{"id":265,"sha1":"76ccf848b368ce31d32007cc261843d65b749e3c","playbook":{"id":3,"items":{"plays":37,"tasks":567,"results":554,"hosts":7,"files":221,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:15:01.440414Z","ended":"2025-12-14T10:21:34.655502Z","duration":"00:06:33.215088","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2022 City Network International AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the\n# License for the specific language governing permissions and limitations\n# under the License.\n\n# Define zookepeer version and download URI\nzookeeper_download_version: 3.9.4\nzookeeper_download_version_checksum: >-\n  sha512:36bffae6440ed0d71ed83a621b8c52c583860b414812197373237f0c148bd16e6b599977c90e5eb81c0fce6b82ef44aa782621535417cffc4c2a0a51a56f2cdf\nzookeeper_download_url: >-\n  https://archive.apache.org/dist/zookeeper/zookeeper-{{ zookeeper_download_version }}/apache-zookeeper-{{ zookeeper_download_version }}-bin.tar.gz\n\n# Define zookeeper clustering option\nzookeeper_cluster_members: \"{{ groups['zookeeper_all'] }}\"\n# The first port is used by followers to connect to the leader\n# The second one is used for leader election\nzookeeper_cluster_peer_ports: 2888:3888\n# This variable is used to define what fact which will be taken out of\n# hostvars for each cluster member as it's address\nzookeeper_cluster_address_hostvars_key: \"ansible_host\"\n\n# Ports and TLS\nzookeeper_client_port: 2181\nzookeeper_secure_client_port: 2281\nzookeeper_ssl_client_enable: true\nzookeeper_ssl_quorum_enable: true\nzookeeper_ssl_protocols:\n  - TLSv1.2\n  - TLSv1.3\n\n# Storage location for SSL certificate authority\nzookeeper_pki_dir: \"{{ openstack_pki_dir | default('/etc/pki/zookeeper-ca') }}\"\n\n# Delegated host for operating the certificate authority\nzookeeper_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# Create a certificate authority if one does not already exist\nzookeeper_pki_create_ca: \"{{ openstack_pki_authorities is not defined | bool }}\"\nzookeeper_pki_regen_ca: \"\"\nzookeeper_pki_authorities:\n  - name: \"ZookeeperRoot\"\n    country: \"GB\"\n    state_or_province_name: \"England\"\n    organization_name: \"Example Corporation\"\n    organizational_unit_name: \"IT Security\"\n    cn: \"Zookeeper Root CA\"\n    provider: selfsigned\n    basic_constraints: \"CA:TRUE\"\n    key_usage:\n      - digitalSignature\n      - cRLSign\n      - keyCertSign\n    not_after: \"+3650d\"\n  - name: \"ZookeeperIntermediate\"\n    country: \"GB\"\n    state_or_province_name: \"England\"\n    organization_name: \"Example Corporation\"\n    organizational_unit_name: \"IT Security\"\n    cn: \"Zookeeper Intermediate CA\"\n    provider: ownca\n    basic_constraints: \"CA:TRUE,pathlen:0\"\n    key_usage:\n      - digitalSignature\n      - cRLSign\n      - keyCertSign\n    not_after: \"+3650d\"\n    signed_by: \"ZookeeperRoot\"\n\n# Installation details for certificate authorities\nzookeeper_pki_install_ca:\n  - name: \"ZookeeperRoot\"\n    condition: \"{{ zookeeper_pki_create_ca }}\"\n\n# Zookeeper server certificate\nzookeeper_pki_keys_path: \"{{ zookeeper_pki_dir ~ '/certs/private/' }}\"\nzookeeper_pki_certs_path: \"{{ zookeeper_pki_dir ~ '/certs/certs/' }}\"\nzookeeper_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ZookeeperIntermediate') }}\"\nzookeeper_pki_intermediate_cert_path: >-\n  {{ zookeeper_pki_dir ~ '/roots/' ~ zookeeper_pki_intermediate_cert_name ~ '/certs/' ~ zookeeper_pki_intermediate_cert_name ~ '.crt' }}\nzookeeper_pki_regen_cert: \"\"\nzookeeper_pki_certificates:\n  - name: \"zookeeper_{{ ansible_facts['hostname'] }}\"\n    