Error/warn if TLS flags are used when tls.enabled=false

[albertteoh]

Requirement - what kind of business use case are you trying to solve?

Motivated by this comment in Slack:

we tried the CLI flag --es.tls.skip-host-verify and the enviornment variable ES_TLS_SKIP_HOST_VERIFY
Neither one seems to have an effect
...
Found the issue, you also need to set --es.tls.enabled/ES_TLS_ENABLED 🤦

Problem - what in Jaeger blocks you from solving the requirement?

The user was, rightfully, confused when the --es.tls.skip-host-verify was set but wasn't working.

Proposal - what do you suggest to solve the problem or improve the existing situation?

Log a warning or error if any --*.tls.* flag is set when --*.tls.enabled == false, maybe somewhere here and here.

Any open questions to address

Should we log a warning or error (and prevent startup of service)? I would lean towards the latter to be more explicit, though I think it would be considered "breaking" behaviour. The former warning could be easily missed.

[yurishkuro]

+1 to crash

[LostLaser]

I would like to pick this one up. Is there a consensus that this incorrect configuration should be fatal?

[albertteoh]

@LostLaser I think an incorrect configuration should be fatal rather than just being logged and my understanding is @yurishkuro is on the same page (but please correct me if I'm wrong).

[yurishkuro]

Agreed

[jpkrohling]

@LostLaser it's yours :-)

[clock21am]

is there activity on this issue? if not can I take this over?

[albertteoh]

@LostLaser are you okay with @clock21am taking over this task?

[LostLaser]

Yes, that’s fine! Sorry for the delay.

[clock21am]

it should fail for both clients and sever side if I am not right?

[albertteoh]

it should fail for both clients and sever side if I am not right?

IIUC, the TLS flags should only apply to the server side, and so should fail for just the server side.