opendev
/
system-config
Code Issues Proposed changes
Browse Source

Revert "Revert "Add Zookeeper TLS support"" 

This reverts commit 05021f11a2.

This switches Zuul and Nodepool to use Zookeeper TLS.  The ZK
cluster is already listening on both ports.

Change-Id: I03d28fb75610fbf5221eeee28699e4bd6f1157ea
changes/35/741335/1
James E. Blair 2 years ago
parent
cd76e090c3
commit
7a32463f9d
4 changed files with 10 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      playbooks/roles/nodepool-base/library/make_nodepool_zk_hosts.py
  2. 4
      playbooks/roles/nodepool-base/tasks/main.yaml
  3. 5
      playbooks/roles/zuul/templates/zuul.conf.j2
  4. 2
      testinfra/test_zookeeper.py

2
playbooks/roles/nodepool-base/library/make_nodepool_zk_hosts.py
Unescape View File

@ -31,7 +31,7 @@ def main():
for host in p['zk_group']:
zk_hosts.append(dict(
host=p['hostvars'][host]['ansible_host'],
port=2181
port=2281
))
module.exit_json(hosts=zk_hosts, changed=True)
except Exception as e:

4
playbooks/roles/nodepool-base/tasks/main.yaml
Unescape View File

@ -71,6 +71,10 @@
vars:
new_config:
zookeeper-servers: '{{ zk_hosts.hosts }}'
zookeeper-tls:
cert: "/etc/nodepool/certs/cert.pem"
key: "/etc/nodepool/keys/key.pem"
ca: "/etc/nodepool/certs/cacert.pem"
set_fact:
nodepool_config: "{{ nodepool_config | combine(new_config) }}"

5
playbooks/roles/zuul/templates/zuul.conf.j2
Unescape View File

@ -28,8 +28,11 @@ relative_priority=true
user=zuul
[zookeeper]
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2181{% if not loop.last %},{% endif %}{% endfor %}
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2281{% if not loop.last %},{% endif %}{% endfor %}
tls_cert=/etc/zuul/certs/cert.pem
tls_key=/etc/zuul/keys/key.pem
tls_ca=/etc/zuul/certs/cacert.pem
session_timeout=40
[statsd]

2
testinfra/test_zookeeper.py
Unescape View File

@ -22,7 +22,7 @@ def test_id_file(host):
assert myid.content == b'1\n'
def test_zk_listening(host):
zk = host.socket("tcp://0.0.0.0:2181")
zk = host.socket("tcp://0.0.0.0:2281")
assert zk.is_listening
def test_zk_listening_ssl(host):

Write Preview
Loading…
Cancel
Save