docs: Document how to turn off quorum hostname verification

[sbernauer]

Description

Please add a description here. This will become the commit message of the merge request later.

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

Author

Preview Give feedback

1. Changes are OpenShift compatible
2. CRD changes approved
3. CRD documentation for all fields, following the style guide.
4. Helm chart can be installed and deployed operator works
5. Integration tests passed (for non trivial changes)
6. Changes need to be "offline" compatible

Reviewer

Preview Give feedback

1. Code contains useful comments
2. Code contains useful logging statements
3. (Integration-)Test cases added
4. Documentation added or updated. Follows the style guide.
5. Changelog updated
6. Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

Preview Give feedback

1. Feature Tracker has been updated
2. Proper release label has been added
3. Roadmap has been updated

[lfrancke]

I like the content, thank you!
I just believe this should go into some kind of how to or troubleshooting section.

@fhennig

[sbernauer]

I just believe this should go into some kind of how to or troubleshooting section.

100% agreed. I didn't find where to locate it best :/

[sbernauer]

It's especially hard as I don't have an error message or similar. Guess I need to search the customer issue

[sbernauer]

I added a troubleshooting guide, happy about @fhennig comments

[lfrancke]

Thank you. I think this can wait for Felix to come back from vacation. Let's park it until next week.

[nightkr]

This is a very empty statement, what risk does it expose you to?

[sbernauer]

WDYT of

WARNING: This imposes a security risk, so we don't disable the check by default. Any possessor of a certificate signed by the ca (even for a totally different host) can pretend to be a Zookeeper server to a Zookeeper server.

[sbernauer]

@nightkr can you please have another look?

[nightkr]

I think that covers the issue better, yes, and would be better if we do merge this.

Preliminarily I'd rather just solve #760 than document the workaround, unless we're running out of time for the release.

[sbernauer]

I only raised this PR because it was on the tasklist. Happy to move it to Track for now.
Updated the section anyway

[fhennig]

Good stuff! I like it. I think it's good where it is placed. Just resolve the discussion about the warning, I'd also like it to be more specific.

[sbernauer]

Moving to Track because

Preliminarily I'd rather just solve #760 than document the workaround, unless we're running out of time for the release.

[nightkr]

So for 24.7 our only green version will be 3.9.2 where this issue is already "solved" by FIPS mode being enabled by default (see #760 (comment)). I would propose closing this PR, or changing it to only mention enabling FIPS mode on 3.8.4.

[sbernauer]

Works for me