7a32463f9d
This reverts commit 05021f11a2.
This switches Zuul and Nodepool to use Zookeeper TLS. The ZK
cluster is already listening on both ports.
Change-Id: I03d28fb75610fbf5221eeee28699e4bd6f1157ea
91 lines
2.4 KiB
YAML
91 lines
2.4 KiB
YAML
- name: Add the nodepool group
|
|
group:
|
|
name: '{{ nodepool_group }}'
|
|
state: present
|
|
gid: '{{ nodepool_gid }}'
|
|
|
|
- name: Add the nodepool user
|
|
user:
|
|
name: '{{ nodepool_user }}'
|
|
group: '{{ nodepool_group }}'
|
|
uid: '{{ nodepool_uid }}'
|
|
home: '/home/{{ nodepool_user }}'
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
system: yes
|
|
|
|
- name: Sync project-config
|
|
include_role:
|
|
name: sync-project-config
|
|
|
|
- name: Create nodepool config dir
|
|
file:
|
|
name: /etc/nodepool
|
|
state: directory
|
|
owner: '{{ nodepool_user }}'
|
|
group: '{{ nodepool_group }}'
|
|
mode: 0755
|
|
|
|
- name: Generate ZooKeeper TLS cert
|
|
include_role:
|
|
name: zk-ca
|
|
vars:
|
|
zk_ca_cert_dir: /etc/nodepool
|
|
zk_ca_cert_dir_owner: '{{ nodepool_user }}'
|
|
zk_ca_cert_dir_group: '{{ nodepool_group }}'
|
|
|
|
- name: Create nodepool log dir
|
|
file:
|
|
name: /var/log/nodepool
|
|
state: directory
|
|
owner: '{{ nodepool_user }}'
|
|
group: '{{ nodepool_group }}'
|
|
mode: 0755
|
|
|
|
- name: Look for a host specific config file
|
|
stat:
|
|
path: /opt/project-config/nodepool/{{ inventory_hostname }}.yaml
|
|
register: host_config_file
|
|
|
|
- name: Load host specific config file
|
|
slurp:
|
|
path: '{{ host_config_file.stat.exists | ternary(host_config_file.stat.path, "/opt/project-config/nodepool/nodepool.yaml") }}'
|
|
register: nodepool_config_content
|
|
|
|
- name: Parse nodepool config
|
|
set_fact:
|
|
nodepool_config: "{{ nodepool_config_content.content | b64decode | from_yaml }}"
|
|
|
|
# Have to run service-zookeeper before service-nodepool
|
|
# because we need top populate the fact cache.
|
|
# Also, we need IP addresses here because in the gate
|
|
# hostnames do not resolve.
|
|
- name: Get zk config
|
|
make_nodepool_zk_hosts:
|
|
hostvars: "{{ hostvars }}"
|
|
zk_group: "{{ groups['zookeeper'] }}"
|
|
register: zk_hosts
|
|
no_log: true
|
|
|
|
- name: Overwrite zookeeper-servers
|
|
vars:
|
|
new_config:
|
|
zookeeper-servers: '{{ zk_hosts.hosts }}'
|
|
zookeeper-tls:
|
|
cert: "/etc/nodepool/certs/cert.pem"
|
|
key: "/etc/nodepool/keys/key.pem"
|
|
ca: "/etc/nodepool/certs/cacert.pem"
|
|
set_fact:
|
|
nodepool_config: "{{ nodepool_config | combine(new_config) }}"
|
|
|
|
- name: Write nodepool config
|
|
copy:
|
|
content: "{{ nodepool_config | to_nice_yaml(indent=2) }}"
|
|
dest: /etc/nodepool/nodepool.yaml
|
|
|
|
- name: Symlink in elements from project-config repo
|
|
file:
|
|
state: link
|
|
src: /opt/project-config/nodepool/elements
|
|
dest: /etc/nodepool/elements
|