opendev/system-config
Code Issues Proposed changes
e69e25dc5d
system-config/playbooks/roles/zookeeper/tasks/main.yaml
James E. Blair 11516e0e4b Make zk-ca role more generic 
This renames zk-ca to opendev-ca and allows us to operate more than
one ca on bridge.  This way we can keep the CAs for ZooKeeper and
Jaeger distinct (so that a compromise of the jaeger server could not
be used to access the ZooKeeper cluster).

This also starts a new jaeger-ca and uses it on the Jaeger server.

Change-Id: I4e5bc4e3ccd78284ce785c971f7e6ad6e721f887
2022-09-22 15:05:32 -07:00

65 lines
1.5 KiB
YAML
Raw Blame History

- name: Create Zookeeper group
group:
name: "{{ zookeeper_group }}"
gid: "{{ zookeeper_gid }}"
system: yes
- name: Create Zookeeper User
user:
name: "{{ zookeeper_user }}"
group: "{{ zookeeper_group }}"
uid: "{{ zookeeper_uid }}"
home: "/home/{{ zookeeper_user }}"
create_home: yes
shell: /bin/bash
system: yes
- name: Synchronize compose directory
synchronize:
src: zookeeper-compose/
dest: /etc/zookeeper-compose/
- name: Ensure volume directories exist
file:
state: directory
path: "/var/zookeeper/{{ item }}"
owner: "{{ zookeeper_user }}"
group: "{{ zookeeper_group }}"
loop:
- conf
- data
- datalog
- logs
- tls
- name: Generate ZooKeeper TLS cert
include_role:
name: opendev-ca
vars:
opendev_ca_name: zk
opendev_ca_cert_dir: /var/zookeeper/tls
opendev_ca_cert_dir_owner: 10001
opendev_ca_cert_dir_group: 10001
- name: Write config
template:
src: zoo.cfg.j2
dest: /var/zookeeper/conf/zoo.cfg
- name: Write ID file
template:
src: myid.j2
dest: /var/zookeeper/data/myid
- name: Run docker-compose pull
shell:
cmd: docker-compose pull
chdir: /etc/zookeeper-compose/
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/zookeeper-compose/
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f
# This is handy to have on the zk cluster for interacting with the 4 letter
# commands.
- name: Install netcat
package:
name: netcat
state: present
View Git Blame Copy Permalink