29825ac18b
This creates TLS certs for Zookeeper, uses them inside the ZK quorum, and configures Nodepool and Zuul to use them as well. A full system restart of all ZK-related components will be required after merging this patch. Change-Id: I0cb96a989f3d2c7e0563ce8899f2a5945ea225b3
57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
- name: Create Zookeeper group
|
|
group:
|
|
name: "{{ zookeeper_group }}"
|
|
gid: "{{ zookeeper_gid }}"
|
|
system: yes
|
|
- name: Create Zookeeper User
|
|
user:
|
|
name: "{{ zookeeper_user }}"
|
|
group: "{{ zookeeper_group }}"
|
|
uid: "{{ zookeeper_uid }}"
|
|
home: "/home/{{ zookeeper_user }}"
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
system: yes
|
|
- name: Synchronize compose directory
|
|
synchronize:
|
|
src: zookeeper-compose/
|
|
dest: /etc/zookeeper-compose/
|
|
- name: Ensure volume directories exist
|
|
file:
|
|
state: directory
|
|
path: "/var/zookeeper/{{ item }}"
|
|
owner: "{{ zookeeper_user }}"
|
|
group: "{{ zookeeper_group }}"
|
|
loop:
|
|
- conf
|
|
- data
|
|
- datalog
|
|
- logs
|
|
- tls
|
|
- name: Generate ZooKeeper TLS cert
|
|
include_role:
|
|
name: zk-ca
|
|
vars:
|
|
zk_ca_cert_dir: /var/zookeeper/tls
|
|
zk_ca_cert_dir_owner: 10001
|
|
zk_ca_cert_dir_group: 10001
|
|
- name: Write config
|
|
template:
|
|
src: zoo.cfg.j2
|
|
dest: /var/zookeeper/conf/zoo.cfg
|
|
- name: Write ID file
|
|
template:
|
|
src: myid.j2
|
|
dest: /var/zookeeper/data/myid
|
|
- name: Run docker-compose pull
|
|
shell:
|
|
cmd: docker-compose pull
|
|
chdir: /etc/zookeeper-compose/
|
|
- name: Run docker-compose up
|
|
shell:
|
|
cmd: docker-compose up -d
|
|
chdir: /etc/zookeeper-compose/
|
|
- name: Run docker prune to cleanup unneeded images
|
|
shell:
|
|
cmd: docker image prune -f
|