fix: move Raft auth docs from data node to meta node (#6669)

Move documentation on Raft authentication from data nodes page to meta node page. Also add note with recommended staging for enabling Raft authentication in an existing cluster. Co-authored-by: Jason Stirnaman <jstirnaman@influxdata.com>
2025-12-22 16:47:25 -06:00 · 2025-12-22 16:47:25 -06:00 · ad9453a107
parent 3bb92f3783
commit ad9453a107
2 changed files with 28 additions and 23 deletions
--- a/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md
+++ b/content/enterprise_influxdb/v1/administration/configure/config-data-nodes.md
@ -259,29 +259,6 @@ For detailed configuration information, see [`meta.ensure-fips`](/enterprise_inf

 Environment variable: `INFLUXDB_META_ENSURE_FIPS`

-#### raft-portal-auth-required {metadata="v1.12.0+"}
-
-Default is `false`.
-
-Require Raft clients to authenticate with server using the
-[`meta-internal-shared-secret`](#meta-internal-shared-secret).
-This requires that all meta nodes are running InfluxDB Enterprise v1.12.0+ and
-are configured with the correct `meta-internal-shared-secret`.
-
-Environment variable: `INFLUXDB_META_RAFT_PORTAL_AUTH_REQUIRED`
-
-#### raft-dialer-auth-required {metadata="v1.12.0+"}
-
-Default is `false`.
-
-Require Raft servers to authenticate Raft clients using the
-[`meta-internal-shared-secret`](#meta-internal-shared-secret).
-This requires that all meta nodes are running InfluxDB Enterprise v1.12.0+, have
-`raft-portal-auth-required=true`, and are configured with the correct
-`meta-internal-shared-secret`.
-
-Environment variable: `INFLUXDB_META_RAFT_DIALER_AUTH_REQUIRED`
-
 -----

 ## Data settings
--- a/content/enterprise_influxdb/v1/administration/configure/config-meta-nodes.md
+++ b/content/enterprise_influxdb/v1/administration/configure/config-meta-nodes.md
@ -447,6 +447,34 @@ Environment variable: `INFLUXDB_META_ENSURE_FIPS`

 [NIST Special Publication 800-132]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf

+#### raft-portal-auth-required {metadata="v1.12.0+"}
+
+Default is `false`.
+
+Require Raft clients to authenticate with server using the
+[`meta-internal-shared-secret`](#meta-internal-shared-secret).
+This requires that all meta nodes are running InfluxDB Enterprise v1.12.0+ and
+are configured with the correct `meta-internal-shared-secret`.
+
+For maximum security, `raft-dialer-auth-required` should be configured along with `raft-dialer-auth-required`.
+
+Environment variable: `INFLUXDB_META_RAFT_PORTAL_AUTH_REQUIRED`
+
+#### raft-dialer-auth-required {metadata="v1.12.0+"}
+
+Default is `false`.
+
+Require Raft servers to authenticate Raft clients using the
+[`meta-internal-shared-secret`](#meta-internal-shared-secret).
+This requires that all meta nodes are running InfluxDB Enterprise v1.12.0+, have
+`raft-portal-auth-required=true`, and are configured with the correct
+`meta-internal-shared-secret`. For existing clusters, it is recommended to enable `raft-portal-auth-required` and restart
+meta nodes first, then enable `raft-dialer-auth-required` in another step. 
+This will eliminate downtime from Raft authentication mismatches.
+
+Environment variable: `INFLUXDB_META_RAFT_DIALER_AUTH_REQUIRED`
+
+
 ### TLS settings

 For more information, see [TLS settings for data nodes](/enterprise_influxdb/v1/administration/config-data-nodes#tls-settings).