a problem hiding this comment.
I hope, the current description should work better - it adds the information about how an advertise URI is used and also tells that SSL settings are optional.
| Connection credentials | ||
| ~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| In the example below, the ``iproto.advertise.peer`` option is used to inform other replica set members that the ``replicator`` user should be used to connect to the current instance: |
There was a problem hiding this comment.
Above, these were cluster members instead of replica set members. Does this need a more detailed explanation? If it's obvious for readers - OK.
There was a problem hiding this comment.
The behavior of iproto.advertise.peer is a bit complicated. It advertises the instance to other replica set members. If iproto.advertise.sharding is not specified, iproto.advertise.peer is used to advertise the instance to a router and rebalancer. So, both are true if different contexts.
There was a problem hiding this comment.
If
iproto.advertise.shardingis not specified,iproto.advertise.peeris used
I believe this should be written explicitly, I couldn't ever guess myself)
There was a problem hiding this comment.
Added a note to the reference page:
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
8 times, most recently
from
052adf7 to
6291442
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
6291442 to
27a2e8b
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
8c569e5 to
b53b25f
Compare
andreyaksenov
force-pushed
the
3.0-connection-settings
branch
from
b53b25f to
f4574a8
Compare
Main changes
Created a new
Connectionstopic that describesiprotosettings:https://docs.d.tarantool.io/en/doc/3.0-connection-settings/concepts/configuration/configuration_connections/
Updated some descriptions in
iprotoreference:https://docs.d.tarantool.io/en/doc/3.0-connection-settings/reference/configuration/configuration_reference/#iproto
Removed the old
Traffic encryptionsection fromSecurity hardening guide:https://docs.d.tarantool.io/en/doc/3.0-connection-settings/enterprise/security/
Now this topic doesn't include how-to/reference information and describes only general recommendations. We can think about merging
Security hardening guidewith theSecurity audittopic at some point.Removed duplicated information from the main
Configurationtopic and added the link to the newConnectionstopic:https://docs.d.tarantool.io/en/doc/3.0-connection-settings/concepts/configuration/#connection-settings
Added several runnable samples:
iproto.listensamples.Fixed links in other documents
Updated a link in the Getting Started guide:
https://docs.d.tarantool.io/en/doc/3.0-connection-settings/how-to/getting_started_db/#connecting-remotely
Updated links in TCM docs:
https://docs.d.tarantool.io/en/doc/3.0-connection-settings/reference/tooling/tcm/tcm_configuration_reference/#confval-storage.tarantool.ssl.key-file