Use ZK TLS in quickstart

Depends-On: https://review.opendev.org/712733 Change-Id: If1cdef7f7ed7dcef2adbed2de24416ba75f83179
2020-03-12 16:27:02 -07:00 · 2020-03-12 16:27:02 -07:00 · 056c842731
parent c6d5405c62
commit 056c842731
5 changed files with 38 additions and 1 deletions
--- a/doc/source/examples/docker-compose.yaml
+++ b/doc/source/examples/docker-compose.yaml
@ -27,11 +27,17 @@ services:
      - "sshkey:/var/ssh:z"
      - "nodessh:/var/node:z"
      - "./playbooks/:/var/playbooks/:z"
      - "certs:/var/certs:z"
      - "../../../tools/:/var/zuul-tools/:z"
    # NOTE(pabelanger): Be sure to update this line each time we change the
    # default version of ansible for Zuul.
    command: "/usr/local/lib/zuul/ansible/2.8/bin/ansible-playbook /var/playbooks/setup.yaml"
  zk:
    image: zookeeper
    hostname: examples_zk_1.examples_default
    volumes:
      - "certs:/var/certs:z"
      - "./zoo.cfg:/conf/zoo.cfg:z"
  mysql:
    image: mariadb
    environment:
@ -59,6 +65,7 @@ services:
      - "./etc_zuul/:/etc/zuul/:z"
      - "./playbooks/:/var/playbooks/:z"
      - "sshkey:/var/ssh:z"
      - "certs:/var/certs:z"
  web:
    command: "sh -c '/var/playbooks/wait-to-start-gearman.sh && zuul-web -f'"
    depends_on:
@ -72,6 +79,7 @@ services:
    volumes:
      - "./etc_zuul/:/etc/zuul/:z"
      - "./playbooks/:/var/playbooks/:z"
      - "certs:/var/certs:z"
  executor:
    privileged: true
    environment:
@ -103,6 +111,7 @@ services:
    image: zuul/nodepool-launcher
    volumes:
      - "./etc_nodepool/:/etc/nodepool/:z"
      - "certs:/var/certs:z"
    ports:
      - "8022:8022"
  logs:
@ -122,3 +131,4 @@ volumes:
  sshkey:
  nodessh:
  logs:
  certs:
--- a/doc/source/examples/etc_nodepool/nodepool.yaml
+++ b/doc/source/examples/etc_nodepool/nodepool.yaml
@ -1,5 +1,10 @@
 zookeeper-servers:
  - host: zk
    port: 2281
 zookeeper-tls:
  cert: /var/certs/certs/client.pem
  key: /var/certs/keys/clientkey.pem
  ca: /var/certs/certs/cacert.pem
 labels:
  - name: ubuntu-bionic
--- a/doc/source/examples/etc_zuul/zuul.conf
+++ b/doc/source/examples/etc_zuul/zuul.conf
@ -5,7 +5,10 @@ server=scheduler
 start=true
 [zookeeper]
-hosts=zk
+hosts=zk:2281
 tls_cert=/var/certs/certs/client.pem
 tls_key=/var/certs/keys/clientkey.pem
 tls_ca=/var/certs/certs/cacert.pem
 [scheduler]
 tenant_config=/etc/zuul/main.yaml
--- a/doc/source/examples/playbooks/setup.yaml
+++ b/doc/source/examples/playbooks/setup.yaml
@ -1,6 +1,10 @@
 - hosts: localhost
  gather_facts: false
  tasks:
    - name: Generate ZooKeeper certs
      shell: |
        /var/zuul-tools/zk-ca.sh /var/certs examples_zk_1.examples_default
        chmod -R a+rX /var/certs
    - name: Wait for Gerrit to start
      wait_for:
        host: gerrit
--- a/doc/source/examples/zoo.cfg
+++ b/doc/source/examples/zoo.cfg
@ -0,0 +1,15 @@
 dataDir=/data
 dataLogDir=/datalog
 tickTime=2000
 initLimit=5
 syncLimit=2
 autopurge.snapRetainCount=3
 autopurge.purgeInterval=0
 maxClientCnxns=60
 standaloneEnabled=true
 admin.enableServer=true
 server.1=examples_zk_1.examples_default:2888:3888
 serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
 secureClientPort=2281
 ssl.keyStore.location=/var/certs/keystores/examples_zk_1.examples_default.pem
 ssl.trustStore.location=/var/certs/certs/cacert.pem