docs: Clarify that encryption should not be in reconciler pipeline

Code Issues Proposed changes

UpgradeImpact
=============
Operators should verify that encryption is not enabled in their
reconciler pipelines; having it enabled there may harm data durability.
For more information, see https://launchpad.net/bugs/1910804
Change-Id: I1a1d78ed91d940ef0b4eba186dcafd714b4fb808
Closes-Bug: #1910804

This commit is contained in:

Tim Burke

2021年01月21日 11:53:09 -08:00

committed by Clay Gerrard

parent 4ee05c5ddc

commit 13c0980e71

2 changed files with 9 additions and 2 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

6
etc/container-reconciler.conf-sample

View File

@@ -58,6 +58,12 @@

# ionice_priority =

[pipeline:main]

# Note that the reconciler's pipeline is intentionally very sparse -- it is

# only responsible for moving data from one policy to another and should not

# perform any transformations beyond (potentially) changing erasure coding.

# It notably MUST NOT include transformative middlewares (such as encryption),

# redirection middlewares (such as symlink), or composing middlewares (such

# as slo and dlo).

pipeline = catch_errors proxy-logging cache proxy-server

[app:proxy-server]

docs: Clarify that encryption should not be in reconciler pipeline

6 etc/container-reconciler.conf-sample Unescape Escape View File

6
etc/container-reconciler.conf-sample

View File