├── .github
    ├── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   └── feature_request.md
    └── workflows
    │   └── codeql-analysis.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── NewRelic-Infra.md
├── Notes.md
├── Splunk-Config.md
├── Vagrantfile
├── _config.yml
├── ansible.cfg
├── clusterAwsPreSetup.yml
├── clusterConfigsUpdate.yml
├── clusterCustomMetricExporterSetup.yml
├── clusterJava.yml
├── clusterMigrateToMtls.yml
├── clusterMigrateToSasLAuth.yml
├── clusterNewRelicSetup.yml
├── clusterOSUpgrade.yml
├── clusterRemoveNodes.yml
├── clusterRemoveOldVersions.yml
├── clusterRollingRestart.yml
├── clusterSetup.yml
├── clusterUpgrade.yml
├── collections.yml
├── docs
    ├── migrate-to-fqdn-based-configs.md
    ├── migrate-to-mtls.md
    ├── migrate-to-sasl.md
    └── vagrant-notes.md
├── files
    ├── newrelic-dashboard
    │   ├── Apache Zookeeper.pdf
    │   ├── readme.md
    │   └── zookeeper.json
    ├── splunk dashboards
    │   └── apache-zookeeper.xml
    └── vagrant-generate-tls-certs.sh
├── index.md
├── inventory
    └── development
    │   ├── cluster-aws.ini
    │   ├── cluster.ini
    │   └── group_vars
    │       └── all.yml
├── readme.md
├── requirements.txt
├── roles
    ├── cloudwatch
    │   └── tasks
    │   │   └── main.yml
    ├── common
    │   └── tasks
    │   │   ├── commonUtils.yml
    │   │   ├── createDirStructure.yml
    │   │   ├── createUser.yml
    │   │   ├── disableFirewall.yml
    │   │   ├── ebsDisk.yml
    │   │   ├── main.yml
    │   │   └── systemTuning.yml
    ├── configure
    │   ├── tasks
    │   │   ├── dynamicConfigs.yml
    │   │   └── main.yml
    │   └── templates
    │   │   ├── jaas.conf
    │   │   ├── java.env
    │   │   ├── logback.xml
    │   │   ├── myid
    │   │   └── zoo.cfg
    ├── copyFiles
    │   └── tasks
    │   │   └── main.yml
    ├── customMetricExporter
    │   ├── files
    │   │   ├── readme.md
    │   │   ├── requirements.txt
    │   │   └── zooki.py
    │   └── tasks
    │   │   └── main.yml
    ├── decomissionNodes
    │   └── tasks
    │   │   └── main.yml
    ├── install
    │   └── tasks
    │   │   ├── createSymlink.yml
    │   │   ├── download.yml
    │   │   ├── envSet.yml
    │   │   └── main.yml
    ├── java
    │   └── tasks
    │   │   ├── install.yml
    │   │   ├── javaHome.yml
    │   │   └── main.yml
    ├── nri-zookeeper
    │   ├── tasks
    │   │   └── main.yml
    │   └── templates
    │   │   └── zookeeper-config.yml
    ├── portCheck
    │   └── tasks
    │   │   └── main.yml
    ├── service
    │   ├── tasks
    │   │   └── main.yml
    │   └── templates
    │   │   └── service.j2
    ├── serviceState
    │   └── tasks
    │   │   └── main.yml
    └── systemUpgrade
    │   └── tasks
    │       └── main.yml
└── terraform
    ├── aws
        ├── cloudwatch-agent-policy.json
        ├── data.tf
        ├── ebs.tf
        ├── iam.tf
        ├── instance.tf
        ├── locals.tf
        ├── output.tf
        ├── provider.tf
        ├── readme.md
        ├── security-groups.tf
        └── var.tf
    ├── oci
        ├── block_storage.tf
        ├── provider.tf
        ├── var.tf
        └── zookeeper.tf
    └── readme.md


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 | 
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 | 
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 | 
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 | 
26 | **Desktop (please complete the following information):**
27 |  - OS: [e.g. iOS]
28 |  - Browser [e.g. chrome, safari]
29 |  - Version [e.g. 22]
30 | 
31 | **Smartphone (please complete the following information):**
32 |  - Device: [e.g. iPhone6]
33 |  - OS: [e.g. iOS8.1]
34 |  - Browser [e.g. stock browser, safari]
35 |  - Version [e.g. 22]
36 | 
37 | **Additional context**
38 | Add any other context about the problem here.
39 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Feature request
 3 | about: Suggest an idea for this project
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 | 
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 | 
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 | 
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 | 


--------------------------------------------------------------------------------
/.github/workflows/codeql-analysis.yml:
--------------------------------------------------------------------------------
 1 | name: "CodeQL"
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [master]
 6 |   pull_request:
 7 |     # The branches below must be a subset of the branches above
 8 |     branches: [master]
 9 | 
10 | jobs:
11 |   analyze:
12 |     name: Analyze
13 |     runs-on: ubuntu-latest
14 | 
15 |     strategy:
16 |       fail-fast: false
17 |       matrix:
18 |         # Override automatic language detection by changing the below list
19 |         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
20 |         language: ['python']
21 |         # Learn more...
22 |         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
23 | 
24 |     steps:
25 |     - name: Checkout repository
26 |       uses: actions/checkout@v2
27 |       with:
28 |         # We must fetch at least the immediate parents so that if this is
29 |         # a pull request then we can checkout the head.
30 |         fetch-depth: 2
31 | 
32 |     # If this run was triggered by a pull request event, then checkout
33 |     # the head of the pull request instead of the merge commit.
34 |     - run: git checkout HEAD^2
35 |       if: ${{ github.event_name == 'pull_request' }}
36 | 
37 |     # Initializes the CodeQL tools for scanning.
38 |     - name: Initialize CodeQL
39 |       uses: github/codeql-action/init@v1
40 |       with:
41 |         languages: ${{ matrix.language }}
42 |         # If you wish to specify custom queries, you can do so here or in a config file.
43 |         # By default, queries listed here will override any specified in a config file. 
44 |         # Prefix the list here with "+" to use these queries and those in the config file.
45 |         # queries: ./path/to/local/query, your-org/your-repo/queries@main
46 | 
47 |     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
48 |     # If this step fails, then you should remove it and run the build manually (see below)
49 |     - name: Autobuild
50 |       uses: github/codeql-action/autobuild@v1
51 | 
52 |     # ℹ️ Command-line programs to run using the OS shell.
53 |     # 📚 https://git.io/JvXDl
54 | 
55 |     # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
56 |     #    and modify them (or add more) to build your code if your project
57 |     #    uses a compiled language
58 | 
59 |     #- run: |
60 |     #   make bootstrap
61 |     #   make release
62 | 
63 |     - name: Perform CodeQL Analysis
64 |       uses: github/codeql-action/analyze@v1
65 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .vagrant*
 2 | *retry
 3 | .ansible*
 4 | *.vscode
 5 | .*
 6 | terraform/*/*tfstate*
 7 | terraform/*/.terraform
 8 | pulumi/*.pyc
 9 | pulumi/venv/
10 | pulumi/__pycache__
11 | pulumi/*/*.pyc
12 | pulumi/*/venv
13 | pulumi/*/__pycache__
14 | files/certs
15 | *.tar.gz


