Cleanup
This commit is contained in:
parent
9eeaf234a3
commit
386f22ab5b
|
@ -1,6 +1,6 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]] AS builder
|
||||
|
||||
ARG ZK_VERSION=3.9.1
|
||||
ARG ZK_VERSION=[[ .zookeeper.version ]]
|
||||
|
||||
RUN set -x &&\
|
||||
apk --no-cache add tar gzip gnupg curl ca-certificates &&\
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "zookeeper" .instance) ]]
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
[[ template "common/vault.rand_secrets" dict "ctx" . "task" "users" "keys" (coll.Slice "kafka-eventbus" "kafka-exchange") ]]
|
||||
[[ template "common/vault.rand_secrets" . ]]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
Server {
|
||||
org.apache.zookeeper.server.auth.DigestLoginModule required
|
||||
{{- with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]/users" }}
|
||||
{{- with secret "[[ .vault.root ]]kv/service/[[ .instance ]]/users" }}
|
||||
{{- range $k, $v := .Data.data }}
|
||||
user_{{ $k }}="{{ $v }}"
|
||||
{{- end }}
|
||||
|
|
|
@ -6,8 +6,11 @@ instance: zookeeper
|
|||
# ZooKeeper settings
|
||||
zookeeper:
|
||||
|
||||
# Version of ZooKeeper
|
||||
version: 3.9.1
|
||||
|
||||
# Docker image to use
|
||||
image: '[[ .docker.repo ]]zookeeper:latest'
|
||||
image: '[[ .docker.repo ]]zookeeper:[[ .zookeeper.version ]]-2'
|
||||
|
||||
# Number of instances to run (should be 3 or 5 for high availability)
|
||||
count: 3
|
||||
|
@ -25,9 +28,7 @@ zookeeper:
|
|||
vault:
|
||||
# ZooKeeper will use a PKI from vault to issue certificates
|
||||
pki:
|
||||
path: '[[ .vault.prefix ]]pki/[[ .instance ]]'
|
||||
ou: ZooKeeper
|
||||
issuer: '[[ .vault.prefix ]]pki/root'
|
||||
|
||||
# List of vault policies to attach to the task
|
||||
policies:
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
[[- $c := merge .zookeeper . ]]
|
||||
# Read the KV store
|
||||
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
|
||||
path "[[ $c.vault.root ]]kv/data/service/[[ .instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]/users" {
|
||||
path "[[ $c.vault.root ]]kv/data/service/[[ .instance ]]/users" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
# Issue server cert
|
||||
path "[[ .zookeeper.vault.pki.path ]]/issue/server" {
|
||||
path "[[ $c.vault.pki.path ]]/issue/server" {
|
||||
capabilities = ["update"]
|
||||
}
|
||||
# Issue super user cert
|
||||
path "[[ .zookeeper.vault.pki.path ]]/issue/user-root" {
|
||||
path "[[ $c.vault.pki.path ]]/issue/user-root" {
|
||||
capabilities = ["update"]
|
||||
}
|
||||
|
|
|
@ -102,7 +102,7 @@ _EOT
|
|||
# Main ZooKeeper configuration
|
||||
template {
|
||||
data = <<_EOT
|
||||
[[ template "scandm-zookeeper/zoo.cfg.tpl" $c ]]
|
||||
[[ template "zookeeper/zoo.cfg.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/conf/zoo.cfg"
|
||||
uid = 102181
|
||||
|
@ -112,7 +112,7 @@ _EOT
|
|||
# Dynamic configuration (contains nodes in the cluster)
|
||||
template {
|
||||
data = <<_EOT
|
||||
[[ template "scandm-zookeeper/zoo.dyn.cfg.tpl" $c ]]
|
||||
[[ template "zookeeper/zoo.dyn.cfg.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/conf/zoo.dyn.cfg"
|
||||
# When this file changes, do not restart, but just run a script to reconfigure ZooKeeper
|
||||
|
@ -126,7 +126,7 @@ _EOT
|
|||
# SASL users
|
||||
template {
|
||||
data = <<_EOT
|
||||
[[ template "scandm-zookeeper/jaas.conf.tpl" $c ]]
|
||||
[[ template "zookeeper/jaas.conf.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "secrets/jaas.conf"
|
||||
uid = 100000
|
||||
|
|
Loading…
Reference in New Issue