opendev/system-config
Code Issues Proposed changes
2ff0843b9e
system-config/playbooks/roles/zk-ca
History
James E. Blair a514aa0f98 Zookeeper: listen on plain and TLS ports 
To prepare for switching to TLS, set up TLS certs for Zookeeper and
all of Nodepool and Zuul, but do not have them connect over TLS yet.
We have observed problems with Kazoo using TLS in production.  This
will let us run the ZK quorum using TLS internally, and have Zuul
and Nodepool connect over plaintext while also exposing the TLS
client port so that we can perform some more production tests.

Change-Id: If93b27f5b55be42be1cf6ee23258127fab5ce9ea
2020-06-17 10:38:59 -07:00
..
defaults Zookeeper: listen on plain and TLS ports 2020-06-17 10:38:59 -07:00
tasks Zookeeper: listen on plain and TLS ports 2020-06-17 10:38:59 -07:00
README.rst Zookeeper: listen on plain and TLS ports 2020-06-17 10:38:59 -07:00
zk-ca.sh Zookeeper: listen on plain and TLS ports 2020-06-17 10:38:59 -07:00

README.rst

Generate TLS certs for ZooKeeper

This will copy the certs to the remote node into the /etc/zuul directory by default.