Add zookeeper tls support
Now that tls support is required, add support for it. Change-Id: I36f2c0a2b2209cfa974b4686c0c32f3fe32e9cae Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger
parent
7b0af5bbfc
commit
9ae268fa89
@ -52,6 +52,27 @@ nodepool_file_launcher_logging_conf_mode: 0644
|
|||||||
nodepool_file_launcher_logging_conf_owner: "{{ nodepool_user_name }}"
|
nodepool_file_launcher_logging_conf_owner: "{{ nodepool_user_name }}"
|
||||||
nodepool_file_launcher_logging_conf_src: etc/nodepool/launcher-logging.conf
|
nodepool_file_launcher_logging_conf_src: etc/nodepool/launcher-logging.conf
|
||||||
|
|
||||||
|
nodepool_file_zookeeper_tls_cacert_content:
|
||||||
|
nodepool_file_zookeeper_tls_cacert_dest: /etc/nodepool/ssl/zookeeper-cacert.pem
|
||||||
|
nodepool_file_zookeeper_tls_cacert_group: "{{ nodepool_user_group }}"
|
||||||
|
nodepool_file_zookeeper_tls_cacert_mode: 0644
|
||||||
|
nodepool_file_zookeeper_tls_cacert_owner: "{{ nodepool_user_name }}"
|
||||||
|
nodepool_file_zookeeper_tls_cacert_src: etc/nodepool/ssl/zookeeper-cacert.pem
|
||||||
|
|
||||||
|
nodepool_file_zookeeper_tls_cert_content:
|
||||||
|
nodepool_file_zookeeper_tls_cert_dest: /etc/nodepool/ssl/zookeeper-client.pem
|
||||||
|
nodepool_file_zookeeper_tls_cert_group: "{{ nodepool_user_group }}"
|
||||||
|
nodepool_file_zookeeper_tls_cert_mode: 0644
|
||||||
|
nodepool_file_zookeeper_tls_cert_owner: "{{ nodepool_user_name }}"
|
||||||
|
nodepool_file_zookeeper_tls_cert_src: etc/nodepool/ssl/zookeeper-client.pem
|
||||||
|
|
||||||
|
nodepool_file_zookeeper_tls_key_content:
|
||||||
|
nodepool_file_zookeeper_tls_key_dest: /etc/nodepool/ssl/zookeeper-client.key
|
||||||
|
nodepool_file_zookeeper_tls_key_group: "{{ nodepool_user_group }}"
|
||||||
|
nodepool_file_zookeeper_tls_key_mode: 0600
|
||||||
|
nodepool_file_zookeeper_tls_key_owner: "{{ nodepool_user_name }}"
|
||||||
|
nodepool_file_zookeeper_tls_key_src: etc/nodepool/ssl/zookeeper-client.key
|
||||||
|
|
||||||
# tasks/install.yaml
|
# tasks/install.yaml
|
||||||
nodepool_git_dest: "{{ ansible_user_dir }}/src/opendev.org/zuul/nodepool"
|
nodepool_git_dest: "{{ ansible_user_dir }}/src/opendev.org/zuul/nodepool"
|
||||||
nodepool_git_uri: https://opendev.org/zuul/nodepool
|
nodepool_git_uri: https://opendev.org/zuul/nodepool
|
||||||
|
|||||||
@ -21,6 +21,7 @@
|
|||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/nodepool
|
- /etc/nodepool
|
||||||
|
- /etc/nodepool/ssl
|
||||||
- /opt/nodepool/images
|
- /opt/nodepool/images
|
||||||
- /opt/nodepool/tmp
|
- /opt/nodepool/tmp
|
||||||
- /var/log/nodepool
|
- /var/log/nodepool
|
||||||
@ -66,3 +67,33 @@
|
|||||||
src: "{{ nodepool_file_launcher_logging_conf_src }}"
|
src: "{{ nodepool_file_launcher_logging_conf_src }}"
|
||||||
register: nodepool_file_launcher_logging_conf
|
register: nodepool_file_launcher_logging_conf
|
||||||
when: nodepool_file_launcher_logging_conf_manage
|
when: nodepool_file_launcher_logging_conf_manage
|
||||||
|
|
||||||
|
- name: Install zookeeper tls cacert configuration
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
dest: "{{ nodepool_file_zookeeper_tls_cacert_dest }}"
|
||||||
|
group: "{{ nodepool_file_zookeeper_tls_cacert_group }}"
|
||||||
|
mode: "{{ nodepool_file_zookeeper_tls_cacert_mode }}"
|
||||||
|
owner: "{{ nodepool_file_zookeeper_tls_cacert_owner }}"
|
||||||
|
src: "{{ nodepool_file_zookeeper_tls_cacert_src }}"
|
||||||
|
register: nodepool_file_zookeeper_tls_cacert
|
||||||
|
|
||||||
|
- name: Install nodepool zookeeper tls cert configuration
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
dest: "{{ nodepool_file_zookeeper_tls_cert_dest }}"
|
||||||
|
group: "{{ nodepool_file_zookeeper_tls_cert_group }}"
|
||||||
|
mode: "{{ nodepool_file_zookeeper_tls_cert_mode }}"
|
||||||
|
owner: "{{ nodepool_file_zookeeper_tls_cert_owner }}"
|
||||||
|
src: "{{ nodepool_file_zookeeper_tls_cert_src }}"
|
||||||
|
