29825ac18b
This creates TLS certs for Zookeeper, uses them inside the ZK quorum, and configures Nodepool and Zuul to use them as well. A full system restart of all ZK-related components will be required after merging this patch. Change-Id: I0cb96a989f3d2c7e0563ce8899f2a5945ea225b3
35 lines
1.3 KiB
Django/Jinja
35 lines
1.3 KiB
Django/Jinja
dataDir=/data
|
|
dataLogDir=/datalog
|
|
# The number of milliseconds of each tick
|
|
tickTime=2000
|
|
# The number of ticks that the initial
|
|
# synchronization phase can take
|
|
initLimit=10
|
|
# The number of ticks that can pass between
|
|
# sending a request and getting an acknowledgement
|
|
syncLimit=5
|
|
# When enabled, ZooKeeper auto purge feature retains the autopurge.
|
|
# snapRetainCount most recent snapshots and the corresponding
|
|
# transaction logs in the dataDir and dataLogDir respectively and
|
|
# deletes the rest. Defaults to 3. Minimum value is 3.
|
|
autopurge.snapRetainCount=3
|
|
# The frequency in hours to look for and purge old snapshots,
|
|
# defaults to 0 (disabled). The number of retained snapshots can
|
|
# be separately controlled through snapRetainCount and
|
|
# defaults to the minimum value of 3. This will quickly fill the
|
|
# disk in production if not enabled. Works on ZK >=3.4.
|
|
autopurge.purgeInterval=6
|
|
maxClientCnxns=60
|
|
standaloneEnabled=true
|
|
admin.enableServer=true
|
|
secureClientPort=2281
|
|
ssl.keyStore.location=/tls/keys/keystore.pem
|
|
ssl.trustStore.location=/tls/certs/cacert.pem
|
|
{% for host in groups['zookeeper'] %}
|
|
server.{{ loop.index }}={{ (hostvars[host].public_v4) }}:2888:3888
|
|
{% endfor %}
|
|
sslQuorum=true
|
|
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
|
|
ssl.quorum.keyStore.location=/tls/keys/keystore.pem
|
|
ssl.quorum.trustStore.location=/tls/certs/cacert.pem
|