Use ZK TLS in quickstart
Depends-On: https://review.opendev.org/712733 Change-Id: If1cdef7f7ed7dcef2adbed2de24416ba75f83179
This commit is contained in:
parent
c6d5405c62
commit
056c842731
|
@ -27,11 +27,17 @@ services:
|
|||
- "sshkey:/var/ssh:z"
|
||||
- "nodessh:/var/node:z"
|
||||
- "./playbooks/:/var/playbooks/:z"
|
||||
- "certs:/var/certs:z"
|
||||
- "../../../tools/:/var/zuul-tools/:z"
|
||||
# NOTE(pabelanger): Be sure to update this line each time we change the
|
||||
# default version of ansible for Zuul.
|
||||
command: "/usr/local/lib/zuul/ansible/2.8/bin/ansible-playbook /var/playbooks/setup.yaml"
|
||||
zk:
|
||||
image: zookeeper
|
||||
hostname: examples_zk_1.examples_default
|
||||
volumes:
|
||||
- "certs:/var/certs:z"
|
||||
- "./zoo.cfg:/conf/zoo.cfg:z"
|
||||
mysql:
|
||||
image: mariadb
|
||||
environment:
|
||||
|
@ -59,6 +65,7 @@ services:
|
|||
- "./etc_zuul/:/etc/zuul/:z"
|
||||
- "./playbooks/:/var/playbooks/:z"
|
||||
- "sshkey:/var/ssh:z"
|
||||
- "certs:/var/certs:z"
|
||||
web:
|
||||
command: "sh -c '/var/playbooks/wait-to-start-gearman.sh && zuul-web -f'"
|
||||
depends_on:
|
||||
|
@ -72,6 +79,7 @@ services:
|
|||
volumes:
|
||||
- "./etc_zuul/:/etc/zuul/:z"
|
||||
- "./playbooks/:/var/playbooks/:z"
|
||||
- "certs:/var/certs:z"
|
||||
executor:
|
||||
privileged: true
|
||||
environment:
|
||||
|
@ -103,6 +111,7 @@ services:
|
|||
image: zuul/nodepool-launcher
|
||||
volumes:
|
||||
- "./etc_nodepool/:/etc/nodepool/:z"
|
||||
- "certs:/var/certs:z"
|
||||
ports:
|
||||
- "8022:8022"
|
||||
logs:
|
||||
|
@ -122,3 +131,4 @@ volumes:
|
|||
sshkey:
|
||||
nodessh:
|
||||
logs:
|
||||
certs:
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
zookeeper-servers:
|
||||
- host: zk
|
||||
port: 2281
|
||||
zookeeper-tls:
|
||||
cert: /var/certs/certs/client.pem
|
||||
key: /var/certs/keys/clientkey.pem
|
||||
ca: /var/certs/certs/cacert.pem
|
||||
|
||||
labels:
|
||||
- name: ubuntu-bionic
|
||||
|
|
|
@ -5,7 +5,10 @@ server=scheduler
|
|||
start=true
|
||||
|
||||
[zookeeper]
|
||||
hosts=zk
|
||||
hosts=zk:2281
|
||||
tls_cert=/var/certs/certs/client.pem
|
||||
tls_key=/var/certs/keys/clientkey.pem
|
||||
tls_ca=/var/certs/certs/cacert.pem
|
||||
|
||||
[scheduler]
|
||||
tenant_config=/etc/zuul/main.yaml
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
- hosts: localhost
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Generate ZooKeeper certs
|
||||
shell: |
|
||||
/var/zuul-tools/zk-ca.sh /var/certs examples_zk_1.examples_default
|
||||
chmod -R a+rX /var/certs
|
||||
- name: Wait for Gerrit to start
|
||||
wait_for:
|
||||
host: gerrit
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
dataDir=/data
|
||||
dataLogDir=/datalog
|
||||
tickTime=2000
|
||||
initLimit=5
|
||||
syncLimit=2
|
||||
autopurge.snapRetainCount=3
|
||||
autopurge.purgeInterval=0
|
||||
maxClientCnxns=60
|
||||
standaloneEnabled=true
|
||||
admin.enableServer=true
|
||||
server.1=examples_zk_1.examples_default:2888:3888
|
||||
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
|
||||
secureClientPort=2281
|
||||
ssl.keyStore.location=/var/certs/keystores/examples_zk_1.examples_default.pem
|
||||
ssl.trustStore.location=/var/certs/certs/cacert.pem
|
Loading…
Reference in New Issue