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Covenant Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as
 6 | contributors and maintainers pledge to making participation in our project and
 7 | our community a harassment-free experience for everyone, regardless of age, body
 8 | size, disability, ethnicity, sex characteristics, gender identity and expression,
 9 | level of experience, education, socio-economic status, nationality, personal
10 | appearance, race, religion, or sexual identity and orientation.
11 | 
12 | ## Our Standards
13 | 
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 | 
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 | 
23 | Examples of unacceptable behavior by participants include:
24 | 
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 |  advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 |  address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 |  professional setting
33 | 
34 | ## Our Responsibilities
35 | 
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 | 
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 | 
46 | ## Scope
47 | 
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 | 
55 | ## Enforcement
56 | 
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at dpsangwal@gmail.com. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 | 
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 | 
68 | ## Attribution
69 | 
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
72 | 
73 | [homepage]: https://www.contributor-covenant.org
74 | 
75 | For answers to common questions about this code of conduct, see
76 | https://www.contributor-covenant.org/faq
77 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <https://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <https://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <https://www.gnu.org/licenses/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/NewRelic-Infra.md:
--------------------------------------------------------------------------------
 1 | # NewRelic Infra Configuration
 2 | 
 3 | * **Agent Version:** 1.30.0 or higher
 4 | 
 5 | **Example**
 6 | ```
 7 | license_key: 1cfxxxxxxxxxxxxxxxxxxxxxxxxxxx72cd
 8 | collector_url: https://infra-api.newrelic.com
 9 | display_name: xxxxxxxxxxxxxxxxx
10 | 
11 | event_queue_depth: 5000
12 | 
13 | custom_attributes:
14 |   label.env: xxx-zookeeper
15 | ```
16 | 


--------------------------------------------------------------------------------
/Notes.md:
--------------------------------------------------------------------------------
1 | ### how to umount ebs volume from ec2 machines with ansible
2 | `ansible -m shell -a "umount -d /dev/xvdc" -i ../../inventory/development/cluster-aws.ini all`


--------------------------------------------------------------------------------
/Splunk-Config.md:
--------------------------------------------------------------------------------
 1 | # Splunk Logging Configuration
 2 | 
 3 | ## Example
 4 | 
 5 | ```conf
 6 | [default]
 7 | host = $HOSTNAME
 8 | 
 9 | [monitor:///zookeeper/zookeeper-logs/*]
10 | disabled = false
11 | index = kafka
12 | sourcetype = zookeeper
13 | crcSalt = <SOURCE>
14 | ```
15 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | Vagrant.configure("2") do |config|
 2 | 
 3 | # Cluster Nodes
 4 |   cluster_nodes=3
 5 | 
 6 |     (1..cluster_nodes).each do |i|
 7 |       config.vm.define "zookeeper-#{i}" do |node|
 8 |         node.vm.box = "ubuntu/bionic64"
 9 |         node.vm.hostname  = "zookeeper#{i}.localhost"
10 |         node.vm.network :private_network, ip: "192.168.56.11#{i}"
11 |         node.vm.provision :hosts, :add_localhost_hostnames => false, :sync_hosts => true   # required to autogenerate /etc/hosts on all nodes
12 |       end
13 |   end
14 |   # Setting CPU and Memory for All machines
15 |   config.vm.provider "virtualbox" do |vb|
16 |     vb.gui = false
17 |     vb.memory = "1024"
18 |     vb.cpus =  1
19 |     vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] # used for wsl2
20 |   end
21 | 
22 | # SSH config to use your local ssh key for auth instead of username/password
23 |   config.ssh.insert_key = false
24 |   config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/authorized_keys"
25 |   config.vm.synced_folder '.', '/vagrant', disabled: true
26 | end
27 | 


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-cayman


--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
 1 | [defaults]
 2 | host_key_checking = False
 3 | command_warnings = False
 4 | forks = 100
 5 | timeout = 30
 6 | retry_files_enabled = False
 7 | [ssh_connection]
 8 | ssh_args=-C -o ControlMaster=auto -o ControlPersist=1200s -o BatchMode=yes
 9 | pipelining=False
10 | control_path = /tmp/ansible-%%h-%%p-%%r


--------------------------------------------------------------------------------
/clusterAwsPreSetup.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   become: true
 6 |   tasks:
 7 |     - name: mount ebs volume
 8 |       ansible.builtin.include_role:
 9 |         name: common
10 |         tasks_from: ebsDisk.yml
11 | 
12 |     - name: install & configure cloudwatch logs agent
13 |       ansible.builtin.include_role:
14 |         name: cloudwatch
15 |     
16 |     - name: install python3* packages and other dependencies
17 |       ansible.builtin.package:
18 |         name: "{{ item }}"
19 |         state: latest
20 |       loop:
21 |         - python3
22 |         - python3-pip
23 |         - python3-devel
24 |         - gcc
25 |         - amazon-linux-extras
26 | 


--------------------------------------------------------------------------------
/clusterConfigsUpdate.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   tasks:
 6 |     - name: make sure gather facts is triggered on all nodes required for zoo.cfg
 7 |       ansible.builtin.debug:
 8 |         var: ansible_fqdn
 9 | 
10 | - hosts: clusterNodes
11 |   gather_facts: true
12 |   serial: 1
13 |   tasks:
14 |     - ansible.builtin.include_role:
15 |         name: configure
16 |         tasks_from: dynamicConfigs
17 | 
18 |     - name: Restarting all nodes
19 |       ansible.builtin.import_role:
20 |         name: serviceState
21 |       vars:
22 |         serviceName: zookeeper
23 |         serviceState: restarted
24 |       when: configStatus.changed
25 | 
26 |     - name: zookeeper port status
27 |       ansible.builtin.include_role:
28 |         name: portCheck
29 |       vars:
30 |         PortNumber: "{{ item }}"
31 |         PortStatus: started
32 |       loop:
33 |         - "{{ zookeeperClientPort }}"
34 |       when: configStatus.changed


--------------------------------------------------------------------------------
/clusterCustomMetricExporterSetup.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Command to check Cron: crontab -u zookeeper -l
 4 | # Ansible: zookeeper metric collector
 5 | # * * * * * python3 /zookeeper/zooki.py /zookeeper /zookeeper/zookeeper-logs/ false
 6 | 
 7 | - hosts: clusterNodes
 8 |   become: true
 9 |   gather_facts: true
10 |   pre_tasks:
11 |     - name: install common utils
12 |       ansible.builtin.include_role:
13 |         name: common
14 |         tasks_from: commonUtils.yml
15 | 
16 |     - name: copy python requirements.txt
17 |       ansible.builtin.copy:
18 |         src: "roles/customMetricExporter/files/requirements.txt"
19 |         dest: "/tmp/requirements.txt"
20 | 
21 |     - name: installing requirements.txt with pip3
22 |       ansible.builtin.pip:
23 |         requirements: "/tmp/requirements.txt"
24 |         executable: pip3
25 |   roles:
26 |     - customMetricExporter


--------------------------------------------------------------------------------
/clusterJava.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   become: true
 6 |   roles:
 7 |     - java
 8 | 
 9 | - name: "Rolling Restart Zookeeper"
10 |   ansible.builtin.import_playbook: "clusterRollingRestart.yml"
11 | 


