Skip to content

Commit

Permalink
Update docs for internal communication
Browse files Browse the repository at this point in the history
Add properties to HTTP server props page including HTTP/2 details.
  • Loading branch information
mosabua committed Oct 30, 2024
1 parent 10e8ad3 commit df6652b
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 6 deletions.
31 changes: 31 additions & 0 deletions docs/src/main/sphinx/admin/properties-http-server.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,3 +159,34 @@ Configuration properties for the `PASSWORD` authentication types
### `http-server.log.*`

Configuration properties for [](/admin/properties-logging).

(props-internal-communication)
## Internal communication

The following properties are used for configuring the [internal
communication](/security/internal-communication) between all
[nodes](trino-concept-node) of a Trino cluster.

### `internal-communication.shared-secret`

- **Type:** [](prop-type-string)

The string to use as secret that only the coordinators and workers in a specific
cluster share and use to authenticate within the cluster. See
[](internal-secret) for details.

### `internal-communication.http2.enabled`

- **Type:** [](prop-type-boolean)
- **Default value:** `true`

Enable use of the HTTP/2 protocol for internal communication for enhanced
scalability compared to HTTP/1.1. Only turn this feature off, if you encounter
issues with HTTP/2 usage within the cluster in your deployment.

### `internal-communication.https.required`

- **Type:** [](prop-type-boolean)
- **Default value:** `false`

Enable the use of [SSL/TLS for all internal communication](internal-tls).
19 changes: 13 additions & 6 deletions docs/src/main/sphinx/security/internal-communication.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,16 @@ The Trino cluster can be configured to use secured communication with internal
authentication of the nodes in the cluster, and to optionally use added security
with {ref}`TLS <glossTLS>`.

(internal-secret)=
## Configure shared secret

Configure a shared secret to authenticate all communication between nodes of the
cluster. Use this configuration under the following conditions:
You must configure a shared secret to authenticate all communication between
nodes of the cluster in the following scenarios:

- When opting to configure [internal TLS encryption](internal-tls)
between nodes of the cluster
- When using any {doc}`external authentication <authentication-types>` method
between clients and the coordinator
- When using [any authentication](authentication-types) between clients and the
coordinator.
- When using [internal TLS encryption](internal-tls) between all nodes of the
cluster.

Set the shared secret to the same value in {ref}`config.properties
<config-properties>` on all nodes of the cluster:
Expand Down Expand Up @@ -122,6 +123,12 @@ window functions, which require repartitioning), the performance impact can be
considerable. The slowdown may vary from 10% to even 100%+, depending on the network
traffic and the CPU utilization.

:::{note}
By default, internal communication with SSL/TLS enabled uses HTTP/2 for
increased scalability. You can turn off this feature with
`internal-communication.http2.enabled=false`.
:::

(internal-performance)=
### Advanced performance tuning

Expand Down

0 comments on commit df6652b

Please sign in to comment.