provider: ownca\n    cn: \"{{ hostvars[inventory_hostname][zookeeper_cluster_address_hostvars_key] }}\"\n    san: \"{{ 'DNS:' ~ ansible_facts['fqdn'] ~ ',IP:' ~ ansible_host }}\"\n    signed_by: \"{{ zookeeper_pki_intermediate_cert_name }}\"\n    condition: \"{{ zookeeper_ssl_client_enable or zookeeper_ssl_quorum_enable }}\"\n    key_format: pkcs8\n\n# Installation details for SSL certificates\nzookeeper_pki_install_certificates:\n  - src: \"{{ zookeeper_user_ssl_cert | default(zookeeper_pki_certs_path ~ 'zookeeper_' ~ ansible_facts['hostname'] ~ '.crt') }}\"\n    dest: \"{{ zookeeper_ssl_cert }}\"\n    owner: \"{{ zookeeper_system_user_name }}\"\n    group: \"{{ zookeeper_system_group_name }}\"\n    mode: \"0644\"\n    condition: \"{{ zookeeper_ssl_client_enable or zookeeper_ssl_quorum_enable }}\"\n  - src: \"{{ zookeeper_user_ssl_key | default(zookeeper_pki_keys_path ~ 'zookeeper_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n    dest: \"{{ zookeeper_ssl_key }}\"\n    owner: \"{{ zookeeper_system_user_name }}\"\n    group: \"{{ zookeeper_system_group_name }}\"\n    mode: \"0600\"\n    condition: \"{{ zookeeper_ssl_client_enable or zookeeper_ssl_quorum_enable }}\"\n  - src: \"{{ zookeeper_user_ssl_ca_cert | default(zookeeper_pki_intermediate_cert_path) }}\"\n    dest: \"{{ zookeeper_ssl_ca_cert }}\"\n    owner: \"{{ zookeeper_system_user_name }}\"\n    group: \"{{ zookeeper_system_group_name }}\"\n    mode: \"0644\"\n    condition: \"{{ zookeeper_ssl_client_enable or zookeeper_ssl_quorum_enable }}\"\n\nzookeeper_ssl_cert: \"{{ zookeeper_config_dir }}/certs/certs/zookeeper.crt\"\nzookeeper_ssl_key: \"{{ zookeeper_config_dir }}/certs/private/zookeeper.key\"\nzookeeper_ssl_ca_cert: \"{{ zookeeper_config_dir }}/certs/certs/zookeeper-ca.crt\"\nzookeeper_ssl_keystore_location: \"{{ zookeeper_config_dir }}/certs/private/zookeeper.pem\"\nzookeeper_ssl_truststore_location: \"{{ _zookeeper_ssl_truststore_location }}\"\nzookeeper_ssl_client_auth: want\nzookeeper_ssl_quorum_client_auth: need\n\n# Define operating system user/group names\nzookeeper_system_user_name: zookeeper\nzookeeper_system_group_name: zookeeper\nzookeeper_system_comment: zookeeper system user\nzookeeper_system_shell: /bin/false\nzookeeper_system_user_home: /var/lib/zookeeper\n\nzookeeper_file_zoo_conf_mode: \"0644\"\nzookeeper_config_dir: \"/etc/zookeeper\"\nzookeeper_data_dir: \"{{ zookeeper_system_user_home }}\"\nzookeeper_data_log_dir: \"{{ zookeeper_data_dir }}/log\"\nzookeeper_file_myid_dest: \"{{ zookeeper_data_dir }}/myid\"\n\n# Set the package install state for distribution packages\nzookeeper_package_requirements: \"{{ _zookeeper_package_requirements }}\"\nzookeeper_package_state: \"{{ package_state | default('latest') }}\"\n\n# autopurge configuration\n# Amount of most recent snapshots and the corresponding transaction logs to keep\nzookeeper_snap_retain_count: 3\n# The time interval in hours for which the purge task has to be triggered\nzookeeper_purge_interval: 1\n\n# Service configuration\nzookeeper_service:\n  name: zookeeper\n  execstarts: \"/opt/zookeeper/bin/zkServer.sh --config {{ zookeeper_config_dir }} start-foreground\"\n  execstops: \"/opt/zookeeper/bin/zkServer.sh --config {{ zookeeper_config_dir }} stop\"\n\nzookeeper_init_config_overrides: {}\n\nzookeeper_commands_whitelist:\n  - stat\n  - ruok\n  - isro\n  - envi\n\nzookeeper_prometheus_enable: false\nzookeeper_prometheus_port: 7000\n","created":"2025-12-14T10:15:05.592153Z","updated":"2025-12-14T10:15:05.592164Z","path":"/home/zuul/src/opendev.org/openstack/ansible-role-zookeeper/defaults/main.yml"}