Add zookeeper ssl certs
These will be used to confirm SSL on zookeeper works as expected. Depends-On: https://review.opendev.org/c/windmill/ansible-role-zookeeper/+/778230 Depends-On: https://review.opendev.org/c/windmill/windmill/+/795909 Change-Id: Ief59dc15d9528b420c1d12d6e7fa98fa8e165492 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger
parent
9887c65f90
commit
2e7094db84
@ -14,3 +14,199 @@
|
||||
---
|
||||
zookeeper_install_method: tarball
|
||||
zookeeper_tarball_version: 3.5.9
|
||||
zookeeper_file_zoo_conf_src: "{{ windmill_config_git_dest }}/zookeeper/etc/zookeeper/conf/zoo.cfg"
|
||||
|
||||
zookeeper_file_ssl_truststore_content: |
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
2a:bc:ea:bd:f2:11:1c:aa:d4:45:40:1c:c0:b5:46:f4:8b:78:ee:68
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
|
||||
Validity
|
||||
Not Before: Jun 22 02:38:55 2021 GMT
|
||||
Not After : Mar 22 02:38:55 2031 GMT
|
||||
Subject: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:da:9a:37:0c:81:2d:9a:df:50:95:16:d1:59:1f:
|
||||
d3:2e:88:3d:00:c9:d4:41:46:e2:56:50:ff:ca:a8:
|
||||
df:d8:78:4a:bb:19:db:cf:f5:59:ce:76:a2:e3:10:
|
||||
58:45:7d:28:75:2a:57:8a:d0:52:a1:2d:c8:08:d5:
|
||||
d0:03:4b:cd:74:49:e5:95:64:2d:05:30:6f:41:a7:
|
||||
a9:31:5d:93:b0:9d:62:ed:7b:89:bd:7c:75:9d:47:
|
||||
ca:89:3b:50:06:99:85:c0:f9:b3:1f:1f:d8:94:90:
|
||||
10:75:e7:65:0d:18:34:4e:df:46:f3:88:32:a5:c8:
|
||||
a0:67:d2:d3:9b:ed:13:1b:b9:02:74:0c:95:cf:93:
|
||||
59:c8:a2:95:53:0f:3c:75:b2:39:b9:15:98:28:f8:
|
||||
9b:24:72:02:f3:d9:33:28:bd:32:d9:f3:b0:f7:9c:
|
||||
cb:bb:87:1b:86:57:c1:72:31:38:3c:4f:6f:8b:26:
|
||||
e1:fc:73:4e:25:a7:29:d6:22:2c:2d:7b:c1:c0:58:
|
||||
95:01:a9:23:e9:f4:30:d7:49:35:17:08:a2:89:dd:
|
||||
b3:51:ad:50:67:9e:f7:f4:36:19:e8:97:d6:04:12:
|
||||
d6:8c:15:bf:2f:9b:c4:33:c6:18:bd:28:91:78:85:
|
||||
80:ff:97:88:8c:8a:58:06:17:ee:58:37:42:bb:d2:
|
||||
b3:3d
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
|
||||
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
99:5f:30:95:02:b1:f4:32:ef:09:8d:c1:30:68:6a:5c:16:2c:
|
||||
15:cf:65:71:0c:42:a7:46:bc:57:12:6d:c7:43:30:7c:71:63:
|
||||
c2:ba:87:9e:c3:59:68:ff:52:5f:80:71:41:d2:c9:53:eb:71:
|
||||
62:09:c0:f4:28:93:89:a5:79:0d:de:44:59:da:62:46:d0:d3:
|
||||
da:5d:f0:f4:b2:a6:38:43:f1:d6:81:e7:80:cd:83:e6:b2:4d:
|
||||