--------------------------------------------------------------------------------
/clusterMigrateToMtls.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | 
  3 | # Note:
  4 | #   this is one-time playbook to migrate non-mtls cluster to tls cluster config
  5 | #   Ref: https://zookeeper.apache.org/doc/r3.8.0/zookeeperAdmin.html#Upgrading+existing+nonTLS+cluster
  6 | 
  7 | - hosts: clusterNodes
  8 |   gather_facts: true
  9 |   tasks:
 10 |     - name: MigrateToMtls | upload tls keystore and truststore to all nodes
 11 |       ansible.builtin.include_role:
 12 |         name: copyFiles
 13 | 
 14 | - hosts: clusterNodes
 15 |   gather_facts: true
 16 |   become: true
 17 |   serial: 1
 18 |   tasks:
 19 |     - name: MigrateToMtls | sslQuourm basic settings in zoo.cfg
 20 |       ansible.builtin.lineinfile:
 21 |         path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/zoo.cfg"
 22 |         regexp: "{{ item.regex }}"
 23 |         line: "{{ item.line }}"
 24 |       loop:
 25 |         - { regex: "^sslQuorum=", line: "sslQuorum=false" }
 26 |         - { regex: "^portUnification=", line: "portUnification=true" }
 27 |         - { regex: "^serverCnxnFactory=", line: "serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory" }
 28 |         - { regex: "^ssl.quorum.keyStore.password=", line: "ssl.quorum.keyStore.password={{ zookeeperSslQuorumKeystorePassword }}" }
 29 |         - { regex: "^ssl.quorum.keyStore.location=", line: "ssl.quorum.keyStore.location={{ zookeeperSslQuorumKeystoreLocation }}" }
 30 |         - { regex: "^ssl.quorum.trustStore.location=", line: "ssl.quorum.trustStore.location={{ zookeeperSslQuorumTruststoreLocation }}" }
 31 |         - { regex: "^ssl.quorum.trustStore.password=", line: "ssl.quorum.trustStore.password={{ zookeeperSslQuorumTruststorePassword }}" }
 32 | 
 33 |     - name: MigrateToMtls | restarting zookeeper
 34 |       ansible.builtin.import_role:
 35 |         name: serviceState
 36 |       vars:
 37 |         serviceName: zookeeper
 38 |         serviceState: restarted
 39 | 
 40 |     - name: MigrateToMtls | zookeeper Port Status
 41 |       ansible.builtin.include_role:
 42 |         name: portCheck
 43 |       vars:
 44 |         PortNumber: "{{ item }}"
 45 |         PortStatus: started
 46 |       loop:
 47 |         - "{{ zookeeperClientPort }}"
 48 | 
 49 | - hosts: localhost
 50 |   gather_facts: false
 51 |   tasks:
 52 |     - name: please check logs of all nodes that "Creating TLS-enabled quorum server socket" message appears in logs file
 53 |       ansible.builtin.pause:
 54 |         prompt: "Press enter to confirm or ctrl-c to cancel"
 55 | 
 56 | - hosts: clusterNodes
 57 |   gather_facts: true
 58 |   become: true
 59 |   serial: 1
 60 |   tasks:
 61 |     - name: MigrateToMtls | sslQuourm enabled in zoo.cfg
 62 |       ansible.builtin.include_role:
 63 |         name: configure
 64 |         tasks_from: dynamicConfigs
 65 |       vars:
 66 |         zookeeperConfigFile: zoo.cfg
 67 |         zookeeperSslQuorum: true
 68 |         zookeeperPortUnification: "true" # force true
 69 | 
 70 |     - name: MigrateToMtls | restarting zookeeper
 71 |       ansible.builtin.import_role:
 72 |         name: serviceState
 73 |       vars:
 74 |         serviceName: zookeeper
 75 |         serviceState: restarted
 76 | 
 77 |     - name: MigrateToMtls | zookeeper Port Status
 78 |       ansible.builtin.include_role:
 79 |         name: portCheck
 80 |       vars:
 81 |         PortNumber: "{{ item }}"
 82 |         PortStatus: started
 83 |       loop:
 84 |         - "{{ zookeeperClientPort }}"
 85 | 
 86 | - hosts: localhost
 87 |   gather_facts: false
 88 |   tasks:
 89 |     - name: please check logs of all nodes that cluster is working
 90 |       ansible.builtin.pause:
 91 |         prompt: "Press enter to confirm or ctrl-c to cancel"
 92 | 
 93 | - hosts: clusterNodes
 94 |   gather_facts: true
 95 |   become: true
 96 |   serial: 1
 97 |   tasks:
 98 |     - name: MigrateToMtls | regenerate zoo.cfg and portUnification disabled
 99 |       ansible.builtin.include_role:
100 |         name: configure
101 |         tasks_from: dynamicConfigs
102 |       vars:
103 |         zookeeperConfigFile: zoo.cfg
104 |         zookeeperSslQuorum: true
105 |         zookeeperPortUnification: "false" # force false
106 | 
107 |     - name: MigrateToMtls | restarting zookeeper
108 |       ansible.builtin.import_role:
109 |         name: serviceState
110 |       vars:
111 |         serviceName: zookeeper
112 |         serviceState: restarted
113 | 
114 |     - name: MigrateToMtls | zookeeper Port Status
115 |       ansible.builtin.include_role:
116 |         name: portCheck
117 |       vars:
118 |         PortNumber: "{{ item }}"
119 |         PortStatus: started
120 |       loop:
121 |         - "{{ zookeeperClientPort }}"
122 | 
123 | - hosts: localhost
124 |   gather_facts: false
125 |   tasks:
126 |     - name: please check logs of all nodes that cluster is working
127 |       ansible.builtin.debug:
128 |         msg: "please set zookeeperSslQuorum=true and zookeeperPortUnification=false in ansible variables for future updates"
129 | 


