Cassandra on Maps and AQS don't use inter-node encryption
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	hnowlan
	Nov 19 2021, 12:17 PM

Description

Currently restbase has certificates to encrypt communication between Cassandra nodes, but AQS and Maps don't. Unless there's a good reason to not do so, we should encrypt communication between the nodes - this should simply be a matter of generating certificates and making puppet changes.

However, doing the actual rollout might be a much more fraught operation and we should be sure that it's safe to do (and worth doing). In the case of maps this can be done easily enough by depooling and repooling the clusters as needed, but in the case of AQS this might be a bit more dangerous given its single-cluster nature.

Event Timeline

hnowlan created this task.Nov 19 2021, 12:17 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 19 2021, 12:17 PM

hnowlan added a project: Platform Team Workboards (Platform Engineering Reliability).Nov 19 2021, 12:18 PM

hnowlan removed a subscriber: Platform Team Workboards (Platform Engineering Reliability).

(Please don't add project tags as subscribers - thanks!)

AQS is done, Cassandra no longer used by maps

Cassandra on Maps and AQS don't use inter-node encryptionClosed, ResolvedPublicActions

Description

Event Timeline

Cassandra on Maps and AQS don't use inter-node encryption
Closed, ResolvedPublic
Actions