04:54:9a:63:50:c5:4e:56:ae:44:76:d1:13:ef:79:a3:00:19:
|
||||
d6:46:e6:90:ca:0a:de:2d:89:43:0b:73:11:82:94:35:ad:12:
|
||||
bd:2c:f0:c4:0b:e5:27:25:c3:d8:c8:0d:1f:2e:7e:c7:4b:8b:
|
||||
32:f7:13:da:04:fe:9d:1a:31:db:79:02:12:ca:cf:67:0c:d9:
|
||||
85:59:da:7a:88:16:d1:ee:e8:f3:36:d6:30:50:09:98:74:d5:
|
||||
97:92:06:15:3f:e7:bf:63:9d:fe:b3:50:ce:e4:80:6b:4f:49:
|
||||
34:26:96:eb:13:47:69:9f:a1:45:35:93:38:9b:a2:09:e8:65:
|
||||
e0:2b:c8:d9:a6:56:d7:ab:a2:f3:5b:fc:f5:aa:82:21:8c:0b:
|
||||
43:67:1b:9c:fe:52:40:25:68:65:87:cc:cc:5c:a1:bc:60:a4:
|
||||
dc:7c:1f:5d
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAnmgAwIBAgIUKrzqvfIRHKrURUAcwLVG9It47mgwDQYJKoZIhvcNAQEL
|
||||
BQAwWDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoM
|
||||
DENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMQ8wDQYDVQQDDAZjYXJvb3QwHhcN
|
||||
MjEwNjIyMDIzODU1WhcNMzEwMzIyMDIzODU1WjBYMQswCQYDVQQGEwJVUzETMBEG
|
||||
A1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMQ29tcGFueSBOYW1lMQwwCgYDVQQL
|
||||
DANPcmcxDzANBgNVBAMMBmNhcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBANqaNwyBLZrfUJUW0Vkf0y6IPQDJ1EFG4lZQ/8qo39h4SrsZ28/1Wc52
|
||||
ouMQWEV9KHUqV4rQUqEtyAjV0ANLzXRJ5ZVkLQUwb0GnqTFdk7CdYu17ib18dZ1H
|
||||
yok7UAaZhcD5sx8f2JSQEHXnZQ0YNE7fRvOIMqXIoGfS05vtExu5AnQMlc+TWcii
|
||||
lVMPPHWyObkVmCj4myRyAvPZMyi9MtnzsPecy7uHG4ZXwXIxODxPb4sm4fxzTiWn
|
||||
KdYiLC17wcBYlQGpI+n0MNdJNRcIoonds1GtUGee9/Q2GeiX1gQS1owVvy+bxDPG
|
||||
GL0okXiFgP+XiIyKWAYX7lg3QrvSsz0CAwEAAaNTMFEwHQYDVR0OBBYEFLPZmxLq
|
||||
dLA3wxwoddQ+XeN/HssJMB8GA1UdIwQYMBaAFLPZmxLqdLA3wxwoddQ+XeN/HssJ
|
||||
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJlfMJUCsfQy7wmN
|
||||
wTBoalwWLBXPZXEMQqdGvFcSbcdDMHxxY8K6h57DWWj/Ul+AcUHSyVPrcWIJwPQo
|
||||
k4mleQ3eRFnaYkbQ09pd8PSypjhD8daB54DNg+ayTQRUmmNQxU5WrkR20RPveaMA
|
||||
GdZG5pDKCt4tiUMLcxGClDWtEr0s8MQL5Sclw9jIDR8ufsdLizL3E9oE/p0aMdt5
|
||||
AhLKz2cM2YVZ2nqIFtHu6PM21jBQCZh01ZeSBhU/579jnf6zUM7kgGtPSTQmlusT
|
||||
R2mfoUU1kzibognoZeAryNmmVterovNb/PWqgiGMC0NnG5z+UkAlaGWHzMxcobxg
|
||||
pNx8H10=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
zookeeper_file_ssl_keystore_content: |
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
2a:bc:ea:bd:f2:11:1c:aa:d4:45:40:1c:c0:b5:46:f4:8b:78:ee:6a
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
|
||||
Validity
|
||||
Not Before: Jun 22 02:38:55 2021 GMT
|
||||
