a514aa0f98
To prepare for switching to TLS, set up TLS certs for Zookeeper and all of Nodepool and Zuul, but do not have them connect over TLS yet. We have observed problems with Kazoo using TLS in production. This will let us run the ZK quorum using TLS internally, and have Zuul and Nodepool connect over plaintext while also exposing the TLS client port so that we can perform some more production tests. Change-Id: If93b27f5b55be42be1cf6ee23258127fab5ce9ea
77 lines
2.1 KiB
Django/Jinja
77 lines
2.1 KiB
Django/Jinja
[gearman]
|
|
server={{ gearman_server }}
|
|
check_job_registration=true
|
|
ssl_ca=/etc/zuul/ssl/gearman-ca.pem
|
|
ssl_cert=/etc/zuul/ssl/gearman-client.pem
|
|
{% if gearman_client_ssl_key is defined -%}
|
|
ssl_key=/etc/zuul/ssl/gearman-client.key
|
|
{% endif -%}
|
|
|
|
[gearman_server]
|
|
start=true
|
|
log_config=/etc/zuul/gearman-logging.conf
|
|
ssl_ca=/etc/zuul/ssl/gearman-ca.pem
|
|
{% if gearman_server_ssl_cert is defined -%}
|
|
ssl_cert=/etc/zuul/ssl/gearman-server.pem
|
|
{% endif -%}
|
|
{% if gearman_server_ssl_key is defined -%}
|
|
ssl_key=/etc/zuul/ssl/gearman-server.key
|
|
{% endif -%}
|
|
|
|
[scheduler]
|
|
tenant_config=/etc/zuul/main.yaml
|
|
log_config=/etc/zuul/logging.conf
|
|
state_dir=/var/lib/zuul
|
|
relative_priority=true
|
|
|
|
[fingergw]
|
|
user=zuul
|
|
|
|
[zookeeper]
|
|
hosts={% for host in groups['zookeeper'] %}{{ (hostvars[host].public_v4) }}:2181{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
session_timeout=40
|
|
|
|
[statsd]
|
|
server=graphite.opendev.org
|
|
|
|
[merger]
|
|
git_dir=/var/lib/zuul/git
|
|
log_config=/etc/zuul/merger-logging.conf
|
|
git_user_email=zuul@opendev.org
|
|
git_user_name=OpenDev Zuul
|
|
|
|
[executor]
|
|
manage_ansible=false
|
|
log_config=/etc/zuul/executor-logging.conf
|
|
job_dir=/var/lib/zuul/builds
|
|
variables=/opt/project-config/zuul/site-variables.yaml
|
|
private_key_file=/var/lib/zuul/ssh/nodepool_id_rsa
|
|
trusted_ro_paths=/etc/openafs:/etc/ssl/certs:/var/lib/zuul/ssh
|
|
trusted_rw_paths=/afs
|
|
untrusted_ro_paths=/etc/ssl/certs
|
|
disk_limit_per_job=5000
|
|
|
|
[web]
|
|
log_config=/etc/zuul/web-logging.conf
|
|
listen_address=127.0.0.1
|
|
listen_port=9000
|
|
status_url=https://zuul.openstack.org
|
|
root=https://zuul.opendev.org
|
|
|
|
{% for connection in zuul_connections -%}
|
|
[connection "{{ connection['name'] }}"]
|
|
{% for key, value in connection.items() -%}
|
|
{{ key }}={{ value }}
|
|
{% endfor -%}
|
|
{% for connection_secret in zuul_connection_secrets -%}
|
|
{% if connection_secret['name'] == connection['name'] -%}
|
|
{% for key, value in connection_secret.items() -%}
|
|
{% if key != 'name' -%}
|
|
{{ key }}={{ value }}
|
|
{% endif -%}{# if key #}
|
|
{% endfor -%}{# for key, value in connection_secret #}
|
|
{% endif -%}{# if connection_secret['name'] #}
|
|
{% endfor -%}{# for connection_secret #}
|
|
{% endfor -%}{# for connection #}
|