--------------------------------------------------------------------------------
/clusterMigrateToSasLAuth.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | 
  3 | # Note:
  4 | #   this is one-time playbook to migrate non-sasl cluster to sasl cluster config
  5 | #   Ref: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
  6 | 
  7 | - hosts: clusterNodes
  8 |   gather_facts: true
  9 |   become: true
 10 |   serial: 1
 11 |   tasks:
 12 |     - name: MigrateToSasL | regenerate jaas.conf
 13 |       ansible.builtin.include_role:
 14 |         name: configure
 15 |         tasks_from: dynamicConfigs
 16 |       vars:
 17 |         zookeeperConfigFile: jaas.conf
 18 | 
 19 |     - name: MigrateToSasL | regenerate java.env to enable jaas.conf
 20 |       ansible.builtin.include_role:
 21 |         name: configure
 22 |         tasks_from: dynamicConfigs
 23 |       vars:
 24 |         zookeeperConfigFile: java.env
 25 |         zookeeperQuorumAuthEnableSasl: true
 26 | 
 27 |     - name: MigrateToSasL | enableSasl in zoo.cfg
 28 |       ansible.builtin.lineinfile:
 29 |         path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/zoo.cfg"
 30 |         regexp: "^quorum.auth.enableSasl="
 31 |         line: "quorum.auth.enableSasl=true"
 32 | 
 33 |     - name: MigrateToSasL | restarting zookeeper
 34 |       ansible.builtin.import_role:
 35 |         name: serviceState
 36 |       vars:
 37 |         serviceName: zookeeper
 38 |         serviceState: restarted
 39 | 
 40 |     - name: MigrateToSasL | zookeeper Port Status
 41 |       ansible.builtin.include_role:
 42 |         name: portCheck
 43 |       vars:
 44 |         PortNumber: "{{ item }}"
 45 |         PortStatus: started
 46 |       loop:
 47 |         - "{{ zookeeperClientPort }}"
 48 | 
 49 | - hosts: clusterNodes
 50 |   gather_facts: true
 51 |   become: true
 52 |   serial: 1
 53 |   tasks:
 54 |     - name: MigrateToSasL | learnerRequireSasl in zoo.cfg
 55 |       ansible.builtin.lineinfile:
 56 |         path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/zoo.cfg"
 57 |         regexp: "^quorum.auth.learnerRequireSasl="
 58 |         line: "quorum.auth.learnerRequireSasl=true"
 59 | 
 60 |     - name: MigrateToSasL | restarting zookeeper
 61 |       ansible.builtin.import_role:
 62 |         name: serviceState
 63 |       vars:
 64 |         serviceName: zookeeper
 65 |         serviceState: restarted
 66 | 
 67 |     - name: MigrateToSasL | zookeeper Port Status
 68 |       ansible.builtin.include_role:
 69 |         name: portCheck
 70 |       vars:
 71 |         PortNumber: "{{ item }}"
 72 |         PortStatus: started
 73 |       loop:
 74 |         - "{{ zookeeperClientPort }}"
 75 | 
 76 | - hosts: clusterNodes
 77 |   gather_facts: true
 78 |   become: true
 79 |   serial: 1
 80 |   tasks:
 81 |     - name: MigrateToSasL | regenerate zoo.cfg with all parameters
 82 |       ansible.builtin.include_role:
 83 |         name: configure
 84 |         tasks_from: dynamicConfigs
 85 |       vars:
 86 |         zookeeperConfigFile: zoo.cfg
 87 |         zookeeperQuorumAuthEnableSasl: true
 88 | 
 89 |     - name: MigrateToSasL | restarting zookeeper
 90 |       ansible.builtin.import_role:
 91 |         name: serviceState
 92 |       vars:
 93 |         serviceName: zookeeper
 94 |         serviceState: restarted
 95 | 
 96 |     - name: MigrateToSasL | zookeeper Port Status
 97 |       ansible.builtin.include_role:
 98 |         name: portCheck
 99 |       vars:
100 |         PortNumber: "{{ item }}"
101 |         PortStatus: started
102 |       loop:
103 |         - "{{ zookeeperClientPort }}"
104 | 


--------------------------------------------------------------------------------
/clusterNewRelicSetup.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Ref: https://github.com/newrelic/nri-zookeeper
 4 | 
 5 | # NewRelic Infra Agent should be installed on all zookeeper nodes
 6 | - hosts: clusterNodes
 7 |   become: true
 8 |   gather_facts: true
 9 |   vars:
10 |     zookeeper_nri_pulgin_version: 1.1
11 |   pre_tasks:
12 |     - name: checking newrelic infra agent status ( Redhat / CentOS )
13 |       ansible.builtin.shell: "set -o pipefail && rpm -qa | grep newrelic-infra"
14 |       when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
15 |       register: isNewRelicInfraInstalledYum
16 | 
17 |     - name: checking newrelic infra agent status ( Ubuntu / Debain )
18 |       ansible.builtin.shell: "set -o pipefail && apt search newrelic-infra | grep newrelic-infra"
19 |       when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
20 |       register: isNewRelicInfraInstalledApt
21 | 
22 |   roles:
23 |     - role: nri-zookeeper
24 |       when:
25 |         - isNewRelicInfraInstalledYum != '' or isNewRelicInfraInstalledApt != ''
26 |         - isNewRelicInfraInstalledYum is not skipped or isNewRelicInfraInstalledApt is not skipped
27 | 


--------------------------------------------------------------------------------
/clusterOSUpgrade.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - hosts: clusterNodes
4 |   gather_facts: true
5 |   become: true
6 |   roles:
7 |     - systemUpgrade


--------------------------------------------------------------------------------
/clusterRemoveNodes.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - hosts: clusterRemoveNodes
4 |   gather_facts: true
5 |   ignore_errors: true
6 |   serial: 1
7 |   roles:
8 |     - decomissionNodes


--------------------------------------------------------------------------------
/clusterRemoveOldVersions.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: false
 5 |   tasks:
 6 |     - name: Removing Old zookeeper files | {{ zookeeperInstallDir }}/zookeeper-{{ zookeeperOldVersion }}
 7 |       ansible.builtin.file:
 8 |         path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperOldVersion }}"
 9 |         state: absent
10 |       when:
11 |         - zookeeperOldVersion is defined
12 |         - zookeeperOldVersion is version(zookeeperVersion, '!=')


--------------------------------------------------------------------------------
/clusterRollingRestart.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   serial: 1
 6 |   tasks:
 7 |     - name: including restart tasks
 8 |       ansible.builtin.import_role:
 9 |         name: serviceState
10 |       vars:
11 |         serviceName: zookeeper
12 |         serviceState: restarted
13 | 
14 |     - name: zookeeper port status
15 |       ansible.builtin.include_role:
16 |         name: portCheck
17 |       vars:
18 |         PortNumber: "{{ item }}"
19 |         PortStatus: started
20 |       loop:
21 |         - "{{ zookeeperClientPort }}"
22 | 


--------------------------------------------------------------------------------
/clusterSetup.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   become: true
 6 |   pre_tasks:
 7 |     - name: Including system upgrade role
 8 |       ansible.builtin.import_role:
 9 |         name: systemUpgrade
10 |       when: systemUpgradeRequired
11 | 
12 |     - name: Including java role
13 |       ansible.builtin.import_role:
14 |         name: java
15 | 
16 |   roles:
17 |     - common
18 |     - install
19 |     - copyFiles
20 |     - configure
21 |     - service
22 | 
23 | - hosts: clusterNodes
24 |   gather_facts: false
25 |   become: true
26 |   serial: 1
27 |   tasks:
28 |     - name: Starting all nodes
29 |       ansible.builtin.import_role:
30 |         name: serviceState
31 |       vars:
32 |         serviceName: zookeeper
33 |         serviceState: started
34 | 
35 |     - name: zookeeper Port Status
36 |       ansible.builtin.include_role:
37 |         name: portCheck
38 |       vars:
39 |         PortNumber: "{{ item }}"
40 |         PortStatus: started
41 |       loop:
42 |         - "{{ zookeeperClientPort }}"
43 | 
44 |     - name: zookeeper Secure Port Status
45 |       ansible.builtin.include_role:
46 |         name: portCheck
47 |       vars:
48 |         PortNumber: "{{ item }}"
49 |         PortStatus: started
50 |       loop:
51 |         - "{{ zookeeperSecureClientPort }}"
52 |       when:
53 |         - zookeeperSslQuorum is defined
54 |         - zookeeperSslQuorum
55 | 


