Use ZK TLS in quickstart

Depends-On: https://review.opendev.org/712733
Change-Id: If1cdef7f7ed7dcef2adbed2de24416ba75f83179
This commit is contained in:
James E. Blair 2020-03-12 16:27:02 -07:00
parent c6d5405c62
commit 056c842731
5 changed files with 38 additions and 1 deletions

View File

@ -27,11 +27,17 @@ services:
- "sshkey:/var/ssh:z"
- "nodessh:/var/node:z"
- "./playbooks/:/var/playbooks/:z"
- "certs:/var/certs:z"
- "../../../tools/:/var/zuul-tools/:z"
# NOTE(pabelanger): Be sure to update this line each time we change the
# default version of ansible for Zuul.
command: "/usr/local/lib/zuul/ansible/2.8/bin/ansible-playbook /var/playbooks/setup.yaml"
zk:
image: zookeeper
hostname: examples_zk_1.examples_default
volumes:
- "certs:/var/certs:z"
- "./zoo.cfg:/conf/zoo.cfg:z"
mysql:
image: mariadb
environment:
@ -59,6 +65,7 @@ services:
- "./etc_zuul/:/etc/zuul/:z"
- "./playbooks/:/var/playbooks/:z"
- "sshkey:/var/ssh:z"
- "certs:/var/certs:z"
web:
command: "sh -c '/var/playbooks/wait-to-start-gearman.sh && zuul-web -f'"
depends_on:
@ -72,6 +79,7 @@ services:
volumes:
- "./etc_zuul/:/etc/zuul/:z"
- "./playbooks/:/var/playbooks/:z"
- "certs:/var/certs:z"
executor:
privileged: true
environment:
@ -103,6 +111,7 @@ services:
image: zuul/nodepool-launcher
volumes:
- "./etc_nodepool/:/etc/nodepool/:z"
- "certs:/var/certs:z"
ports:
- "8022:8022"
logs:
@ -122,3 +131,4 @@ volumes:
sshkey:
nodessh:
logs:
certs:

View File

@ -1,5 +1,10 @@
zookeeper-servers:
- host: zk
port: 2281
zookeeper-tls:
cert: /var/certs/certs/client.pem
key: /var/certs/keys/clientkey.pem
ca: /var/certs/certs/cacert.pem
labels:
- name: ubuntu-bionic

View File

@ -5,7 +5,10 @@ server=scheduler
start=true
[zookeeper]
hosts=zk
hosts=zk:2281
tls_cert=/var/certs/certs/client.pem
tls_key=/var/certs/keys/clientkey.pem
tls_ca=/var/certs/certs/cacert.pem
[scheduler]
tenant_config=/etc/zuul/main.yaml

View File

@ -1,6 +1,10 @@
- hosts: localhost
gather_facts: false
tasks:
- name: Generate ZooKeeper certs
shell: |
/var/zuul-tools/zk-ca.sh /var/certs examples_zk_1.examples_default
chmod -R a+rX /var/certs
- name: Wait for Gerrit to start
wait_for:
host: gerrit

View File

@ -0,0 +1,15 @@
dataDir=/data
dataLogDir=/datalog
tickTime=2000
initLimit=5
syncLimit=2
autopurge.snapRetainCount=3
autopurge.purgeInterval=0
maxClientCnxns=60
standaloneEnabled=true
admin.enableServer=true
server.1=examples_zk_1.examples_default:2888:3888
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
secureClientPort=2281
ssl.keyStore.location=/var/certs/keystores/examples_zk_1.examples_default.pem
ssl.trustStore.location=/var/certs/certs/cacert.pem