zuul/zuul-jobs
Code Issues Proposed changes
589cccb055
zuul-jobs/roles/ensure-zookeeper/tasks/setup_tls.yaml
Sorin Sbarnea 59dad009e9 Bits to keep ansible-lint happy 
- moved vars file under vars to avoid failure to load file (newer
  version raise error if you try to put vars outside vars/defaults as
  it will assume they are broken playbooks.
- added missing file-modes on few tasks

Change-Id: I7217469d089b655ee16cd038391cffa4197c8c83
Part-Of: https://review.opendev.org/c/zuul/zuul-jobs/+/773245
2021-03-10 18:04:08 +00:00

39 lines
964 B
YAML
Raw Blame History

- name: Instal openssl
package:
name: openssl
become: true
- name: Ensure CA dir is created
file:
path: "{{ zookeeper_ca_dir }}"
state: directory
owner: "{{ ansible_user }}"
mode: 0755
become: true
- name: Copy zk-ca script
copy:
src: zk-ca.sh
dest: "{{ zookeeper_ca_dir }}/zk-ca.sh"
mode: 0755
- name: Copy openssl.cnf
copy:
src: openssl.cnf
dest: "{{ zookeeper_ca_dir }}/openssl.cnf"
mode: 0755
- name: Render certificates
command: "{{ zookeeper_ca_dir }}/zk-ca.sh {{ zookeeper_ca_dir }} localhost"
- name: Add CA to the configuration
blockinfile:
path: /opt/zookeeper/conf/zoo.cfg
block: |
server.1=localhost:2888:3888
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
secureClientPort=2281
ssl.keyStore.location={{ zookeeper_ca_dir }}/keystores/localhost.pem
ssl.trustStore.location={{ zookeeper_ca_dir }}/certs/cacert.pem
become: true
View Git Blame Copy Permalink