cp-ansible
cp-ansible copied to clipboard
Upgrade playbook for non ssl to ssl
Description
This PR aims to introduce a playbook to upgrade a cluster from non tls to tls. Steps being: Run CA if self signed certs are used. Generate key/truststore for broker, zookeeper before enabling anything. Upgrade to use ssl on zookeeper while having port 2181 open to enable communication by kafka broker (rolling upgrade) Upgrade to use ssl on broker (rolling upgrade) Disable non secure port 2181. Upgrade all components in rolling fashion.
Fixes # (ANSIENG-1525)
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] This change requires a documentation update
How Has This Been Tested?
Tested locally Documentation pending - will be done after this is merged in/
Test Configuration:
Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] Any dependent changes have been merged and published in downstream modules
- [ ] Any variable changes have been validated to be backwards compatible
Marking as draft. Going to add some property checks as tests
Closing this as we have another work in progress.