forked from stan-is-hate/cp-ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
/
hosts_example.yml
135 lines (127 loc) · 7.13 KB
/
hosts_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
all:
vars:
ansible_connection: ssh
ansible_user: ec2-user
ansible_become: true
#### SASL Authentication Configuration ####
## By default there will be no SASL Authentication
## For SASL/PLAIN uncomment this line:
# sasl_protocol: plain
## For SASL/GSSAPI uncomment this line and see Kerberos Configuration properties below
# sasl_protocol: kerberos
#### Kerberos Configuration ####
## Applicable when sasl_protocol is kerberos
# kerberos_kafka_broker_primary: <Name of the primary set on the kafka brokers' principal eg. kafka>
## REQUIRED: Under each host set keytab file path and principal name, see below
# kerberos_configure: <Boolean for ansible to install kerberos packages and configure this file: /etc/krb5.conf, defaults to true>
# kerberos:
# realm: <KDC server realm eg. confluent.example.com>
# kdc_hostname: <hostname of machine with KDC running eg. ip-172-31-45-82.us-east-2.compute.internal>
# admin_hostname: <hostname of machine with KDC running eg. ip-172-31-45-82.us-east-2.compute.internal>
#### TLS Configuration ####
## By default, data will NOT be encrypted. To turn on TLS encryption, uncomment this line
# ssl_enabled: true
## By default, the components will be configured with One-Way TLS, to turn on TLS mutual auth, uncomment this line:
# ssl_mutual_auth_enabled: true
## By default, the certs for this configuration will be self signed, to deploy custom certificates there are two options.
## Option 1: Custom Certs
## You will need to provide the path to the Certificate Authority Cert used to sign each hosts' certs
## As well as the signed certificate path and the key for that certificate for each host.
## These will need to be set for the correct host
# ssl_custom_certs: true
# ssl_ca_cert_filepath: "/tmp/certs/ca.crt"
# ssl_signed_cert_filepath: "/tmp/certs/{{inventory_hostname}}-signed.crt"
# ssl_key_filepath: "/tmp/certs/{{inventory_hostname}}-key.pem"
## Option 2: Custom Keystores and Truststores
## CP-Ansible can move keystores/truststores to their corresponding hosts and configure the components to use them. Set These vars
# provided_keystore_and_truststore: true
# ssl_keystore_filepath: "/tmp/certs/{{inventory_hostname}}-keystore.jks"
# ssl_keystore_key_password: mystorepassword
# ssl_keystore_store_password: mystorepassword
# ssl_truststore_filepath: "/tmp/certs/truststore.jks"
# ssl_truststore_password: truststorepass
#### Monitoring Configuration ####
## Jolokia is enabled by default. The Jolokia jar gets pulled from the internet and enabled on all the components
## To disable, uncomment this line:
# jolokia_enabled: false
## JMX Exporter is disabled by default. When enabled, JMX Exporter jar will be pulled from the Internet and enabled on the broker *only*.
## To enable, uncomment this line:
# jmxexporter_enabled: true
## To set custom properties for each service
## Find property options in the Confluent Documentation
# zookeeper:
# properties:
# initLimit: 6
# syncLimit: 3
# kafka_broker:
# properties:
# num.io.threads: 15
# schema_registry:
# properties:
# key: val
# control_center:
# properties:
# key: val
# kafka_connect:
# properties:
# key: val
# kafka_rest:
# properties:
# key: val
# ksql:
# properties:
# key: val
zookeeper:
hosts:
ip-172-31-34-246.us-east-2.compute.internal:
## By default the first host will get zookeeper id=1, second gets id=2. Set zookeeper_id to customize
# zookeeper_id: 2
## For kerberos sasl protocol, EACH host will need these two variables:
# zookeeper_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/zookeeper-ip-172-31-34-246.us-east-2.compute.internal.keytab>
# zookeeper_kerberos_principal: <The principal configured in kdc server, eg. zookeeper/ip-172-31-34-246.us-east-2.compute.internal@REALM.EXAMPLE.COM>
ip-172-31-37-15.us-east-2.compute.internal:
# zookeeper_id: 3
ip-172-31-34-231.us-east-2.compute.internal:
# zookeeper_id: 1
kafka_broker:
hosts:
ip-172-31-34-246.us-east-2.compute.internal:
## By default the first host will get broker id=1, second gets id=2. Set broker_id to customize
# broker_id: 3
## For kerberos sasl protocol, EACH host will need these two variables:
# kafka_broker_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/ip-172-31-34-246.us-east-2.compute.internal>
# kafka_broker_kerberos_principal: <The principal configured in kdc server, eg. kafka/ip-172-31-34-246.us-east-2.compute.internal@REALM.EXAMPLE.COM>
ip-172-31-37-15.us-east-2.compute.internal:
# broker_id: 2
ip-172-31-34-231.us-east-2.compute.internal:
# broker_id: 1
schema_registry:
hosts:
ip-172-31-34-246.us-east-2.compute.internal:
## For kerberos sasl protocol, EACH host will need these two variables:
# schema_registry_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/schemaregistry-ip-172-31-34-246.us-east-2.compute.internal
# schema_registry_kerberos_principal: The principal configured in kdc server ex: schemaregistry/ip-172-31-34-246.us-east-2.compute.internal@REALM.EXAMPLE.COM>
kafka_connect:
hosts:
ip-172-31-34-246.us-east-2.compute.internal:
## For kerberos sasl protocol, EACH host will need these two variables:
# kafka_connect_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/connect-ip-172-31-34-246.us-east-2.compute.internal
# kafka_connect_kerberos_principal: The principal configured in kdc server ex: connect/ip-172-31-34-246.us-east-2.compute.internal@REALM.EXAMPLE.COM>
kafka_rest:
hosts:
ip-172-31-34-246.us-east-2.compute.internal:
## For kerberos sasl protocol, EACH host will need these two variables:
# kafka_rest_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/restproxy-ip-172-31-34-246.us-east-2.compute.internal
# kafka_rest_kerberos_principal: The principal configured in kdc server ex: restproxy/ip-172-31-34-246.us-east-2.compute.internal@REALM.EXAMPLE.COM>
ksql:
hosts:
ip-172-31-37-15.us-east-2.compute.internal:
## For kerberos sasl protocol, EACH host will need these two variables:
# ksql_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/ksql-ip-172-31-37-15.us-east-2.compute.internal
# ksql_kerberos_principal: The principal configured in kdc server ex: ksql/ip-172-31-37-15.us-east-2.compute.internal@REALM.EXAMPLE.COM>
control_center:
hosts:
ip-172-31-37-15.us-east-2.compute.internal:
## For kerberos sasl protocol, EACH host will need these two variables:
# control_center_kerberos_keytab_path: <The path on ansible host to keytab file, eg. /tmp/keytabs/controlcenter-ip-172-31-37-15.us-east-2.compute.internal
# control_center_kerberos_principal: The principal configured in kdc server ex: controlcenter/ip-172-31-37-15.us-east-2.compute.internal@REALM.EXAMPLE.COM>