windmill/windmill-config
Code Issues Proposed changes

Add nodepool SSL certs

Browse Source 
Depends-On: https://review.opendev.org/c/windmill/ansible-role-nodepool/+/777436/
Change-Id: I8750ed096a806dcb4697e177a9689860b3769e70
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2021-06-21 22:51:15 -04:00
parent 2e7094db84
commit a786681b50
2 changed files with 203 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

197
ansible/group_vars/nodepool.yaml
View File

@ -39,6 +39,203 @@ nodepool_service_nodepool_launcher_enabled: false
nodepool_service_nodepool_launcher_manage: false
nodepool_service_nodepool_launcher_state: stopped
nodepool_file_zookeeper_tls_cacert_content: |
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:bc:ea:bd:f2:11:1c:aa:d4:45:40:1c:c0:b5:46:f4:8b:78:ee:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
Validity
Not Before: Jun 22 02:38:55 2021 GMT
Not After : Mar 22 02:38:55 2031 GMT
Subject: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:9a:37:0c:81:2d:9a:df:50:95:16:d1:59:1f:
d3:2e:88:3d:00:c9:d4:41:46:e2:56:50:ff:ca:a8:
df:d8:78:4a:bb:19:db:cf:f5:59:ce:76:a2:e3:10:
58:45:7d:28:75:2a:57:8a:d0:52:a1:2d:c8:08:d5:
d0:03:4b:cd:74:49:e5:95:64:2d:05:30:6f:41:a7:
a9:31:5d:93:b0:9d:62:ed:7b:89:bd:7c:75:9d:47:
ca:89:3b:50:06:99:85:c0:f9:b3:1f:1f:d8:94:90:
10:75:e7:65:0d:18:34:4e:df:46:f3:88:32:a5:c8:
a0:67:d2:d3:9b:ed:13:1b:b9:02:74:0c:95:cf:93:
59:c8:a2:95:53:0f:3c:75:b2:39:b9:15:98:28:f8:
9b:24:72:02:f3:d9:33:28:bd:32:d9:f3:b0:f7:9c:
cb:bb:87:1b:86:57:c1:72:31:38:3c:4f:6f:8b:26:
e1:fc:73:4e:25:a7:29:d6:22:2c:2d:7b:c1:c0:58:
95:01:a9:23:e9:f4:30:d7:49:35:17:08:a2:89:dd:
b3:51:ad:50:67:9e:f7:f4:36:19:e8:97:d6:04:12:
d6:8c:15:bf:2f:9b:c4:33:c6:18:bd:28:91:78:85:
80:ff:97:88:8c:8a:58:06:17:ee:58:37:42:bb:d2:
b3:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
X509v3 Authority Key Identifier:
keyid:B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
99:5f:30:95:02:b1:f4:32:ef:09:8d:c1:30:68:6a:5c:16:2c:
15:cf:65:71:0c:42:a7:46:bc:57:12:6d:c7:43:30:7c:71:63:
c2:ba:87:9e:c3:59:68:ff:52:5f:80:71:41:d2:c9:53:eb:71:
62:09:c0:f4:28:93:89:a5:79:0d:de:44:59:da:62:46:d0:d3:
da:5d:f0:f4:b2:a6:38:43:f1:d6:81:e7:80:cd:83:e6:b2:4d:
04:54:9a:63:50:c5:4e:56:ae:44:76:d1:13:ef:79:a3:00:19:
d6:46:e6:90:ca:0a:de:2d:89:43:0b:73:11:82:94:35:ad:12:
bd:2c:f0:c4:0b:e5:27:25:c3:d8:c8:0d:1f:2e:7e:c7:4b:8b:
32:f7:13:da:04:fe:9d:1a:31:db:79:02:12:ca:cf:67:0c:d9:
85:59:da:7a:88:16:d1:ee:e8:f3:36:d6:30:50:09:98:74:d5:
