From fd1fdf985abd2f5c7b0cd3dda62a562cda9b407c Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Thu, 4 Apr 2024 11:53:44 +0200
Subject: [PATCH] Some more work on the kafka stack

---
 images/kafka-broker/Dockerfile                           | 2 +-
 .../root/entrypoint.d/{10-kafka.env => 40-kafka.env}     | 0
 kafka-jikkou.nomad.hcl                                   | 9 +++++----
 templates/brokers/server.properties                      | 2 +-
 templates/jikkou/jikkou.conf                             | 2 +-
 variables.yml                                            | 8 ++++++--
 vault/policies/{kafka-brokers.hcl => kafka-broker.hcl}   | 4 ++++
 7 files changed, 18 insertions(+), 9 deletions(-)
 rename images/kafka-broker/root/entrypoint.d/{10-kafka.env => 40-kafka.env} (100%)
 rename vault/policies/{kafka-brokers.hcl => kafka-broker.hcl} (58%)

diff --git a/images/kafka-broker/Dockerfile b/images/kafka-broker/Dockerfile
index f6ae611..52e4ee1 100644
--- a/images/kafka-broker/Dockerfile
+++ b/images/kafka-broker/Dockerfile
@@ -26,7 +26,7 @@ RUN set -ex &&\
 FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]]
 MAINTAINER [[ .docker.maintainer ]]
 
-ENV PATH=$PATH:/opt/kafka/bin \
+ENV PATH=/opt/kafka/bin:$PATH \
     KAFKA_DATA_DIR=/data \
     KAFKA_CONF_DIR=/opt/kafka/config \
     KAFKA_HEAP_OPTS="-Xmx1G -Xms1G" \
diff --git a/images/kafka-broker/root/entrypoint.d/10-kafka.env b/images/kafka-broker/root/entrypoint.d/40-kafka.env
similarity index 100%
rename from images/kafka-broker/root/entrypoint.d/10-kafka.env
rename to images/kafka-broker/root/entrypoint.d/40-kafka.env
diff --git a/kafka-jikkou.nomad.hcl b/kafka-jikkou.nomad.hcl
index e3592a8..61b2f8d 100644
--- a/kafka-jikkou.nomad.hcl
+++ b/kafka-jikkou.nomad.hcl
@@ -24,10 +24,11 @@ job "[[ .instance ]]-jikkou" {
       driver = "[[ $c.nomad.driver ]]"
 
       config {
-        image = "[[ $c.image ]]"
+        image           = "[[ $c.image ]]"
         readonly_rootfs = true
-        pids_limit = 100
-        command = "/local/jikkou"
+        pids_limit      = 100
+        command         = "/local/jikkou"
+[[ template "common/tmpfs" "/root" ]]
       }
 
 [[ template "common/vault.policies" $c ]]
@@ -67,7 +68,7 @@ _EOT
 [[ template "kafka/jikkou/jikkou.conf" $c ]]
 _EOT
         destination = "local/jikkou.conf"
-        perms = 755
+        perms       = 755
       }
 
       # Kafka topics definition
diff --git a/templates/brokers/server.properties b/templates/brokers/server.properties
index f42ef25..0a66f1f 100644
--- a/templates/brokers/server.properties
+++ b/templates/brokers/server.properties
@@ -5,7 +5,7 @@ broker.id={{ env "NOMAD_ALLOC_INDEX" }}
 listeners=CLIENT://:{{ env "NOMAD_PORT_client" }},BROKER://:{{ env "NOMAD_PORT_broker" }}
 listener.security.protocol.map=CLIENT:SSL,BROKER:SSL
 inter.broker.listener.name=BROKER
-advertised.listeners=CLIENT://broker-{{ env "NOMAD_ALLOC_INDEX" }}.exchange-broker{{ env "ENV_SUFFIX" }}.service.{{ env "CT_DOMAIN" }}:{{ env "NOMAD_HOST_PORT_client" }},BROKER://{{ env "NOMAD_ADDR_broker" }}
+advertised.listeners=CLIENT://broker-{{ env "NOMAD_ALLOC_INDEX" }}.[[ .instance ]]-broker[[ .consul.suffix ]].service.[[ .consul.domain ]]:{{ env "NOMAD_HOST_PORT_client" }},BROKER://{{ env "NOMAD_ADDR_broker" }}
 
 # TLS Settings
 ssl.keystore.location=/secrets/kafka.p12
diff --git a/templates/jikkou/jikkou.conf b/templates/jikkou/jikkou.conf
index 81556de..4c7dc28 100644
--- a/templates/jikkou/jikkou.conf
+++ b/templates/jikkou/jikkou.conf
@@ -2,7 +2,7 @@ jikkou {
   kafka {
     client {
       bootstrap.servers = "
-{{- range $index, $instance := service "[[ .instance ]]-broker[ .consul.suffix ]]" -}}
+{{- range $index, $instance := service "[[ .instance ]]-broker[[ .consul.suffix ]]" -}}
 {{ if ne $index 0 }},{{ end }}{{ $instance.Address }}:{{ $instance.Port }}
 {{- end -}}
 "
diff --git a/variables.yml b/variables.yml
index eb963b5..26a256d 100644
--- a/variables.yml
+++ b/variables.yml
@@ -11,7 +11,7 @@ kafka:
   broker:
     count: 3
     version: 3.7.0
-    image: '[[ .docker.repo ]]kafka-broker:[[ .kafka.broker.version ]]-1'
+    image: '[[ .docker.repo ]]kafka-broker:[[ .kafka.broker.version ]]-2'
     env: {}
     resources:
       cpu: 100
@@ -20,9 +20,13 @@ kafka:
       enabled: '[[ .prometheus.available ]]'
     # static_client_port: 9092
     # static_broker_port: 9095
+    nomad:
+      constraints:
+        - operator: distinct_hosts
+          value: true
     consul:
       meta:
-        broker: 'broker-${NOMAD_ALLOC_INDEX}.[[ .instance ]][[ .consul.suffix ]].service.[[ .consul.domain ]]'
+        broker: 'broker-${NOMAD_ALLOC_INDEX}.[[ .instance ]]-broker[[ .consul.suffix ]].service.[[ .consul.domain ]]'
       connect:
         upstreams:
           - destination_name: zookeeper[[ .consul.suffix ]]
diff --git a/vault/policies/kafka-brokers.hcl b/vault/policies/kafka-broker.hcl
similarity index 58%
rename from vault/policies/kafka-brokers.hcl
rename to vault/policies/kafka-broker.hcl
index da3f8bc..3a02e78 100644
--- a/vault/policies/kafka-brokers.hcl
+++ b/vault/policies/kafka-broker.hcl
@@ -2,3 +2,7 @@
 path "[[ $c.vault.pki.path ]]/issue/[[ .instance ]]-broker" {
   capabilities = ["update"]
 }
+
+path "[[ $c.vault.root ]]kv/data/service/[[ .instance ]]/broker" {
+  capabilities = ["read"]
+}