--------------------------------------------------------------------------------
/clusterUpgrade.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: clusterNodes
 4 |   gather_facts: true
 5 |   become: true
 6 |   roles:
 7 |     - java
 8 |     - common
 9 | 
10 | - hosts: clusterNodes
11 |   gather_facts: true
12 |   become: true
13 |   tasks:
14 |     - name: installing latest version of Zookeeper
15 |       ansible.builtin.import_role:
16 |         name: install
17 |         tasks_from: download
18 | 
19 |     - name: copy mtls/sasl files
20 |       ansible.builtin.import_role:
21 |         name: copyFiles
22 | 
23 |     - name: configuring latest Zookeeper version
24 |       ansible.builtin.import_role:
25 |         name: configure
26 | 
27 | - hosts: localhost
28 |   become: false
29 |   gather_facts: false
30 |   tasks:
31 |     - name: Switching zookeeper Version to {{ zookeeperVersion }} on all nodes (Rolling fashion)
32 |       ansible.builtin.pause:
33 |         prompt: "Press enter to confirm or ctrl-c to cancel"
34 | 
35 | - hosts: clusterNodes
36 |   gather_facts: false
37 |   become: true
38 |   serial: 1
39 |   tasks:
40 |     - name: switching Zookeeper version to {{ zookeeperVersion }}
41 |       ansible.builtin.import_role:
42 |         name: install
43 |         tasks_from: createSymlink
44 | 
45 |     - name: restarting all nodes
46 |       ansible.builtin.import_role:
47 |         name: serviceState
48 |       vars:
49 |         serviceName: zookeeper
50 |         serviceState: restarted
51 | 
52 |     - name: zookeeper Port Status
53 |       ansible.builtin.include_role:
54 |         name: portCheck
55 |       vars:
56 |         PortNumber: "{{ item }}"
57 |         PortStatus: started
58 |       loop:
59 |         - "{{ zookeeperClientPort }}"
60 | 


--------------------------------------------------------------------------------
/collections.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | collections:
 4 |   - name: 'community.general'
 5 |     version: '5.0.0'
 6 |   - name: 'amazon.aws'
 7 |     version: '3.2.0'
 8 |   - name: 'community.aws'
 9 |     version: '3.2.0'
10 |   - name: 'ansible.posix'
11 |     version: '1.3.0'
12 | 


--------------------------------------------------------------------------------
/docs/migrate-to-fqdn-based-configs.md:
--------------------------------------------------------------------------------
 1 | ## Steps to Migrate to FQDN Based Configurations
 2 | 
 3 | ### Before Changes `zoo.cfg` file
 4 | ```conf
 5 | # ansible autogenerated server list with IP Addresses
 6 | server.111=192.168.56.111:2888:3888
 7 | server.112=192.168.56.112:2888:3888
 8 | server.113=192.168.56.113:2888:3888
 9 | ```
10 | 
11 | ### After Changes `zoo.cfg` file
12 | ```conf
13 | # ansible autogenerated server list with FQDN and User Defined MyID
14 | server.111=zookeeper1.localhost:2888:3888
15 | server.112=zookeeper2.localhost:2888:3888
16 | server.113=zookeeper3.localhost:2888:3888
17 | ```
18 | ### Step 1
19 | Update Following vars in ```inventory/<environment>/group_vars/all.yml```
20 | ```yaml
21 | # zookeeper user generated MyID + FQDN for zoo.cfg are useful incase of MTLS
22 | zookeeperUserGeneratedMyId: true
23 | ```
24 | 
25 | Update inventory vars in ```inventory/<environment>/cluster.ini```
26 | ```ini
27 | [clusterNodes]
28 | zookeeper1.localhost ansible_host=192.168.56.111 zookeeperMyId=111
29 | zookeeper2.localhost ansible_host=192.168.56.112 zookeeperMyId=112
30 | zookeeper3.localhost ansible_host=192.168.56.113 zookeeperMyId=113
31 | ```
32 | 
33 | ### Step 2
34 | Run update playbook for `zoo.cfg`
35 | 
36 | ```bash
37 | ansible-playbook -i inventory/<environment>/cluster.ini clusterConfigsUpdate.yml -e zookeeperConfigFile=zoo.cfg
38 | ```
39 | 


--------------------------------------------------------------------------------
/docs/migrate-to-mtls.md:
--------------------------------------------------------------------------------
 1 | ## Steps to Migrate to MTLS Based Configurations
 2 | 
 3 | Read documentation here: https://zookeeper.apache.org/doc/r3.8.0/zookeeperAdmin.html#Upgrading+existing+nonTLS+cluster
 4 | 
 5 | ### Step 0
 6 | Generate MTLS Certs, if you are testing with vagrant then you can use below-mentioned script else read above-mentioned documenations.
 7 | The following script generates certs in the directory from where you are running the script.
 8 | 
 9 | [vagrant-generate-tls-certs.sh](../files/vagrant-generate-tls-certs.sh)
10 | 
11 | ### Step 1
12 | Update Following vars in ```inventory/<environment>/group_vars/all.yml```
13 | ```yaml
14 | zookeeperSslQuorum: false
15 | zookeeperPortUnification: "false"
16 | zookeeperSslQuorumReloadCertFiles: "false"
17 | zookeeperSslQuorumProtocol: "TLSv1.2"
18 | zookeeperSslQuorumKeystorePassword: "IdontKnow"
19 | zookeeperSslQuorumTruststorePassword: "IdontKnow"
20 | zookeeperSslQuorumHostnameVerification: "true"
21 | zookeeperSslHostnameVerification: "true"
22 | zookeeperSslQuorumKeystoreLocation: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/keystore.jks"
23 | zookeeperSslQuorumTruststoreLocation: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/truststore.jks"
24 | zookeeperCopyFiles:
25 |   - { src: "files/certs/keystore-{{ ansible_fqdn }}.jks", dest: "{{ zookeeperSslQuorumKeystoreLocation }}" }
26 |   - { src: "files/certs/truststore.jks", dest: "{{ zookeeperSslQuorumTruststoreLocation }}" }
27 | 
28 | # zookeeper uncategorized settings
29 | zookeeperAdminPortUnification: "false"
30 | 
31 | zookeeperSecureClientPort: 2182 # only defined in zoo.cfg but not used/tested
32 | ```
33 | 
34 | ### Step 2
35 | Run Ansible Migration Playbook and carefully watch Ansible logs + zookeeper logs
36 | 
37 | ```bash
38 | ansible-playbook -i inventory/<environment>/cluster.ini clusterMigrateToMtls.yml
39 | ```
40 | 
41 | ### Step 3
42 | Update Following vars in ```inventory/<environment>/group_vars/all.yml```
43 | ```yaml
44 | zookeeperSslQuorum: true
45 | zookeeperPortUnification: "false"
46 | ```
47 | 
48 | ### Step 4
49 | Make sure all changes are commited to your version control system.
50 | 
51 | 
52 | ## Knowns Issues
53 | * Missing SAN when using IP Addresses in `zoo.cfg` instead of `fqdn`
54 | 
55 | ```
56 | javax.net.ssl.SSLPeerUnverifiedException: Certificate for <192.168.56.112> 
57 | doesn't match any of the subject alternative names: [192.168.56.111, zookeeper1.localhost, localhost]
58 |         at org.apache.zookeeper.common.ZKHostnameVerifier.matchIPAddress(ZKHostnameVerifier.java:197)
59 | ```
60 | It can be fixed either by switching to FQDN settings [migrate-to-fqdn-based-configs.md](./migrate-to-fqdn-based-configs.md)
61 | or your keystore cert must include node IP Address as SAN.


