Add SSL/TLS for gearman service
Encrypt our gearman traffic between zuulv3.o.o and ze01.o.o. Change-Id: I5ca497a10c18227aeedd6b2e39df2574a907fc97 Depends-On: Iecd4ccc230653ef803764d10c626879d9ad3b1d2 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger
parent
d0f6d605df
commit
9142b9c8aa
|
|
@ -658,3 +658,29 @@ mosquitto_tls_ca_file: |
|
|||
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
|
||||
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
|
||||
-----END CERTIFICATE-----
|
||||
gearman_ssl_ca: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIERzCCAy+gAwIBAgIJAKkAn3gh0LBOMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
MjA3WhcNMjAwNjE1MjA1MjA3WjCBuTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEdMBsGA1UEAwwUenV1bHYzLm9w
|
||||
ZW5zdGFjay5vcmcxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0
|
||||
cy5vcGVuc3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
zTnzmZkB/P+C0eHFmPyU8myEmubRVw2vK1aqx0Y7bFMlXAVH6CodI6r4VpS4vGPL
|
||||
AfBGAmIZJlBuRysZHW3J6GuzhBFyBILHJX9PZkeJyHa3NU4ILDPMXAD/oWQnqlp1
|
||||
3kYJ3xS1QWhPvaohC+Io3LErXOMp32mhrEmm3BGfWiXbV9STcseeLX6BKPdqBzaT
|
||||
d8RFkrvsEJTTjwIJLreyrphrtXu/VS9uEMWaHj4/94lLXn8fn3CuUfs48kPDTlaw
|
||||
vFg2lIGpfOui4s9Vhrafy1nrz1KzKHjhhnF80irrIo3kOkWaKeBuTyy7+MSx7PTi
|
||||
5RgSoKTKyMbMA6nbCj73KQIDAQABo1AwTjAdBgNVHQ4EFgQUU/wl91c+fyaFktpc
|
||||
xrw1AgmWad4wHwYDVR0jBBgwFoAUU/wl91c+fyaFktpcxrw1AgmWad4wDAYDVR0T
|
||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe/6S1DWRtXwzBgwTCW7FR3IrpZzP
|
||||
4eN3TUbJy6tvff+iY6+96WV9vyH62NU8oEn5TUqy8r+EiOchbXJq8pvlPAcwdaeC
|
||||
a9pjJku40oVai0pncqDnF/WOiXNkW71bRs/qQtIuVwKwVm9OyizjWsQtjm4Ycpju
|
||||
92liz5Q/ZZu+7eIufQYRr7lthgmTLCjqeS4qxiY7Y03ZLZpvEL+KVskkjPzHvzTO
|
||||
S1Rq0t3ssb4uH78rvXj1Q/C2gVucUBE86P9AckSZtANGlmiKBnO6Lc1xQbsFyfSn
|
||||
Xbt2g9IiP3nTEapCx/M8/Zl5M+XwK7pbQWdtwGnvGPoeFNV1sVT4iO1dLg==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -13,3 +13,31 @@ zuul_connections:
|
|||
canonical_hostname: 'git.openstack.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
|
||||
gearman_server_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
|
||||
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
|
||||
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
|
||||
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
|
||||
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
|
||||
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
|
||||
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
|
||||
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
|
||||
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
|
||||
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
|
||||
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
|
||||
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
|
||||
1GRv9pIfENRRHOiC57p0RSQZZ/2V
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -6,3 +6,31 @@ zuul_connections:
|
|||
canonical_hostname: 'git.openstack.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
|
||||
gearman_client_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBQMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjMw
|
||||
MjQyWhcNMjcwNjE0MjMwMjQyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5j
|
||||
bGllbnQxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3qSWIp
|
||||
w6kXS4IIPU7fPP2felHCtmZyfgKolYbq1iVafcc/EUHa1onlaM+w7OEHr68y3Qau
|
||||
SY6ifEsUWCKJlhu+UlHGwVIZliL02+9EAZ1DDs6OtxKa7nOIkWq8P8kRex234QVd
|
||||
y37+vV+/lDeCbLoGo5P0j51fnqy10afg2xRblmXgqeqaiJAvCmEnG9S9q9+gbisZ
|
||||
1D2r+JtoTUMZtPY9NomvgdNuwmF5+VeO+CQepRWlA+0ysCFVgVwm++PNXETadHOj
|
||||
mOSJxiq2u6fysZb7ctHgGuu+Ce3PVwah+kK/PEXADs7SjhJruSmL1ap2izc6kTFW
|
||||
GSU/wkkPXtbWJwIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFKTyA6hjUY8jNxOEM5zuU7qecogX
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQAiLYckNAx7GQGCSXC92R23o181FiCePuNAgCb4QsaQkA/JopaLrn11R33Y
|
||||
XO1C5fvsopKvcmEJKX0BJwNy41tz/rNmKXYy4hsPKYMsNgJQtYe98Mp+VHgAmtZ3
|
||||
U0v49mUJA4YiLs/QmB6bmLknl1XjzJvbLu3gfVSGsquDXN1TcHLZy2fQlD6/D7HF
|
||||
2Zj44Af4b2xFcZc7J/iErIj8LGHx3alkGAgdXw+SQkgzDeXC/DhrXC1jVJQQQzfU
|
||||
/4GjbLiPBLb+QIAaBVv+iVVok22DSvMydjI4Zr89NXDWEOZc8oZ7nBf9Sv1+I0xB
|
||||
6YQoN+t1YSx3G8AxPSZwyGlwhZo0
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1121,6 +1121,9 @@ node /^ze\d+\.openstack\.org$/ {
|
|||
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
||||
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
||||
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
||||
}
|
||||
|
||||
class { '::zuul::executor': }
|
||||
|
|
@ -1212,17 +1215,20 @@ node 'zuulv3.openstack.org' {
|
|||
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
||||
# settings.
|
||||
class { '::zuul':
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
revision => $revision,
|
||||
python_version => 3,
|
||||
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
zuul_status_url => 'http://127.0.0.1:8001/openstack',
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
revision => $revision,
|
||||
python_version => 3,
|
||||
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
zuul_status_url => 'http://127.0.0.1:8001/openstack',
|
||||
gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
|
||||
gearman_server_ssl_key => hiera('gearman_server_ssl_key'),
|
||||
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
||||
}
|
||||
|
||||
class { '::zuul::scheduler':
|
||||
|
|
|
|||
Loading…
Reference in New Issue