opendev/system-config
Code Issues Proposed changes
d3a53e8ec0
system-config/playbooks/roles/zuul/templates/zuul.conf.j2
James E. Blair 7a32463f9d Revert "Revert "Add Zookeeper TLS support"" 
This reverts commit 05021f11a2.

This switches Zuul and Nodepool to use Zookeeper TLS.  The ZK
cluster is already listening on both ports.

Change-Id: I03d28fb75610fbf5221eeee28699e4bd6f1157ea
2020-07-15 15:45:48 -07:00

80 lines
2.2 KiB
Django/Jinja
Raw Blame History

[gearman]
server={{ gearman_server }}
check_job_registration=true
ssl_ca=/etc/zuul/ssl/gearman-ca.pem
ssl_cert=/etc/zuul/ssl/gearman-client.pem
{% if gearman_client_ssl_key is defined -%}
ssl_key=/etc/zuul/ssl/gearman-client.key
{% endif -%}
[gearman_server]
start=true
log_config=/etc/zuul/gearman-logging.conf
ssl_ca=/etc/zuul/ssl/gearman-ca.pem
{% if gearman_server_ssl_cert is defined -%}
ssl_cert=/etc/zuul/ssl/gearman-server.pem
{% endif -%}
{% if gearman_server_ssl_key is defined -%}
ssl_key=/etc/zuul/ssl/gearman-server.key
{% endif -%}
[scheduler]
tenant_config=/etc/zuul/main.yaml
log_config=/etc/zuul/logging.conf
state_dir=/var/lib/zuul
relative_priority=true
[fingergw]
user=zuul
[zookeeper]
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2281{% if not loop.last %},{% endif %}{% endfor %}
tls_cert=/etc/zuul/certs/cert.pem
tls_key=/etc/zuul/keys/key.pem
tls_ca=/etc/zuul/certs/cacert.pem
session_timeout=40
[statsd]
server=graphite.opendev.org
[merger]
git_dir=/var/lib/zuul/git
log_config=/etc/zuul/merger-logging.conf
git_user_email=zuul@opendev.org
git_user_name=OpenDev Zuul
[executor]
manage_ansible=false
log_config=/etc/zuul/executor-logging.conf
job_dir=/var/lib/zuul/builds
variables=/opt/project-config/zuul/site-variables.yaml
private_key_file=/var/lib/zuul/ssh/nodepool_id_rsa
trusted_ro_paths=/etc/openafs:/etc/ssl/certs:/var/lib/zuul/ssh
trusted_rw_paths=/afs
untrusted_ro_paths=/etc/ssl/certs
disk_limit_per_job=5000
[web]
log_config=/etc/zuul/web-logging.conf
listen_address=127.0.0.1
listen_port=9000
status_url=https://zuul.openstack.org
root=https://zuul.opendev.org
{% for connection in zuul_connections -%}
[connection "{{ connection['name'] }}"]
{% for key, value in connection.items() -%}
{{ key }}={{ value }}
{% endfor -%}
{% for connection_secret in zuul_connection_secrets -%}
{% if connection_secret['name'] == connection['name'] -%}
{% for key, value in connection_secret.items() -%}
{% if key != 'name' -%}
{{ key }}={{ value }}
{% endif -%}{# if key #}
{% endfor -%}{# for key, value in connection_secret #}
{% endif -%}{# if connection_secret['name'] #}
{% endfor -%}{# for connection_secret #}
{% endfor -%}{# for connection #}
View Git Blame Copy Permalink