cp-ansible
cp-ansible copied to clipboard
confluentinc
Restart services "manually"
There is sadly no mechanism to restart services ad hoc. Our scenario was a regular and compulsory change of LDAP user passwords, namely the one for the kafka-connect user. We also changed all occurences of the password in connect-deployments, however we kept getting a lot of errors like:
[2021-07-16 08:00:19,666] INFO 1.2.3.4 - - [16/Jul/2021:06:00:19 +0000] "GET
/security/1.0/activenodes/https HTTP/1.1" 401 397 271 (io.confluent.rest-utils.requests)
Only a manual restart of all Kafka Connect Systemd Services could resolve that eventually. Automatically determining the need for a restart from a password change is imho not possible, since the idempotence is bound to file changes on the Kafka Connect Server. I am wondering however wether one could build in a flag to trigger an intentional restart of systemd services :thinking:
I think a dedicated playbook is your best option here. The task-files "dynamic_groups" were created with this in mind. We have written imperative playbooks for performing service restarts using those.
@erikgb yeah - good point. maybe that is really the best option - we already have a bunch of imperative playbooks ourselves as well
to give a followup to this: Turn out for us after changing a password for an ldap user - a "soft" restart of the services seems not sufficient. we actually needed to switch off and restart the connect-service in order to get it running properly again. Is that something anybody can confirm?
Similar to #806 This req has been taken up and will be available in the next patch
