From b46cf94a25d45dd16362ffe7179c7f426c12e097 Mon Sep 17 00:00:00 2001 From: Ann Kamyshnikova Date: Mon, 2 Mar 2020 16:41:40 +0400 Subject: [PATCH] Zookeeper backend SSL support Bump kazoo version to 2.6.0 that supports SSL. Allow to configure ssl config options via conf * keyfile * keyfile_password * certfile * use_ssl * verify_certs https://kazoo.readthedocs.io/en/latest/api/client.html#kazoo.client.KazooClient This should be done in conformance with Redis jobboard backend, that already allows SSL settings. Change-Id: Ic2670c3c4caa93f69bc2d541c3701df2b6037d2e --- lower-constraints.txt | 2 +- .../zookeeper-ssl-support-b9abf24a39096b62.yaml | 6 ++++++ setup.cfg | 2 +- taskflow/utils/kazoo_utils.py | 13 +++++++++++++ test-requirements.txt | 2 +- 5 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml diff --git a/lower-constraints.txt b/lower-constraints.txt index 49199c393..1e780da09 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -22,7 +22,7 @@ imagesize==0.7.1 iso8601==0.1.11 Jinja2==2.10 jsonschema==2.6.0 -kazoo==2.2 +kazoo==2.6.0 keystoneauth1==3.4.0 kombu==4.0.0 linecache2==1.0.0 diff --git a/releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml b/releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml new file mode 100644 index 000000000..7f7f76fcd --- /dev/null +++ b/releasenotes/notes/zookeeper-ssl-support-b9abf24a39096b62.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + SSL support for zookeeper backend (kazoo client). Now the following options + can be passed to zookeeper config: *keyfile*, *keyfile_password*, + *certfile*, *use_ssl*, *verify_certs*. \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index 4d9a7480e..bf98114d9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -57,7 +57,7 @@ taskflow.engines = # NOTE(dhellmann): The entries in this section of the file need to be # kept consistent with the entries in test-requirements.txt. zookeeper = - kazoo>=2.2 # Apache-2.0 + kazoo>=2.6.0 # Apache-2.0 zake>=0.1.6 # Apache-2.0 redis = redis>=2.10.0 # MIT diff --git a/taskflow/utils/kazoo_utils.py b/taskflow/utils/kazoo_utils.py index 6ff0ce639..2d856bd3f 100644 --- a/taskflow/utils/kazoo_utils.py +++ b/taskflow/utils/kazoo_utils.py @@ -175,6 +175,13 @@ def make_client(conf): - ``handler``: a kazoo handler object that can be used to provide the client with alternate async strategies (the default is `thread`_ based, but `gevent`_, or `eventlet`_ ones can be provided as needed) + - ``keyfile`` : SSL keyfile to use for authentication + - ``keyfile_password``: SSL keyfile password + - ``certfile``: SSL certfile to use for authentication + - ``ca``: SSL CA file to use for authentication + - ``use_ssl``: argument to control whether SSL is used or not + - ``verify_certs``: when using SSL, argument to bypass + certs verification .. _client: https://kazoo.readthedocs.io/en/latest/api/client.html .. _kazoo: https://kazoo.readthedocs.io/ @@ -191,6 +198,12 @@ def make_client(conf): 'read_only': bool(conf.get('read_only')), 'randomize_hosts': bool(conf.get('randomize_hosts')), 'logger': LOG, + 'keyfile': conf.get('keyfile', None), + 'keyfile_password': conf.get('keyfile_password', None), + 'certfile': conf.get('certfile', None), + 'use_ssl': conf.get('use_ssl', False), + 'verify_certs': conf.get('verify_certs', True), + } # See: https://kazoo.readthedocs.io/en/latest/api/retry.html if 'command_retry' in conf: diff --git a/test-requirements.txt b/test-requirements.txt index 7c65a1557..7ad3713ef 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -3,7 +3,7 @@ # entries need to be kept consistent. # zookeeper -kazoo>=2.2 # Apache-2.0 +kazoo>=2.6.0 # Apache-2.0 zake>=0.1.6 # Apache-2.0 # redis