register: nodepool_file_zookeeper_tls_cert
|
||||||
|
|
||||||
|
- name: Install zookeeper tls key configuration
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
dest: "{{ nodepool_file_zookeeper_tls_key_dest }}"
|
||||||
|
group: "{{ nodepool_file_zookeeper_tls_key_group }}"
|
||||||
|
mode: "{{ nodepool_file_zookeeper_tls_key_mode }}"
|
||||||
|
owner: "{{ nodepool_file_zookeeper_tls_key_owner }}"
|
||||||
|
src: "{{ nodepool_file_zookeeper_tls_key_src }}"
|
||||||
|
register: nodepool_file_zookeeper_tls_key
|
||||||
|
|||||||
4
templates/etc/nodepool/ssl/zookeeper-cacert.pem
Normal file
4
templates/etc/nodepool/ssl/zookeeper-cacert.pem
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# This file is generated by Ansible
|
||||||
|
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
|
||||||
|
#
|
||||||
|
{{ nodepool_file_zookeeper_tls_cacert_content }}
|
||||||
4
templates/etc/nodepool/ssl/zookeeper-client.key
Normal file
4
templates/etc/nodepool/ssl/zookeeper-client.key
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# This file is generated by Ansible
|
||||||
|
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
|
||||||
|
#
|
||||||
|
{{ nodepool_file_zookeeper_tls_key_content }}
|
||||||
4
templates/etc/nodepool/ssl/zookeeper-client.pem
Normal file
4
templates/etc/nodepool/ssl/zookeeper-client.pem
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# This file is generated by Ansible
|
||||||
|
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
|
||||||
|
#
|
||||||
|
{{ nodepool_file_zookeeper_tls_cert_content }}
|
||||||
@ -46,3 +46,45 @@
|
|||||||
- nodepool_git_dest_stat.stat.exists
|
- nodepool_git_dest_stat.stat.exists
|
||||||
- nodepool_git_dest_stat.stat.isdir
|
- nodepool_git_dest_stat.stat.isdir
|
||||||
when: nodepool_install_method == 'git'
|
when: nodepool_install_method == 'git'
|
||||||
|
|
||||||
|
- name: Register /etc/nodepool/ssl/zookeeper-cacert.pem
|
||||||
|
stat:
|
||||||
|
path: /etc/nodepool/ssl/zookeeper-cacert.pem
|
||||||
|
register: _nodepool_file_zookeeper_tls_cacert_stat
|
||||||
|
|
||||||
|
- name: Assert _nodepool_file_zookeeper_tls_cacert_stat tests.
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- _nodepool_file_zookeeper_tls_cacert_stat.stat.exists
|
||||||
|
- _nodepool_file_zookeeper_tls_cacert_stat.stat.isreg
|
||||||
|
- _nodepool_file_zookeeper_tls_cacert_stat.stat.pw_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_cacert_stat.stat.gr_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_cacert_stat.stat.mode == '0644'
|
||||||
|
|
||||||
|
- name: Register /etc/nodepool/ssl/zookeeper-client.pem
|
||||||
|
stat:
|
||||||
|
path: /etc/nodepool/ssl/zookeeper-client.pem
|
||||||
|
register: _nodepool_file_zookeeper_tls_cert_stat
|
||||||
|
|
||||||
|
- name: Assert _nodepool_file_zookeeper_tls_cert_stat tests.
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- _nodepool_file_zookeeper_tls_cert_stat.stat.exists
|
||||||
|
- _nodepool_file_zookeeper_tls_cert_stat.stat.isreg
|
||||||
|
- _nodepool_file_zookeeper_tls_cert_stat.stat.pw_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_cert_stat.stat.gr_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_cert_stat.stat.mode == '0644'
|
||||||
|
|
||||||
|
- name: Register /etc/nodepool/ssl/zookeeper-client.key
|
||||||
|
stat:
|
||||||
|
path: /etc/nodepool/ssl/zookeeper-client.key
|
||||||
|
register: _nodepool_file_zookeeper_tls_key_stat
|
||||||
|
|
||||||
|
- name: Assert _nodepool_file_zookeeper_tls_key_stat tests.
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- _nodepool_file_zookeeper_tls_key_stat.stat.exists
|
||||||
|
- _nodepool_file_zookeeper_tls_key_stat.stat.isreg
|
||||||
|
- _nodepool_file_zookeeper_tls_key_stat.stat.pw_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_key_stat.stat.gr_name == 'nodepool'
|
||||||
|
- _nodepool_file_zookeeper_tls_key_stat.stat.mode == '0600'
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user