--------------------------------------------------------------------------------
/docs/migrate-to-sasl.md:
--------------------------------------------------------------------------------
 1 | ## Steps to Migrate to SASL Based Configurations
 2 | As of 15-09-2022, MD5 based Authentication is supported via this automation code.
 3 | 
 4 | ### Step 0
 5 | Read documentation here: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
 6 | 
 7 | ### Step 1
 8 | Update Following vars in ```inventory/<environment>/group_vars/all.yml```
 9 | ```yaml
10 | zookeeperQuorumAuthEnableSasl: false
11 | zookeeperQuorumCnxnThreadsSize: 20
12 | zookeeperQuorumUsername: "quorum"
13 | zookeeperQuorumPassword: "IdontKnow"
14 | ```
15 | 
16 | ### Step 2
17 | Run Ansible Migration Playbook
18 | 
19 | ```bash
20 | ansible-playbook -i inventory/<environment>/cluster.ini clusterMigrateToSasLAuth.yml
21 | ```
22 | 
23 | ### Step 3
24 | Update Following vars in ```inventory/<environment>/group_vars/all.yml```
25 | ```yaml
26 | zookeeperQuorumAuthEnableSasl: true
27 | ```
28 | 
29 | ### Step 4
30 | Make sure all changes are commited to your version control system.
31 | 
32 | ## Knowns Issues
33 | * `zkCli.sh` warns about SASL Auth Error but stil manages to connect with `zookeeper`
34 | 
35 | ```
36 | 2022-09-12 21:43:50,254 [myid:localhost:2181] - WARN  [main-SendThread(localhost:2181):o.a.z.ClientCnxn$SendThread@1157] - SASL configuration failed. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
37 | javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/zookeeper/zookeeper/conf/jaas.conf'.
38 |         at org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:189)
39 |         at org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1151)
40 |         at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1200)
41 | ```


--------------------------------------------------------------------------------
/docs/vagrant-notes.md:
--------------------------------------------------------------------------------
1 | ## Running on Windows
2 | 
3 | ### Requires following plugins
4 | ```bash
5 | vagrant plugin install vagrant-hosts
6 | vagrant plugin install virtualbox_WSL2
7 | vagrant plugin install vagrant-vbguest # optional
8 | ```


--------------------------------------------------------------------------------
/files/newrelic-dashboard/Apache Zookeeper.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/116davinder/zookeeper-cluster-ansible/9de30a71ba9e9437790115e3a5abcc9d209bd76f/files/newrelic-dashboard/Apache Zookeeper.pdf


--------------------------------------------------------------------------------
/files/newrelic-dashboard/readme.md:
--------------------------------------------------------------------------------
1 | ### Update zookeeper.json
2 | Replace `XXXXXXX` with your NewRelic Account ID
3 | 
4 | Replace `YYYYYYY` with your NewRelic Dashboard ID
5 | 


