nomad
/
zookeeper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

This commit is contained in:
Daniel Berteaud 2024-02-02 11:01:57 +01:00
parent 9eeaf234a3
commit 386f22ab5b
8 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
images/zookeeper/Dockerfile
View File

@ -1,6 +1,6 @@
FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]] AS builder
ARG ZK_VERSION=3.9.1
ARG ZK_VERSION=[[ .zookeeper.version ]]
RUN set -x &&\
apk --no-cache add tar gzip gnupg curl ca-certificates &&\

0
prep.d/20-pki.sh → init/pki
View File

1
prep.d/01-mv-conf.sh
View File

@ -1 +0,0 @@
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "zookeeper" .instance) ]]

2
prep.d/10-rand-secrets.sh
View File

@ -2,4 +2,4 @@
set -euo pipefail
[[ template "common/vault.rand_secrets" dict "ctx" . "task" "users" "keys" (coll.Slice "kafka-eventbus" "kafka-exchange") ]]
[[ template "common/vault.rand_secrets" . ]]

2
templates/jaas.conf.tpl
View File

@ -1,6 +1,6 @@
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
{{- with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]/users" }}
{{- with secret "[[ .vault.root ]]kv/service/[[ .instance ]]/users" }}
{{- range $k, $v := .Data.data }}
user_{{ $k }}="{{ $v }}"
{{- end }}

7
variables.yml
View File

@ -6,8 +6,11 @@ instance: zookeeper
# ZooKeeper settings
zookeeper:
# Version of ZooKeeper
version: 3.9.1
# Docker image to use
image: '[[ .docker.repo ]]zookeeper:latest'
image: '[[ .docker.repo ]]zookeeper:[[ .zookeeper.version ]]-2'
# Number of instances to run (should be 3 or 5 for high availability)
count: 3
@ -25,9 +28,7 @@ zookeeper:
vault:
# ZooKeeper will use a PKI from vault to issue certificates
pki:
path: '[[ .vault.prefix ]]pki/[[ .instance ]]'
ou: ZooKeeper
issuer: '[[ .vault.prefix ]]pki/root'
# List of vault policies to attach to the task
policies:

9
vault/policies/zookeeper.hcl
View File

@ -1,15 +1,16 @@
[[- $c := merge .zookeeper . ]]
# Read the KV store
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
path "[[ $c.vault.root ]]kv/data/service/[[ .instance ]]" {
capabilities = ["read"]
}
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]/users" {
path "[[ $c.vault.root ]]kv/data/service/[[ .instance ]]/users" {
capabilities = ["read"]
}
# Issue server cert
path "[[ .zookeeper.vault.pki.path ]]/issue/server" {
path "[[ $c.vault.pki.path ]]/issue/server" {
capabilities = ["update"]
}
# Issue super user cert
path "[[ .zookeeper.vault.pki.path ]]/issue/user-root" {
path "[[ $c.vault.pki.path ]]/issue/user-root" {
capabilities = ["update"]
}

6
zookeeper.nomad.hcl
View File

@ -102,7 +102,7 @@ _EOT
# Main ZooKeeper configuration
template {
data = <<_EOT
[[ template "scandm-zookeeper/zoo.cfg.tpl" $c ]]
[[ template "zookeeper/zoo.cfg.tpl" $c ]]
_EOT
destination = "local/conf/zoo.cfg"
uid = 102181
@ -112,7 +112,7 @@ _EOT
# Dynamic configuration (contains nodes in the cluster)
template {
data = <<_EOT
[[ template "scandm-zookeeper/zoo.dyn.cfg.tpl" $c ]]
[[ template "zookeeper/zoo.dyn.cfg.tpl" $c ]]
_EOT
destination = "local/conf/zoo.dyn.cfg"
# When this file changes, do not restart, but just run a script to reconfigure ZooKeeper
@ -126,7 +126,7 @@ _EOT
# SASL users
template {
data = <<_EOT
[[ template "scandm-zookeeper/jaas.conf.tpl" $c ]]
[[ template "zookeeper/jaas.conf.tpl" $c ]]
_EOT
destination = "secrets/jaas.conf"
uid = 100000