opendev/system-config
Code Issues Proposed changes

Revert "Revert "Add Zookeeper TLS support""

Browse Source 
This reverts commit 05021f11a2.

This switches Zuul and Nodepool to use Zookeeper TLS.  The ZK
cluster is already listening on both ports.

Change-Id: I03d28fb75610fbf5221eeee28699e4bd6f1157ea
This commit is contained in:
James E. Blair 2020-07-15 15:45:24 -07:00
parent cd76e090c3
commit 7a32463f9d
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/roles/nodepool-base/library/make_nodepool_zk_hosts.py
View File

@ -31,7 +31,7 @@ def main():
for host in p['zk_group']: for host in p['zk_group']:
zk_hosts.append(dict( zk_hosts.append(dict(
host=p['hostvars'][host]['ansible_host'], host=p['hostvars'][host]['ansible_host'],
port=2181 port=2281
)) ))
module.exit_json(hosts=zk_hosts, changed=True) module.exit_json(hosts=zk_hosts, changed=True)
except Exception as e: except Exception as e:

4
playbooks/roles/nodepool-base/tasks/main.yaml
View File

@ -71,6 +71,10 @@
vars: vars:
new_config: new_config:
zookeeper-servers: '{{ zk_hosts.hosts }}' zookeeper-servers: '{{ zk_hosts.hosts }}'
zookeeper-tls:
cert: "/etc/nodepool/certs/cert.pem"
key: "/etc/nodepool/keys/key.pem"
ca: "/etc/nodepool/certs/cacert.pem"
set_fact: set_fact:
nodepool_config: "{{ nodepool_config | combine(new_config) }}" nodepool_config: "{{ nodepool_config | combine(new_config) }}"

5
playbooks/roles/zuul/templates/zuul.conf.j2
View File

@ -28,8 +28,11 @@ relative_priority=true
user=zuul user=zuul
[zookeeper] [zookeeper]
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2181{% if not loop.last %},{% endif %}{% endfor %} hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2281{% if not loop.last %},{% endif %}{% endfor %}
tls_cert=/etc/zuul/certs/cert.pem
tls_key=/etc/zuul/keys/key.pem
tls_ca=/etc/zuul/certs/cacert.pem
session_timeout=40 session_timeout=40
[statsd] [statsd]

2
testinfra/test_zookeeper.py
View File

@ -22,7 +22,7 @@ def test_id_file(host):
assert myid.content == b'1\n' assert myid.content == b'1\n'
def test_zk_listening(host): def test_zk_listening(host):
zk = host.socket("tcp://0.0.0.0:2181") zk = host.socket("tcp://0.0.0.0:2281")
assert zk.is_listening assert zk.is_listening
def test_zk_listening_ssl(host): def test_zk_listening_ssl(host):