--------------------------------------------------------------------------------
/files/newrelic-dashboard/zookeeper.json:
--------------------------------------------------------------------------------
  1 | {
  2 | 	"dashboard": {
  3 | 		"id": YYYYYYY,
  4 | 		"title": "Apache Zookeeper",
  5 | 		"description": "",
  6 | 		"icon": "bar-chart",
  7 | 		"created_at": "2019-08-16T08:29:31Z",
  8 | 		"updated_at": "2019-09-10T11:06:46Z",
  9 | 		"visibility": "all",
 10 | 		"editable": "editable_by_owner",
 11 | 		"ui_url": "https://insights.newrelic.com/accounts/XXXXXXX/dashboards/YYYYYYY",
 12 | 		"api_url": "https://api.newrelic.com/v2/dashboards/YYYYYYY",
 13 | 		"owner_email": "dpsangwal@gmail.com",
 14 | 		"metadata": {
 15 | 			"version": 1
 16 | 		},
 17 | 		"widgets": [{
 18 | 			"visualization": "faceted_line_chart",
 19 | 			"layout": {
 20 | 				"width": 4,
 21 | 				"height": 3,
 22 | 				"row": 1,
 23 | 				"column": 1
 24 | 			},
 25 | 			"widget_id": 11696005,
 26 | 			"account_id": XXXXXXX,
 27 | 			"data": [{
 28 | 				"nrql": "SELECT latest(cpuPercent) FROM SystemSample TIMESERIES FACET `fullHostname` WHERE `fullHostname` LIKE  '%zoo%' LIMIT 100"
 29 | 			}],
 30 | 			"presentation": {
 31 | 				"title": "System CPU Percentage",
 32 | 				"notes": null
 33 | 			}
 34 | 		}, {
 35 | 			"visualization": "faceted_line_chart",
 36 | 			"layout": {
 37 | 				"width": 4,
 38 | 				"height": 3,
 39 | 				"row": 1,
 40 | 				"column": 5
 41 | 			},
 42 | 			"widget_id": 11696006,
 43 | 			"account_id": XXXXXXX,
 44 | 			"data": [{
 45 | 				"nrql": "SELECT latest(memoryUsedBytes/memoryTotalBytes*100) FROM SystemSample TIMESERIES FACET `fullHostname` WHERE `fullHostname` LIKE '%zoo%' limit 100"
 46 | 			}],
 47 | 			"presentation": {
 48 | 				"title": "System Memory Percentage",
 49 | 				"notes": null
 50 | 			}
 51 | 		}, {
 52 | 			"visualization": "faceted_line_chart",
 53 | 			"layout": {
 54 | 				"width": 4,
 55 | 				"height": 3,
 56 | 				"row": 1,
 57 | 				"column": 9
 58 | 			},
 59 | 			"widget_id": 11696007,
 60 | 			"account_id": XXXXXXX,
 61 | 			"data": [{
 62 | 				"nrql": "SELECT latest(diskUsedPercent) FROM StorageSample TIMESERIES FACET `fullHostname`, `mountPoint` WHERE `fullHostname` LIKE '%zoo%' AND `mountPoint` = '/zookeeper' LIMIT 100 SINCE 60 minutes ago"
 63 | 			}],
 64 | 			"presentation": {
 65 | 				"title": "System Disk Used Percentage",
 66 | 				"notes": null
 67 | 			}
 68 | 		}, {
 69 | 			"visualization": "faceted_line_chart",
 70 | 			"layout": {
 71 | 				"width": 12,
 72 | 				"height": 4,
 73 | 				"row": 4,
 74 | 				"column": 1
 75 | 			},
 76 | 			"widget_id": 11696008,
 77 | 			"account_id": XXXXXXX,
 78 | 			"data": [{
 79 | 				"nrql": "SELECT latest(receiveBytesPerSecond/1000) as `receiveKiloBytesPerSecond`,latest(transmitBytesPerSecond/1000) as `transmitKiloBytesPerSecond` FROM NetworkSample TIMESERIES FACET `fullHostname` WHERE `fullHostname` LIKE '%zoo%' LIMIT 100"
 80 | 			}],
 81 | 			"presentation": {
 82 | 				"title": "System Network Kilo Bytes/Sec",
 83 | 				"notes": null
 84 | 			}
 85 | 		}, {
 86 | 			"visualization": "event_table",
 87 | 			"layout": {
 88 | 				"width": 4,
 89 | 				"height": 4,
 90 | 				"row": 8,
 91 | 				"column": 1
 92 | 			},
 93 | 			"widget_id": 11696009,
 94 | 			"account_id": XXXXXXX,
 95 | 			"data": [{
 96 | 				"nrql": "SELECT server_state,hostname from ZookeeperSample WHERE server_state = 'leader' LIMIT 10"
 97 | 			}],
 98 | 			"presentation": {
 99 | 				"title": "Zookeeper Current Leader ( Leader Only )",
100 | 				"notes": null
101 | 			}
102 | 		}, {
103 | 			"visualization": "faceted_line_chart",
104 | 			"layout": {
105 | 				"width": 4,
106 | 				"height": 4,
107 | 				"row": 8,
108 | 				"column": 5
109 | 			},
110 | 			"widget_id": 11696010,
111 | 			"account_id": XXXXXXX,
112 | 			"data": [{
113 | 				"nrql": "SELECT latest(followers) FROM ZookeeperSample FACET fullHostname TIMESERIES 1 minute  SINCE 1 hours ago"
114 | 			}],
115 | 			"presentation": {
116 | 				"title": "Number of Zookeeper Followers ( Leader only )",
117 | 				"notes": null
118 | 			}
119 | 		}, {
120 | 			"visualization": "faceted_line_chart",
121 | 			"layout": {
122 | 				"width": 4,
123 | 				"height": 4,
124 | 				"row": 8,
125 | 				"column": 9
126 | 			},
127 | 			"widget_id": 11696011,
128 | 			"account_id": XXXXXXX,
129 | 			"data": [{
130 | 				"nrql": "SELECT latest(pending_syncs) FROM ZookeeperSample FACET fullHostname TIMESERIES 1 minute  SINCE 1 hours ago"
131 | 			}],
132 | 			"presentation": {
133 | 				"title": "Number of Pendings Syncs ( Leader Only )",
134 | 				"notes": null
135 | 			}
136 | 		}, {
137 | 			"visualization": "faceted_line_chart",
138 | 			"layout": {
139 | 				"width": 4,
140 | 				"height": 4,
141 | 				"row": 12,
142 | 				"column": 1
143 | 			},
144 | 			"widget_id": 11696012,
145 | 			"account_id": XXXXXXX,
146 | 			"data": [{
147 | 				"nrql": "SELECT latest(max_latency) FROM ZookeeperSample FACET fullHostname TIMESERIES "
148 | 			}],
149 | 			"presentation": {
150 | 				"title": "Max Latency",
151 | 				"notes": null
152 | 			}
153 | 		}, {
154 | 			"visualization": "faceted_line_chart",
155 | 			"layout": {
156 | 				"width": 4,
157 | 				"height": 4,
158 | 				"row": 12,
159 | 				"column": 5
160 | 			},
161 | 			"widget_id": 11696013,
162 | 			"account_id": XXXXXXX,
163 | 			"data": [{
164 | 				"nrql": "SELECT latest(avg_latency) FROM ZookeeperSample FACET fullHostname TIMESERIES 1 minute  SINCE 1 hours ago"
165 | 			}],
166 | 			"presentation": {
167 | 				"title": "Average latency",
168 | 				"notes": null
169 | 			}
170 | 		}, {
171 | 			"visualization": "faceted_line_chart",
172 | 			"layout": {
173 | 				"width": 4,
174 | 				"height": 4,
175 | 				"row": 12,
176 | 				"column": 9
177 | 			},
178 | 			"widget_id": 11696014,
179 | 			"account_id": XXXXXXX,
180 | 			"data": [{
181 | 				"nrql": "SELECT latest(swapUsedBytes/1000000) FROM SystemSample TIMESERIES FACET `fullHostname` WHERE `fullHostname` LIKE  '%zookeeper%'"
182 | 			}],
183 | 			"presentation": {
184 | 				"title": "System Swap Used ( MB )",
185 | 				"notes": null
186 | 			}
187 | 		}, {
188 | 			"visualization": "faceted_line_chart",
189 | 			"layout": {
190 | 				"width": 12,
191 | 				"height": 5,
192 | 				"row": 16,
193 | 				"column": 1
194 | 			},
195 | 			"widget_id": 11696015,
196 | 			"account_id": XXXXXXX,
197 | 			"data": [{
198 | 				"nrql": "SELECT latest(watch_count),latest(outstanding_requests),latest(open_file_descriptor_count),latest(ephemerals_count),latest(znode_count) FROM ZookeeperSample FACET fullHostname TIMESERIES"
199 | 			}],
200 | 			"presentation": {
201 | 				"title": "Zookeeper Counts",
202 | 				"notes": null
203 | 			}
204 | 		}],
205 | 		"filter": {
206 | 			"event_types": ["ZookeeperSample", "SystemSample", "StorageSample"],
207 | 			"attributes": []
208 | 		}
209 | 	}
210 | }
211 | 