Not After : Mar 22 02:38:55 2031 GMT
|
||||
Subject: C=US, ST=California, L=Oakland, O=Company Name, OU=Org, CN=zk01
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:ed:43:97:ba:11:16:e4:88:0e:55:c4:87:8e:3c:
|
||||
55:91:24:31:83:9a:56:6d:e5:01:ec:f9:6b:4a:61:
|
||||
78:59:f0:2a:f4:0b:8f:6b:29:55:a0:31:7b:e6:12:
|
||||
5c:f7:10:26:2e:e8:86:1c:fe:64:20:12:0b:9c:f6:
|
||||
bd:a9:2f:f0:09:f0:29:ae:60:a8:73:7e:47:de:68:
|
||||
e2:14:e3:e1:1e:a5:55:4a:84:fd:7d:4e:41:a2:a3:
|
||||
ac:cc:10:3b:53:21:8d:91:59:df:07:67:bd:7a:2e:
|
||||
16:90:7e:df:53:a9:ab:27:4e:ff:11:6f:00:86:0b:
|
||||
5b:d0:1e:41:33:90:3e:3b:4f:b4:77:34:2f:8c:78:
|
||||
0c:68:d1:6f:eb:51:cd:01:6e:84:91:af:88:40:7d:
|
||||
ed:2b:7e:37:f6:01:cc:bb:c7:fa:9a:b5:4c:fa:0e:
|
||||
42:d2:f1:97:e5:a8:cd:a1:31:1d:2f:9a:4c:08:91:
|
||||
72:4a:3c:de:ea:07:15:c6:9c:b8:a3:15:cc:b3:b7:
|
||||
13:2c:b0:53:0c:dd:a3:47:93:29:3b:fb:8b:90:23:
|
||||
4a:34:09:1d:4e:37:58:f2:05:37:74:23:32:bb:0a:
|
||||
f4:a7:52:84:07:df:8b:4e:09:dc:21:d1:3e:57:f1:
|
||||
d2:27:55:68:a3:4a:c9:53:c6:8c:fb:77:26:65:09:
|
||||
22:d3
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
OpenSSL Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
6F:69:A2:20:03:1E:94:47:FB:C9:BE:65:FC:5B:A7:D9:4B:DF:61:09
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
|
||||
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
be:cf:3f:a4:f0:9c:ad:04:77:b3:5f:a9:5a:ca:db:49:00:c8:
|
||||
5d:5f:00:5f:af:40:f0:8c:7b:a0:7d:2e:33:f0:58:90:50:21:
|
||||
01:6a:9d:4f:5c:58:36:f8:5f:24:e4:85:2a:8c:a0:65:87:21:
|
||||
0c:40:e9:bf:f1:7c:bd:13:f3:29:99:7d:eb:1d:9f:b9:b0:00:
|
||||
e5:bc:cf:53:ef:1a:30:c4:b7:81:0e:9c:8f:98:4e:b1:d9:fa:
|
||||
eb:46:7c:28:fb:e8:bd:dd:9c:ae:de:0f:66:b4:6d:cd:2e:73:
|
||||
00:6a:e2:80:9e:2f:d8:d6:fa:ac:42:73:ae:70:6c:75:93:e5:
|
||||
c7:57:98:15:af:ef:94:bf:9f:30:d5:d9:74:80:85:2c:29:62:
|
||||
4a:49:18:30:14:8a:38:60:83:3b:7e:44:86:9a:ea:ac:bc:d0:
|
||||
a4:d2:25:b7:16:31:42:05:b9:92:26:98:a0:3b:7c:d9:e6:56:
|
||||
ef:44:b2:4e:10:14:15:70:a9:7e:18:f1:62:46:7d:dc:3e:0c:
|
||||
8f:2b:2e:b1:4a:7e:58:4c:8b:2c:84:1f:8a:86:b3:33:d8:e4:
|
||||
24:59:48:ff:2f:2e:80:de:ad:5f:13:7e:44:9d:d3:78:be:1b:
|
||||
ce:17:33:a6:a8:66:4d:46:30:b0:56:6e:d2:45:65:7b:0d:5a:
|
||||
86:2c:75:85
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDyTCCArGgAwIBAgIUKrzqvfIRHKrURUAcwLVG9It47mowDQYJKoZIhvcNAQEL
