luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

minor spelling/punctuation fixups

Browse source
This commit is contained in:
Chelsea Holland Komlo 2018-04-11 13:36:35 -04:00
parent 5d06a1cb25
commit 339c480a8c
1 changed files with 10 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
website/source/guides/securing-nomad.html.md
View file

@ -480,23 +480,22 @@ including the TLS configuration.
The agent reloads all its network connections when there are changes to its TLS
configuration during a config reload via SIGHUP. Any new connections
established will use the updated configuration, and any outstanding old
connections will be closed. This process works both when upgrading to TLS, or
connections will be closed. This process works when upgrading to TLS,
downgrading from it, as well as rolling certificates. We recommend upgrading
to TLS.
### RPC Upgrade Mode for Nomad Servers
When migrating to TLS, the [ `rpc_upgrade_mode` ][rpc_upgrade_mode] option
(defaults to `false`) in the
TLS configuration for a Nomad server can be set to true. When set to true,
servers will accept both TLS and non-TLS connections. By accepting non-TLS
connections, operators can upgrade clients to TLS without the clients being
marked as lost because the server is rejecting the client connection due to
the connection not being over TLS. However, it is important to note that
`rpc_upgrade_mode` should be used ad a temporary solution in the
process of migration, and this option should be re-set to false (meaning that
the server will strictly accept only TLS connections) once the entire cluster
has been migrated.
(defaults to `false`) in the TLS configuration for a Nomad server can be set
to true. When set to true, servers will accept both TLS and non-TLS
connections. By accepting non-TLS connections, operators can upgrade clients
to TLS without the clients being marked as lost because the server is
rejecting the client connection due to the connection not being over TLS.
However, it is important to note that `rpc_upgrade_mode` should be used as a
temporary solution in the process of migration, and this option should be
re-set to false (meaning that the server will strictly accept only TLS
connections) once the entire cluster has been migrated.
[cfssl]: https://cfssl.org/
[cfssl.json]: https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/cfssl.json