system-config/playbooks/roles/zuul/templates/zuul.conf.j2
James E. Blair 129083b840 Export Zuul traces to Jaeger
This generates TLS certs for Zuul using the jaeger CA and enables
tracing on all Zuul components, exporting to tracing.opendev.org.

Change-Id: I821e5ce4738ea0c93e116684033fa7b78e2da8c6
2022-09-22 15:06:46 -07:00

94 lines
2.3 KiB
Django/Jinja

[scheduler]
tenant_config=/etc/zuul/main.yaml
log_config=/etc/zuul/logging.conf
state_dir=/var/lib/zuul
relative_priority=true
[fingergw]
user=zuul
[zookeeper]
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2281{% if not loop.last %},{% endif %}{% endfor %}
tls_cert=/etc/zuul/certs/cert.pem
tls_key=/etc/zuul/keys/key.pem
tls_ca=/etc/zuul/certs/cacert.pem
session_timeout=40
[keystore]
{% if zuul_keystore_password is defined -%}
password={{ zuul_keystore_password }}
{% endif -%}
[database]
{% if zuul_database_uri is defined -%}
dburi={{ zuul_database_uri }}
{% endif -%}
[statsd]
server=graphite.opendev.org
[merger]
git_dir=/var/lib/zuul/git
log_config=/etc/zuul/merger-logging.conf
git_user_email=zuul@opendev.org
git_user_name=OpenDev Zuul
git_timeout=600
[executor]
manage_ansible=false
log_config=/etc/zuul/executor-logging.conf
job_dir=/var/lib/zuul/builds
variables=/opt/project-config/zuul/site-variables.yaml
private_key_file=/var/lib/zuul/ssh/nodepool_id_rsa
trusted_ro_paths=/etc/openafs:/etc/ssl/certs:/var/lib/zuul/ssh
trusted_rw_paths=/afs
untrusted_ro_paths=/etc/ssl/certs
disk_limit_per_job=5000
sigterm_method=stop
[web]
log_config=/etc/zuul/web-logging.conf
listen_address=127.0.0.1
listen_port=9000
status_url=https://zuul.openstack.org
root=https://zuul.opendev.org
[auth local]
driver=HS256
allow_authz_override=true
realm=zuul.opendev.org
client_id=zuul.opendev.org
issuer_id=zuul.opendev.org
secret={{ zuul_local_auth_secret }}
[auth keycloak]
default=true
driver=OpenIDConnect
realm=zuul
issuer_id=https://keycloak.opendev.org/auth/realms/zuul
client_id=zuul
[tracing]
enabled=true
endpoint=tracing.opendev.org:4317
tls_cert=/etc/zuul/jaeger/certs/cert.pem
tls_key=/etc/zuul/jaeger/keys/key.pem
tls_ca=/etc/zuul/jaeger/certs/cacert.pem
{% for connection in zuul_connections -%}
[connection "{{ connection['name'] }}"]
{% for key, value in connection.items() -%}
{{ key }}={{ value }}
{% endfor -%}
{% for connection_secret in zuul_connection_secrets -%}
{% if connection_secret['name'] == connection['name'] -%}
{% for key, value in connection_secret.items() -%}
{% if key != 'name' -%}
{{ key }}={{ value }}
{% endif -%}{# if key #}
{% endfor -%}{# for key, value in connection_secret #}
{% endif -%}{# if connection_secret['name'] #}
{% endfor -%}{# for connection_secret #}
{% endfor -%}{# for connection #}