|
||||
BQAwWDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoM
|
||||
DENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMQ8wDQYDVQQDDAZjYXJvb3QwHhcN
|
||||
MjEwNjIyMDIzODU1WhcNMzEwMzIyMDIzODU1WjBoMQswCQYDVQQGEwJVUzETMBEG
|
||||
A1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHT2FrbGFuZDEVMBMGA1UECgwMQ29t
|
||||
cGFueSBOYW1lMQwwCgYDVQQLDANPcmcxDTALBgNVBAMMBHprMDEwggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtQ5e6ERbkiA5VxIeOPFWRJDGDmlZt5QHs
|
||||
+WtKYXhZ8Cr0C49rKVWgMXvmElz3ECYu6IYc/mQgEguc9r2pL/AJ8CmuYKhzfkfe
|
||||
aOIU4+EepVVKhP19TkGio6zMEDtTIY2RWd8HZ716LhaQft9TqasnTv8RbwCGC1vQ
|
||||
HkEzkD47T7R3NC+MeAxo0W/rUc0BboSRr4hAfe0rfjf2Acy7x/qatUz6DkLS8Zfl
|
||||
qM2hMR0vmkwIkXJKPN7qBxXGnLijFcyztxMssFMM3aNHkyk7+4uQI0o0CR1ON1jy
|
||||
BTd0IzK7CvSnUoQH34tOCdwh0T5X8dInVWijSslTxoz7dyZlCSLTAgMBAAGjezB5
|
||||
MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
|
||||
cnRpZmljYXRlMB0GA1UdDgQWBBRvaaIgAx6UR/vJvmX8W6fZS99hCTAfBgNVHSME
|
||||
GDAWgBSz2ZsS6nSwN8McKHXUPl3jfx7LCTANBgkqhkiG9w0BAQsFAAOCAQEAvs8/
|
||||
pPCcrQR3s1+pWsrbSQDIXV8AX69A8Ix7oH0uM/BYkFAhAWqdT1xYNvhfJOSFKoyg
|
||||
ZYchDEDpv/F8vRPzKZl96x2fubAA5bzPU+8aMMS3gQ6cj5hOsdn660Z8KPvovd2c
|
||||
rt4PZrRtzS5zAGrigJ4v2Nb6rEJzrnBsdZPlx1eYFa/vlL+fMNXZdICFLCliSkkY
|
||||
MBSKOGCDO35EhprqrLzQpNIltxYxQgW5kiaYoDt82eZW70SyThAUFXCpfhjxYkZ9
|
||||
3D4MjysusUp+WEyLLIQfioazM9jkJFlI/y8ugN6tXxN+RJ3TeL4bzhczpqhmTUYw
|
||||
sFZu0kVlew1ahix1hQ==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDtQ5e6ERbkiA5V
|
||||
xIeOPFWRJDGDmlZt5QHs+WtKYXhZ8Cr0C49rKVWgMXvmElz3ECYu6IYc/mQgEguc
|
||||
9r2pL/AJ8CmuYKhzfkfeaOIU4+EepVVKhP19TkGio6zMEDtTIY2RWd8HZ716LhaQ
|
||||
ft9TqasnTv8RbwCGC1vQHkEzkD47T7R3NC+MeAxo0W/rUc0BboSRr4hAfe0rfjf2
|
||||
Acy7x/qatUz6DkLS8ZflqM2hMR0vmkwIkXJKPN7qBxXGnLijFcyztxMssFMM3aNH
|
||||
kyk7+4uQI0o0CR1ON1jyBTd0IzK7CvSnUoQH34tOCdwh0T5X8dInVWijSslTxoz7
|
||||
dyZlCSLTAgMBAAECggEAH9zA5nLfESeYTTpMPfSqRQiIQbUbQDzNymYgW2fFgsZ2
|
||||
7jkTNH/jiNS8X8Q9icw4ZHpDcGdVSN1Dg/u6sprGcH85CbrfREtEGYEaQ1Xq6HOp
|
||||
hY1ggVBeDhpO3UScwugxm8Bm7BapYlwIGbWABjs1ydyY8l1mw5mI5eT6OpN3V/10
|
||||
8RP11Shasgju5iPqnCQt52EZ2iOoajaeog/x7NffMGtndF9SzPuJFk+BUkYZ4WXM
|
||||
hUWHZUIANkMc6cE8A/kw9+AMCNramvlZRqNlOk3QXcntQQDHA/BT7O0aC62oj3BG
|
||||
fKF43n7kEiB4tMFVnzYnLUPaNuk2Bh7vZ3tbe23gsQKBgQD/grjkKvh1nYA7VE3B
|
||||
BRYmik7RAvcH8l/LHbCOXCLSTw5rTSj1vpcBmVTJSes5zkznG61eFIbw2keFqq8V
|
||||
6CdLaLRtfjaT30btqZnLBT69REOpJzOylx2br1Bidh/ntMtiEiwYBbkxPjNSWZ1p
|
||||
deI4Cn1J1GX7gkcJLjY1qyEP+QKBgQDtt+yQbm/bXxfRSF5IqSkoJG+o+v0e0gCV
|
||||
9HyGv+5XQ3YEnbfrXYdK78iGBRaWV3NxdcaYAw6/8zQy+XSFhSv4BtQcEil7D1bE
|
||||
gqQsoNGc8j8BkJl+8Hr7rNijwNmpaS4X1e3rU2YCEkP/7eYZORj8aqcYAjEhufep
|
||||
FHeRYhwUKwKBgHawV4iNuWqRJh7pM1ElNrviZWhL00qauQrWGMyYWgiNdqo7Znp4
|
||||
9RZmDm+OabkpbqmwPqFEMcax7qVVuw0XESHDWoS+K0YXYpBFx036esFac3+g2S/t
|
||||
aHCISHPkYT+1yQAeZuMlzXflZ9uqCygQ/WuA2+AuzMy/IJZQJBhcDPipAoGAK/gr
|
||||
H4Pt2Ku8Ig+6sMHpRO2IYb8a9optZU81gU8a7LUjrTLnA/fmwGudsXxbcy91wPTB
|
||||
6PgX0FVRwGP3s4KwYU4SCacqWQK7T9nCOCb+3oLIOKfgXGRquwZ7g752BCnaRrph
|
||||
KXfhlFyAi2QbfWrcPkQT6BLvt4dIUdPhUdjNzMUCgYACSFAXrGfhM5H7JNgTnzxx
|
||||
yeyoZtSkHggU66E9ab+NK5H0OwWua5AvGB6IZpkB79m7osZcMcniN9ACbA49XgwG
|
||||
znPiBHmQHJ639kraofD+riYn0gtyc9Gat5GlAkmmljR7huuJZ8UmbLxlrwGSG1+c
|
||||
WiZaHKlQMWEYrPgmiXlLew==
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
31
zookeeper/etc/zookeeper/conf/zoo.cfg
Normal file
31
zookeeper/etc/zookeeper/conf/zoo.cfg
Normal file
@ -0,0 +1,31 @@
|
||||
# The number of milliseconds of each tick
|
||||
tickTime=2000
|
||||
# The number of ticks that the initial
|
||||
# synchronization phase can take
|
||||
initLimit=10
|
||||
# The number of ticks that can pass between
|
||||
# sending a request and getting an acknowledgement
|
||||
syncLimit=5
|
||||
# the directory where the snapshot is stored.
|
||||
dataDir=/var/lib/zookeeper
|
||||
|
||||
# the port at which the clients will connect
|
||||
clientPort=2181
|
||||
|
||||
# specify all zookeeper servers
|
||||
# The fist port is used by followers to connect to the leader
|
||||
# The second one is used for leader election
|
||||
server.1={{ hostvars['zk01'].ansible_host }}:2888:3888
|
||||
|
||||
# Necessary for TLS support
|
||||
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
|
||||
|
||||
# Client TLS configuration
|
||||
secureClientPort=2281
|
||||
ssl.keyStore.location=/etc/zookeeper/ca/keystores/server.pem
|
||||
ssl.trustStore.location=/etc/zookeeper/ca/certs/cacert.pem
|
||||
|
||||
# Server TLS configuration
|
||||
sslQuorum=true
|
||||
ssl.quorum.keyStore.location=/etc/zookeeper/ca/keystores/server.pem
|
||||
ssl.quorum.trustStore.location=/etc/zookeeper/ca/certs/cacert.pem
|
||||
Loading…
Reference in New Issue
Block a user