Add gearman server / client SSL support
Note this only works for zuulv3 today. Change-Id: Iecd4ccc230653ef803764d10c626879d9ad3b1d2 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
parent
58e66ed91f
commit
1a08165eea
|
@ -69,6 +69,11 @@ class zuul (
|
|||
$connections = [],
|
||||
$python_version = 2,
|
||||
$zuulv3 = false,
|
||||
$gearman_client_ssl_cert = undef,
|
||||
$gearman_client_ssl_key = undef,
|
||||
$gearman_server_ssl_cert = undef,
|
||||
$gearman_server_ssl_key = undef,
|
||||
$gearman_ssl_ca = undef,
|
||||
) {
|
||||
include ::httpd
|
||||
include ::pip
|
||||
|
@ -182,7 +187,74 @@ class zuul (
|
|||
}
|
||||
|
||||
file { '/etc/zuul':
|
||||
ensure => directory,
|
||||
ensure => directory,
|
||||
group => 'zuul',
|
||||
mode => '0755',
|
||||
owner => 'zuul',
|
||||
require => User['zuul'],
|
||||
}
|
||||
|
||||
file { '/etc/zuul/ssl':
|
||||
ensure => directory,
|
||||
group => 'zuul',
|
||||
mode => '0755',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul'],
|
||||
}
|
||||
|
||||
if ($gearman_ssl_ca != undef) {
|
||||
file { '/etc/zuul/ssl/ca.pem':
|
||||
ensure => file,
|
||||
content => $gearman_ssl_ca,
|
||||
group => 'zuul',
|
||||
mode => '0644',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul/ssl'],
|
||||
}
|
||||
}
|
||||
|
||||
if ($gearman_client_ssl_cert != undef) {
|
||||
file { '/etc/zuul/ssl/client.pem':
|
||||
ensure => file,
|
||||
content => $gearman_client_ssl_cert,
|
||||
group => 'zuul',
|
||||
mode => '0644',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul/ssl'],
|
||||
}
|
||||
}
|
||||
|
||||
if ($gearman_client_ssl_key != undef) {
|
||||
file { '/etc/zuul/ssl/client.key':
|
||||
ensure => file,
|
||||
content => $gearman_client_ssl_key,
|
||||
group => 'zuul',
|
||||
mode => '0640',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul/ssl'],
|
||||
}
|
||||
}
|
||||
|
||||
if ($gearman_server_ssl_cert != undef) {
|
||||
file { '/etc/zuul/ssl/server.pem':
|
||||
ensure => file,
|
||||
content => $gearman_server_ssl_cert,
|
||||
group => 'zuul',
|
||||
mode => '0644',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul/ssl'],
|
||||
}
|
||||
}
|
||||
|
||||
if ($gearman_server_ssl_key != undef) {
|
||||
file { '/etc/zuul/ssl/server.key':
|
||||
ensure => file,
|
||||
content => $gearman_server_ssl_key,
|
||||
group => 'zuul',
|
||||
mode => '0640',
|
||||
owner => 'zuul',
|
||||
require => File['/etc/zuul/ssl'],
|
||||
}
|
||||
}
|
||||
|
||||
if $zuulv3 {
|
||||
|
|
|
@ -1,10 +1,28 @@
|
|||
[gearman]
|
||||
server=<%= @gearman_server %>
|
||||
check_job_registration=<%= @gearman_check_job_registration %>
|
||||
<% if @gearman_ssl_ca != nil -%>
|
||||
ssl_ca=<%= gearman_ssl_ca %>
|
||||
<% end -%>
|
||||
<% if @gearman_client_ssl_cert != nil -%>
|
||||
ssl_cert=<%= gearman_client_ssl_cert %>
|
||||
<% end -%>
|
||||
<% if @gearman_client_ssl_key != nil -%>
|
||||
ssl_key=<%= gearman_client_ssl_key %>
|
||||
<% end -%>
|
||||
|
||||
[gearman_server]
|
||||
start=<%= @internal_gearman %>
|
||||
log_config=/etc/zuul/gearman-logging.conf
|
||||
<% if @gearman_ssl_ca != nil -%>
|
||||
ssl_ca=<%= gearman_ssl_ca %>
|
||||
<% end -%>
|
||||
<% if @gearman_server_ssl_cert != nil -%>
|
||||
ssl_cert=<%= gearman_server_ssl_cert %>
|
||||
<% end -%>
|
||||
<% if @gearman_server_ssl_key != nil -%>
|
||||
ssl_key=<%= gearman_server_ssl_key %>
|
||||
<% end -%>
|
||||
|
||||
[zuul]
|
||||
tenant_config=/etc/zuul/layout/<%= @tenant_file_name %>
|
||||
|
|
Loading…
Reference in New Issue