97:92:06:15:3f:e7:bf:63:9d:fe:b3:50:ce:e4:80:6b:4f:49:
34:26:96:eb:13:47:69:9f:a1:45:35:93:38:9b:a2:09:e8:65:
e0:2b:c8:d9:a6:56:d7:ab:a2:f3:5b:fc:f5:aa:82:21:8c:0b:
43:67:1b:9c:fe:52:40:25:68:65:87:cc:cc:5c:a1:bc:60:a4:
dc:7c:1f:5d
-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIUKrzqvfIRHKrURUAcwLVG9It47mgwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoM
DENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMQ8wDQYDVQQDDAZjYXJvb3QwHhcN
MjEwNjIyMDIzODU1WhcNMzEwMzIyMDIzODU1WjBYMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMQ29tcGFueSBOYW1lMQwwCgYDVQQL
DANPcmcxDzANBgNVBAMMBmNhcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBANqaNwyBLZrfUJUW0Vkf0y6IPQDJ1EFG4lZQ/8qo39h4SrsZ28/1Wc52
ouMQWEV9KHUqV4rQUqEtyAjV0ANLzXRJ5ZVkLQUwb0GnqTFdk7CdYu17ib18dZ1H
yok7UAaZhcD5sx8f2JSQEHXnZQ0YNE7fRvOIMqXIoGfS05vtExu5AnQMlc+TWcii
lVMPPHWyObkVmCj4myRyAvPZMyi9MtnzsPecy7uHG4ZXwXIxODxPb4sm4fxzTiWn
KdYiLC17wcBYlQGpI+n0MNdJNRcIoonds1GtUGee9/Q2GeiX1gQS1owVvy+bxDPG
GL0okXiFgP+XiIyKWAYX7lg3QrvSsz0CAwEAAaNTMFEwHQYDVR0OBBYEFLPZmxLq
dLA3wxwoddQ+XeN/HssJMB8GA1UdIwQYMBaAFLPZmxLqdLA3wxwoddQ+XeN/HssJ
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJlfMJUCsfQy7wmN
wTBoalwWLBXPZXEMQqdGvFcSbcdDMHxxY8K6h57DWWj/Ul+AcUHSyVPrcWIJwPQo
k4mleQ3eRFnaYkbQ09pd8PSypjhD8daB54DNg+ayTQRUmmNQxU5WrkR20RPveaMA
GdZG5pDKCt4tiUMLcxGClDWtEr0s8MQL5Sclw9jIDR8ufsdLizL3E9oE/p0aMdt5
AhLKz2cM2YVZ2nqIFtHu6PM21jBQCZh01ZeSBhU/579jnf6zUM7kgGtPSTQmlusT
R2mfoUU1kzibognoZeAryNmmVterovNb/PWqgiGMC0NnG5z+UkAlaGWHzMxcobxg
pNx8H10=
-----END CERTIFICATE-----
nodepool_file_zookeeper_tls_cert_content: |
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:bc:ea:bd:f2:11:1c:aa:d4:45:40:1c:c0:b5:46:f4:8b:78:ee:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, O=Company Name, OU=Org, CN=caroot
Validity
Not Before: Jun 22 02:38:55 2021 GMT
Not After : Mar 22 02:38:55 2031 GMT
Subject: C=US, ST=California, L=Oakland, O=Company Name, OU=Org, CN=client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:09:00:63:6b:45:d2:85:2b:44:60:15:f5:7a:
45:9e:db:36:8b:8c:4f:49:56:1f:2b:81:2c:3a:76:
c9:20:3c:3d:66:8b:c4:dc:2a:73:a9:fc:a8:03:07:
a0:6d:85:b4:01:1e:1f:4b:73:91:0c:f0:75:8c:5e:
2d:28:e7:4f:d7:24:3f:78:69:b6:e3:94:a1:7f:87:
9f:d1:a4:e5:3f:f0:39:67:46:90:c8:ea:d4:cf:d8:
95:8e:60:46:05:77:4d:5c:36:32:0b:fd:72:4b:af:
15:dc:f8:d9:c8:4a:3e:48:3d:1f:bf:60:b9:c6:47:
18:55:f5:00:83:ee:ed:10:2b:0c:f9:07:0b:14:3b:
d8:a4:c8:95:28:52:24:79:cd:e9:db:23:24:2c:94:
2e:b8:28:ec:5d:0e:5e:ef:83:99:0a:3d:1a:b2:3a:
2d:6d:62:9d:64:3c:82:8c:8c:a2:23:c5:71:ad:59:
e2:a1:db:22:2a:b7:a3:eb:a1:39:01:ed:60:3a:ff:
8b:03:43:30:98:ef:6e:6f:d7:1b:1d:33:aa:a0:77:
53:38:bb:91:4a:8a:ce:3c:e9:e7:32:29:d7:bf:5a:
7b:4d:40:db:77:6e:84:b9:2e:e9:53:65:4d:36:d5:
dd:f5:69:27:a4:19:52:e0:d1:f4:21:81:a9:d1:bb:
ef:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
9A:31:97:A5:1F:07:BA:BE:75:C6:2D:14:FF:1C:13:03:2E:33:3C:3B
X509v3 Authority Key Identifier:
keyid:B3:D9:9B:12:EA:74:B0:37:C3:1C:28:75:D4:3E:5D:E3:7F:1E:CB:09
Signature Algorithm: sha256WithRSAEncryption
69:d7:75:e5:8b:07:96:9a:3c:97:10:61:49:6f:2a:03:63:d5:
d0:46:f3:47:2c:a6:08:90:a5:e2:8a:f1:75:c9:4c:56:ee:54:
0c:20:cf:60:93:c2:3d:23:c1:7d:97:50:61:5d:42:a0:c4:7d:
cb:d7:c4:5a:d7:47:eb:69:83:bf:36:20:26:20:fa:69:82:c3:
c2:f2:71:30:c5:42:28:d8:78:87:03:91:2a:b5:b2:32:5a:49:
61:be:4f:1a:b0:e8:cf:17:56:ee:86:54:bc:a5:10:a3:5e:45:
67:d4:28:ce:e7:b4:c1:64:46:47:bb:91:4c:56:d5:1f:ff:be:
21:f9:7f:9b:23:9d:74:93:ee:64:64:60:10:67:50:bf:ec:f2:
74:5d:0a:4b:19:60:b7:24:ad:29:4a:37:13:b9:17:20:b9:1e:
2c:f1:ab:dc:e9:6a:f6:5f:c2:32:5a:d4:54:88:b9:59:44:6f:
b1:52:da:af:96:96:a5:17:98:07:56:45:a2:7f:bd:44:a7:58:
d7:04:d0:e0:ab:2d:7f:83:2a:b9:8a:56:c4:c4:9e:1a:35:d5:
fc:e9:10:31:e7:1d:6f:aa:8a:6d:c0:b6:a4:de:77:11:6d:27:
ed:fe:7f:5d:43:ed:4b:68:1b:d1:51:33:cd:94:12:82:d3:0f:
5b:21:16:e8
-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIUKrzqvfIRHKrURUAcwLVG9It47mkwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoM
DENvbXBhbnkgTmFtZTEMMAoGA1UECwwDT3JnMQ8wDQYDVQQDDAZjYXJvb3QwHhcN
MjEwNjIyMDIzODU1WhcNMzEwMzIyMDIzODU1WjBqMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHT2FrbGFuZDEVMBMGA1UECgwMQ29t
cGFueSBOYW1lMQwwCgYDVQQLDANPcmcxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0JAGNrRdKFK0RgFfV6RZ7bNouMT0lW
HyuBLDp2ySA8PWaLxNwqc6n8qAMHoG2FtAEeH0tzkQzwdYxeLSjnT9ckP3hptuOU
oX+Hn9Gk5T/wOWdGkMjq1M/YlY5gRgV3TVw2Mgv9ckuvFdz42chKPkg9H79gucZH
GFX1AIPu7RArDPkHCxQ72KTIlShSJHnN6dsjJCyULrgo7F0OXu+DmQo9GrI6LW1i
nWQ8goyMoiPFca1Z4qHbIiq3o+uhOQHtYDr/iwNDMJjvbm/XGx0zqqB3Uzi7kUqK
zjzp5zIp179ae01A23duhLku6VNlTTbV3fVpJ6QZUuDR9CGBqdG77/ECAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJoxl6UfB7q+dcYtFP8cEwMuMzw7MB8GA1Ud
IwQYMBaAFLPZmxLqdLA3wxwoddQ+XeN/HssJMA0GCSqGSIb3DQEBCwUAA4IBAQBp
13XliweWmjyXEGFJbyoDY9XQRvNHLKYIkKXiivF1yUxW7lQMIM9gk8I9I8F9l1Bh
XUKgxH3L18Ra10fraYO/NiAmIPppgsPC8nEwxUIo2HiHA5EqtbIyWklhvk8asOjP
