Document defining ciphers in example etcd config file #15576
Conversation
|
This is great suggestion for users of config files. Have we seen similar problem for command line flags? or the help message is enough for users. |
There has been a couple references in discussions and issues for cli config but I think for command line we are better off as we have nice examples in the docs to show how it needs to be done https://etcd.io/docs/v3.6/op-guide/security/#example-2-client-to-server-authentication-with-https-client-certificates |
|
Thanks @jmhbnz for the PR, which looks good to me. The workflow failures are not caused by this PR. Recently the workflow are more flaky. Can we focus on fixing the flaky test, at least can we spend more time on them? thx cc @ptabor @serathius @chaochn47 @fuweid @jmhbnz FYI. I am still focusing on the bboltDB critical issue etcd-io/bbolt#402. I may have got some clues |
|
The PR itself looks good to me. I suggest the failed tests can be retried. For example, an empty line in the end of The failed test is tracked in #15581 and proposed fix PR will be sent. |
jmhbnz
force-pushed
the
document-cipher-config
branch
from
89282f3
to
ce3273b
Compare
Signed-off-by: James Blair <mail@jamesblair.net>
jmhbnz
force-pushed
the
document-cipher-config
branch
from
ce3273b
to
d9068cd
Compare
Sure. I will focus on deflaking cases recently. |
No, I think the workflow failures help identify breaking changes. Please see the explanation in #15581 (comment). And thanks to it, the PR was modified to remove the breaking change then all the tests passed eventually. |
This pull request proposes to update our
etcd.conf.ymlwith an example for settingcipher-suites.This topic has come up in discussions and issues and it appears there has been some confusion about how it should be done, so let's provide a concrete example.
Relates to: