29825ac18b
This creates TLS certs for Zookeeper, uses them inside the ZK quorum, and configures Nodepool and Zuul to use them as well. A full system restart of all ZK-related components will be required after merging this patch. Change-Id: I0cb96a989f3d2c7e0563ce8899f2a5945ea225b3
16 lines
569 B
YAML
16 lines
569 B
YAML
zookeeper_user: zookeeper
|
|
zookeeper_group: zookeeper
|
|
zookeeper_uid: 10001
|
|
zookeeper_gid: 10001
|
|
iptables_extra_allowed_groups:
|
|
# Insecure (TODO: remove)
|
|
- {'protocol': 'tcp', 'port': '2181', 'group': 'nodepool'}
|
|
- {'protocol': 'tcp', 'port': '2181', 'group': 'zuul'}
|
|
# Secure
|
|
- {'protocol': 'tcp', 'port': '2281', 'group': 'nodepool'}
|
|
- {'protocol': 'tcp', 'port': '2281', 'group': 'zuul'}
|
|
# Zookeeper election
|
|
- {'protocol': 'tcp', 'port': '2888', 'group': 'zookeeper'}
|
|
# Zookeeper leader
|
|
- {'protocol': 'tcp', 'port': '3888', 'group': 'zookeeper'}
|