129083b840
This generates TLS certs for Zuul using the jaeger CA and enables tracing on all Zuul components, exporting to tracing.opendev.org. Change-Id: I821e5ce4738ea0c93e116684033fa7b78e2da8c6
94 lines
2.3 KiB
Django/Jinja
94 lines
2.3 KiB
Django/Jinja
[scheduler]
|
|
tenant_config=/etc/zuul/main.yaml
|
|
log_config=/etc/zuul/logging.conf
|
|
state_dir=/var/lib/zuul
|
|
relative_priority=true
|
|
|
|
[fingergw]
|
|
user=zuul
|
|
|
|
[zookeeper]
|
|
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2281{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
tls_cert=/etc/zuul/certs/cert.pem
|
|
tls_key=/etc/zuul/keys/key.pem
|
|
tls_ca=/etc/zuul/certs/cacert.pem
|
|
session_timeout=40
|
|
|
|
[keystore]
|
|
{% if zuul_keystore_password is defined -%}
|
|
password={{ zuul_keystore_password }}
|
|
{% endif -%}
|
|
|
|
[database]
|
|
{% if zuul_database_uri is defined -%}
|
|
dburi={{ zuul_database_uri }}
|
|
{% endif -%}
|
|
|
|
[statsd]
|
|
server=graphite.opendev.org
|
|
|
|
[merger]
|
|
git_dir=/var/lib/zuul/git
|
|
log_config=/etc/zuul/merger-logging.conf
|
|
git_user_email=zuul@opendev.org
|
|
git_user_name=OpenDev Zuul
|
|
git_timeout=600
|
|
|
|
[executor]
|
|
manage_ansible=false
|
|
log_config=/etc/zuul/executor-logging.conf
|
|
job_dir=/var/lib/zuul/builds
|
|
variables=/opt/project-config/zuul/site-variables.yaml
|
|
private_key_file=/var/lib/zuul/ssh/nodepool_id_rsa
|
|
trusted_ro_paths=/etc/openafs:/etc/ssl/certs:/var/lib/zuul/ssh
|
|
trusted_rw_paths=/afs
|
|
untrusted_ro_paths=/etc/ssl/certs
|
|
disk_limit_per_job=5000
|
|
sigterm_method=stop
|
|
|
|
[web]
|
|
log_config=/etc/zuul/web-logging.conf
|
|
listen_address=127.0.0.1
|
|
listen_port=9000
|
|
status_url=https://zuul.openstack.org
|
|
root=https://zuul.opendev.org
|
|
|
|
[auth local]
|
|
driver=HS256
|
|
allow_authz_override=true
|
|
realm=zuul.opendev.org
|
|
client_id=zuul.opendev.org
|
|
issuer_id=zuul.opendev.org
|
|
secret={{ zuul_local_auth_secret }}
|
|
|
|
[auth keycloak]
|
|
default=true
|
|
driver=OpenIDConnect
|
|
realm=zuul
|
|
issuer_id=https://keycloak.opendev.org/auth/realms/zuul
|
|
client_id=zuul
|
|
|
|
[tracing]
|
|
enabled=true
|
|
endpoint=tracing.opendev.org:4317
|
|
tls_cert=/etc/zuul/jaeger/certs/cert.pem
|
|
tls_key=/etc/zuul/jaeger/keys/key.pem
|
|
tls_ca=/etc/zuul/jaeger/certs/cacert.pem
|
|
|
|
{% for connection in zuul_connections -%}
|
|
[connection "{{ connection['name'] }}"]
|
|
{% for key, value in connection.items() -%}
|
|
{{ key }}={{ value }}
|
|
{% endfor -%}
|
|
{% for connection_secret in zuul_connection_secrets -%}
|
|
{% if connection_secret['name'] == connection['name'] -%}
|
|
{% for key, value in connection_secret.items() -%}
|
|
{% if key != 'name' -%}
|
|
{{ key }}={{ value }}
|
|
{% endif -%}{# if key #}
|
|
{% endfor -%}{# for key, value in connection_secret #}
|
|
{% endif -%}{# if connection_secret['name'] #}
|
|
{% endfor -%}{# for connection_secret #}
|
|
{% endfor -%}{# for connection #}
|