F1buhlS8pRCjXkVn1CjO57TBZEZHu5FMVtUf/74h+X+bI510k+5kZGAQZ1C/7PJ0
XQpLGWC3JK0pSjcTuRcguR4s8avc6Wr2X8IyWtRUiLlZRG+xUtqvlpalF5gHVkWi
f71Ep1jXBNDgqy1/gyq5ilbExJ4aNdX86RAx5x1vqoptwLak3ncRbSft/n9dQ+1L
aBvRUTPNlBKC0w9bIRbo
-----END CERTIFICATE-----
nodepool_file_zookeeper_tls_key_content: |
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNCQBja0XShStE
YBX1ekWe2zaLjE9JVh8rgSw6dskgPD1mi8TcKnOp/KgDB6BthbQBHh9Lc5EM8HWM
Xi0o50/XJD94abbjlKF/h5/RpOU/8DlnRpDI6tTP2JWOYEYFd01cNjIL/XJLrxXc
+NnISj5IPR+/YLnGRxhV9QCD7u0QKwz5BwsUO9ikyJUoUiR5zenbIyQslC64KOxd
Dl7vg5kKPRqyOi1tYp1kPIKMjKIjxXGtWeKh2yIqt6ProTkB7WA6/4sDQzCY725v
1xsdM6qgd1M4u5FKis486ecyKde/WntNQNt3boS5LulTZU021d31aSekGVLg0fQh
ganRu+/xAgMBAAECggEBALMhfyZc7UaMtA1rySOLbNHqAVCQCCExTdArbaGyb+tq
1dYGnLohmKXVqE/lVOL64hXr5Dl+QSbF2l0FVn0bAiUbdRxVd8SC8UnDCv0VDHj8
/pndC9eNWtowBhG6yNIztfGvI7BYAIhg8j/5ZgPX4WwpgtgnwIabTIako4ugrZrl
/2WhPpLr1rT2J6zS5//dnZCuP6+/DgC2Ccdeo3/2jUjePBGB5qzNNOX7o1xmgEtJ
tXs/YfTdhFCudQJB65yT9TJbDB/CUjd/QhQU9RxdCTS9uFoXKaWq24VCLxZsNGoa
sulpSMYRHwsBSwz6ur638uoEh+VZECBMo/a9ITmxP0ECgYEA/c4XQuvxk8zTVA8C
Rr7auJbAnxLqAmAQnbETLeLSZ91w3C/D6iHT6OzxB3xKX50ZNccwM9oXVJWryzvJ
gpqGKLTy+xWjpu6ePJIlFcfVC82r/z/KdQGJ1ywEyfLhOL5Reo64seLyFTHw4Fy0
B9VF18z7oyzfrpIBAYw7CVwm8UkCgYEAzs7v42T3E9CSiyz21aN/GEEwWTHCr0s4
+ag10kF5D6mWZ2Kh73ozPdtL/kxUCKK3Hz+oBnmKmEyyStSAUS5gatrFMDr2NaQt
H8UiugfBc2owf7tMAizFbEwCIB6QJmZpY+BWNffA0xt88VUz8ZddRSaldbh+d6Pp
HxmPnNj0MWkCgYEAlthxXNXsi6KWC4SsHq36QvFeZG0SZf0AgyimNIR190NWe5ds
AnC+iNaiXoeRkIhHXn4XeQnrCdu28iCDoLsEd5csPuzaijGSHH/jyLEvP0erLRaV
1rrmWNuRsRFIqLf8pzHCNf+jT9ORzVdrrKgmTZ9IA/B8tT2TmX7l66c4gfkCgYAN
TQPitSCq9pQmPVsWvHA1KCQq6GdkDMt6SxZDEpDtr/OLbK2LkGlxRgRqM5CICacL
bHWrDPAcAXrKE0a5cekjljRueKxTIN8CFxS3sD4B5Ud/P5WQ4j5ES9MrK6wLvDR1
Bv2kdO3C5hawEtHHbPvDscuceaQwn6sjo+o3pUB3WQKBgQDFsHdiHEJrUqu2Q3i8
+2o8YgPIneDUR6ba4laIyPmRH5It1NBweCCb6lquiIx1Kd7KQ78R/QSq4Q0+UEym
ACrb+j56IbOPn/YurnltHGo/TQjItj+MRjU7iEg3jTofCFXm1FkUmW3MADzqSoMm
MepbDLDFecFZBbTEVe5tF/JgZw==
-----END PRIVATE KEY-----
# windmill.openstacksdk
openstacksdk_user_name: nodepool
openstacksdk_user_group: nodepool

7
nodepool/secure.conf.j2
View File

@ -5,6 +5,11 @@ zookeeper-servers:
{% if 'zookeeper' in groups %}
{% for host in groups['zookeeper'] %}
- host: '{{ hostvars[host].ansible_host | ipwrap }}'
port: 2181
port: 2281
{% endfor %}
{% endif %}
zookeeper-tls:
ca: {{ nodepool_file_zookeeper_tls_cacert_dest }}
cert: {{ nodepool_file_zookeeper_tls_cert_dest }}
key: {{ nodepool_file_zookeeper_tls_key_dest }}