a514aa0f98
To prepare for switching to TLS, set up TLS certs for Zookeeper and all of Nodepool and Zuul, but do not have them connect over TLS yet. We have observed problems with Kazoo using TLS in production. This will let us run the ZK quorum using TLS internally, and have Zuul and Nodepool connect over plaintext while also exposing the TLS client port so that we can perform some more production tests. Change-Id: If93b27f5b55be42be1cf6ee23258127fab5ce9ea
36 lines
1.4 KiB
Django/Jinja
36 lines
1.4 KiB
Django/Jinja
dataDir=/data
|
|
dataLogDir=/datalog
|
|
# The number of milliseconds of each tick
|
|
tickTime=2000
|
|
# The number of ticks that the initial
|
|
# synchronization phase can take
|
|
initLimit=10
|
|
# The number of ticks that can pass between
|
|
# sending a request and getting an acknowledgement
|
|
syncLimit=5
|
|
# When enabled, ZooKeeper auto purge feature retains the autopurge.
|
|
# snapRetainCount most recent snapshots and the corresponding
|
|
# transaction logs in the dataDir and dataLogDir respectively and
|
|
# deletes the rest. Defaults to 3. Minimum value is 3.
|
|
autopurge.snapRetainCount=3
|
|
# The frequency in hours to look for and purge old snapshots,
|
|
# defaults to 0 (disabled). The number of retained snapshots can
|
|
# be separately controlled through snapRetainCount and
|
|
# defaults to the minimum value of 3. This will quickly fill the
|
|
# disk in production if not enabled. Works on ZK >=3.4.
|
|
autopurge.purgeInterval=6
|
|
maxClientCnxns=60
|
|
standaloneEnabled=true
|
|
admin.enableServer=true
|
|
clientPort=2181
|
|
secureClientPort=2281
|
|
ssl.keyStore.location=/tls/keys/keystore.pem
|
|
ssl.trustStore.location=/tls/certs/cacert.pem
|
|
{% for host in groups['zookeeper'] %}
|
|
server.{{ loop.index }}={{ (hostvars[host].public_v4) }}:2888:3888
|
|
{% endfor %}
|
|
sslQuorum=true
|
|
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
|
|
ssl.quorum.keyStore.location=/tls/keys/keystore.pem
|
|
ssl.quorum.trustStore.location=/tls/certs/cacert.pem
|