opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/nodepool-base/tasks/main.yaml
James E. Blair a514aa0f98 Zookeeper: listen on plain and TLS ports 
To prepare for switching to TLS, set up TLS certs for Zookeeper and
all of Nodepool and Zuul, but do not have them connect over TLS yet.
We have observed problems with Kazoo using TLS in production.  This
will let us run the ZK quorum using TLS internally, and have Zuul
and Nodepool connect over plaintext while also exposing the TLS
client port so that we can perform some more production tests.

Change-Id: If93b27f5b55be42be1cf6ee23258127fab5ce9ea
2020-06-17 10:38:59 -07:00

86 lines
2.2 KiB
YAML
Raw Blame History

- name: Add the nodepool group
group:
name: '{{ nodepool_group }}'
state: present
gid: '{{ nodepool_gid }}'
- name: Add the nodepool user
user:
name: '{{ nodepool_user }}'
group: '{{ nodepool_group }}'
uid: '{{ nodepool_uid }}'
home: '/home/{{ nodepool_user }}'
create_home: yes
shell: /bin/bash
system: yes
- name: Sync project-config
include_role:
name: sync-project-config
- name: Create nodepool config dir
file:
name: /etc/nodepool
state: directory
owner: '{{ nodepool_user }}'
group: '{{ nodepool_group }}'
mode: 0755
- name: Generate ZooKeeper TLS cert
include_role:
name: zk-ca
vars:
zk_ca_cert_dir: /etc/nodepool
zk_ca_cert_dir_owner: '{{ nodepool_user }}'
zk_ca_cert_dir_group: '{{ nodepool_group }}'
- name: Create nodepool log dir
file:
name: /var/log/nodepool
state: directory
owner: '{{ nodepool_user }}'
group: '{{ nodepool_group }}'
mode: 0755
- name: Look for a host specific config file
stat:
path: /opt/project-config/nodepool/{{ inventory_hostname }}.yaml
register: host_config_file
- name: Load host specific config file
slurp:
path: '{{ host_config_file.stat.exists | ternary(host_config_file.stat.path, "/opt/project-config/nodepool/nodepool.yaml") }}'
register: nodepool_config_content
- name: Parse nodepool config
set_fact:
nodepool_config: "{{ nodepool_config_content.content | b64decode | from_yaml }}"
# Have to run service-zookeeper before service-nodepool
# because we need top populate the fact cache.
# Also, we need IP addresses here because in the gate
# hostnames do not resolve.
- name: Get zk config
make_nodepool_zk_hosts:
hostvars: "{{ hostvars }}"
zk_group: "{{ groups['zookeeper'] }}"
register: zk_hosts
- name: Overwrite zookeeper-servers
vars:
new_config:
zookeeper-servers: '{{ zk_hosts.hosts }}'
set_fact:
nodepool_config: "{{ nodepool_config | combine(new_config) }}"
- name: Write nodepool config
copy:
content: "{{ nodepool_config | to_nice_yaml }}"
dest: /etc/nodepool/nodepool.yaml
- name: Symlink in elements from project-config repo
file:
state: link
src: /opt/project-config/nodepool/elements
dest: /etc/nodepool/elements
View Git Blame Copy Permalink