Change Details

The [[ https://github.com/wikimedia/puppet/blob/production/modules/cassandra/files/cassandra-ca-manager | `casssandra-ca-manager` ]] exists to ease generation and distribution of Java keystore files to enable encryption between Cassandra clients and cluster nodes. However, this script doesn't have anything Cassandra specific in it, and could be reused to enable encryption for Kafka traffic. We should: - move this to a more generic location/name in puppet - create a `cassandra-ca-manager` symlink to keep backwards compatibility - Generate key formats other than java keystores, e.g. .pem files, etc. At least whatever is needed for non Java Kafka clients, (kafka-python, librdkafka, etc.) - Make it easy to distribute these files via puppet (if it isn't easy enough already). See also T108953 and T141541.

The [[ https://github.com/wikimedia/puppet/blob/production/modules/cassandra/files/cassandra-ca-manager | `casssandra-ca-manager` ]] exists to ease generation and distribution of Java keystore files to enable encryption between Cassandra clients and cluster nodes. However, this script doesn't have anything Cassandra specific in it, and could be reused to enable encryption for Kafka traffic. We should: - move this to a more generic location/name in puppet - create a `cassandra-ca-manager` symlink to keep backwards compatibility - Generate key formats other than java keystores, e.g. .pem files, etc. At least whatever is needed for non Java Kafka clients, (kafka-python, librdkafka, etc.) - Make it easy to distribute these files via puppet (if it isn't easy enough already). - create (or update and move) wikitech documentation See also T108953 and T141541.

The [[ https://github.com/wikimedia/puppet/blob/production/modules/cassandra/files/cassandra-ca-manager | `casssandra-ca-manager` ]] exists to ease generation and distribution of Java keystore files to enable encryption between Cassandra clients and cluster nodes. However, this script doesn't have anything Cassandra specific in it, and could be reused to enable encryption for Kafka traffic. We should: - move this to a more generic location/name in puppet - create a `cassandra-ca-manager` symlink to keep backwards compatibility - Generate key formats other than java keystores, e.g. .pem files, etc. At least whatever is needed for non Java Kafka clients, (kafka-python, librdkafka, etc.) - Make it easy to distribute these files via puppet (if it isn't easy enough already). - create (or update and move) wikitech documentation See also T108953 and T141541.