--------------------------------------------------------------------------------
/files/splunk dashboards/apache-zookeeper.xml:
--------------------------------------------------------------------------------
  1 | <form>
  2 |   <label>Apache Zookeeper</label>
  3 |   <description>It will be used to monitor apache zookeeper.</description>
  4 |   <fieldset submitButton="false" autoRun="true">
  5 |     <input type="dropdown" token="env">
  6 |       <label>Environment</label>
  7 |       <fieldForLabel>environment</fieldForLabel>
  8 |       <fieldForValue>environment</fieldForValue>
  9 |       <search>
 10 |         <query>index=kafka sourcetype=zookeeper | stats count by environment</query>
 11 |         <earliest>-60m@m</earliest>
 12 |         <latest>now</latest>
 13 |       </search>
 14 |       <default>*</default>
 15 |       <initialValue>*</initialValue>
 16 |       <choice value="*">All</choice>
 17 |     </input>
 18 |     <input type="time" token="zookeeper_time_token">
 19 |       <label>Time Range</label>
 20 |       <default>
 21 |         <earliest>-60m@m</earliest>
 22 |         <latest>now</latest>
 23 |       </default>
 24 |     </input>
 25 |   </fieldset>
 26 |   <row>
 27 |     <panel>
 28 |       <title>Disk Usage</title>
 29 |       <chart>
 30 |         <search>
 31 |           <query>index=kafka sourcetype=zookeeper command=disk environment=$env$ 
 32 | | timechart latest(usedInGB) as usedInGB, latest(totalInGB) as totalInGB by host useother=false</query>
 33 |           <earliest>$zookeeper_time_token.earliest$</earliest>
 34 |           <latest>$zookeeper_time_token.latest$</latest>
 35 |           <sampleRatio>1</sampleRatio>
 36 |           <refresh>1m</refresh>
 37 |           <refreshType>delay</refreshType>
 38 |         </search>
 39 |         <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
 40 |         <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
 41 |         <option name="charting.axisTitleX.visibility">visible</option>
 42 |         <option name="charting.axisTitleY.visibility">visible</option>
 43 |         <option name="charting.axisTitleY2.visibility">visible</option>
 44 |         <option name="charting.axisX.abbreviation">none</option>
 45 |         <option name="charting.axisX.scale">linear</option>
 46 |         <option name="charting.axisY.abbreviation">auto</option>
 47 |         <option name="charting.axisY.scale">linear</option>
 48 |         <option name="charting.axisY2.abbreviation">none</option>
 49 |         <option name="charting.axisY2.enabled">0</option>
 50 |         <option name="charting.axisY2.scale">inherit</option>
 51 |         <option name="charting.chart">line</option>
 52 |         <option name="charting.chart.bubbleMaximumSize">50</option>
 53 |         <option name="charting.chart.bubbleMinimumSize">10</option>
 54 |         <option name="charting.chart.bubbleSizeBy">area</option>
 55 |         <option name="charting.chart.nullValueMode">connect</option>
 56 |         <option name="charting.chart.showDataLabels">none</option>
 57 |         <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
 58 |         <option name="charting.chart.stackMode">default</option>
 59 |         <option name="charting.chart.style">shiny</option>
 60 |         <option name="charting.drilldown">none</option>
 61 |         <option name="charting.layout.splitSeries">0</option>
 62 |         <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
 63 |         <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
 64 |         <option name="charting.legend.mode">standard</option>
 65 |         <option name="charting.legend.placement">right</option>
 66 |         <option name="charting.lineWidth">2</option>
 67 |         <option name="refresh.display">progressbar</option>
 68 |         <option name="trellis.enabled">0</option>
 69 |         <option name="trellis.scales.shared">1</option>
 70 |         <option name="trellis.size">medium</option>
 71 |       </chart>
 72 |     </panel>
 73 |   </row>
 74 |   <row>
 75 |     <panel>
 76 |       <title>Current Leader</title>
 77 |       <table>
 78 |         <search>
 79 |           <query>index=kafka sourcetype=zookeeper command=leader is_leader=true environment=$env$ | table _time, environment, host, is_leader | uniq environment | sort by _time | head 5</query>
 80 |           <earliest>$zookeeper_time_token.earliest$</earliest>
 81 |           <latest>$zookeeper_time_token.latest$</latest>
 82 |           <refresh>1m</refresh>
 83 |           <refreshType>delay</refreshType>
 84 |         </search>
 85 |         <option name="drilldown">none</option>
 86 |         <option name="refresh.display">progressbar</option>
 87 |       </table>
 88 |     </panel>
 89 |     <panel>
 90 |       <title>Zookeeper Latency Stats</title>
 91 |       <chart>
 92 |         <search>
 93 |           <query>index=kafka sourcetype=zookeeper command=monitor environment=$env$ | timechart latest(max_latency) as max_latency, latest(avg_latency) as avg_latency by host useother=false</query>
 94 |           <earliest>$zookeeper_time_token.earliest$</earliest>
 95 |           <latest>$zookeeper_time_token.latest$</latest>
 96 |           <sampleRatio>1</sampleRatio>
 97 |           <refresh>1m</refresh>
 98 |           <refreshType>delay</refreshType>
 99 |         </search>
100 |         <option name="charting.chart">line</option>
101 |         <option name="charting.chart.nullValueMode">connect</option>
102 |         <option name="charting.drilldown">none</option>
103 |         <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
104 |         <option name="charting.legend.mode">standard</option>
105 |         <option name="height">335</option>
106 |         <option name="refresh.display">progressbar</option>
107 |       </chart>
108 |     </panel>
109 |     <panel>
110 |       <title>Zookeeper Sync Stats (Leader Only)</title>
111 |       <chart>
112 |         <search>
113 |           <query>index=kafka sourcetype=zookeeper  command=monitor environment=$env$ | timechart latest(synced_followers) as synced_followers, latest(pending_syncs) as pending_syncs by host</query>
114 |           <earliest>$zookeeper_time_token.earliest$</earliest>
115 |           <latest>$zookeeper_time_token.latest$</latest>
116 |           <sampleRatio>1</sampleRatio>
117 |           <refresh>1m</refresh>
118 |           <refreshType>delay</refreshType>
119 |         </search>
120 |         <option name="charting.chart">line</option>
121 |         <option name="charting.chart.nullValueMode">connect</option>
122 |         <option name="charting.drilldown">none</option>
123 |         <option name="charting.layout.splitSeries">0</option>
124 |         <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
125 |         <option name="charting.legend.placement">right</option>
126 |         <option name="height">337</option>
127 |         <option name="refresh.display">progressbar</option>
128 |       </chart>
129 |     </panel>
130 |   </row>
131 |   <row>
132 |     <panel>
133 |       <title>Zookeeper Counts</title>
134 |       <chart>
135 |         <search>
136 |           <query>index=kafka sourcetype=zookeeper command=monitor environment=$env$ | timechart latest(znode_count) as znode_count, latest(watch_count) as watch_count, latest(outstanding_requests) as outstanding_requests, latest(open_file_descriptor_count) as open_file_descriptor_count,latest(ephemerals_count) as ephemerals_count by host useother=false</query>
137 |           <earliest>$zookeeper_time_token.earliest$</earliest>
138 |           <latest>$zookeeper_time_token.latest$</latest>
139 |           <sampleRatio>1</sampleRatio>
140 |           <refresh>1m</refresh>
141 |           <refreshType>delay</refreshType>
142 |         </search>
143 |         <option name="charting.chart">line</option>
144 |         <option name="charting.chart.nullValueMode">connect</option>
145 |         <option name="charting.drilldown">none</option>
146 |         <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
147 |         <option name="refresh.display">progressbar</option>
148 |       </chart>
149 |     </panel>
150 |   </row>
151 |   <row>
152 |     <panel>
153 |       <title>Zookeeper Watch Summary Stats</title>
154 |       <chart>
155 |         <search>
156 |           <query>index=kafka sourcetype=zookeeper environment=$env$ command=watch_summary
157 | | timechart latest(num_connections) as num_connections, latest(num_paths) as num_paths, latest(num_total_watches) as num_total_watches by host useother=false</query>
158 |           <earliest>$zookeeper_time_token.earliest$</earliest>
159 |           <latest>$zookeeper_time_token.latest$</latest>
160 |           <sampleRatio>1</sampleRatio>
161 |           <refresh>1m</refresh>
162 |           <refreshType>delay</refreshType>
163 |         </search>
164 |         <option name="charting.chart">line</option>
165 |         <option name="charting.chart.nullValueMode">connect</option>
166 |         <option name="charting.drilldown">none</option>
167 |         <option name="refresh.display">progressbar</option>
168 |       </chart>
169 |     </panel>
170 |   </row>
171 |   <row>
172 |     <panel>
173 |       <title>Zookeeper Client Connection Stats</title>
174 |       <table>
175 |         <search>
176 |           <query>index=kafka sourcetype=zookeeper environment=$env$ command=connections 
177 | | table host, connections{}.remote_socket_address connections{}.avg_latency connections{}.outstanding_requests connections{}.max_latency | head 3</query>
178 |           <earliest>$zookeeper_time_token.earliest$</earliest>
179 |           <latest>$zookeeper_time_token.latest$</latest>
180 |           <sampleRatio>1</sampleRatio>
181 |           <refresh>1m</refresh>
182 |           <refreshType>delay</refreshType>
183 |         </search>
184 |         <option name="count">20</option>
185 |         <option name="dataOverlayMode">none</option>
186 |         <option name="drilldown">none</option>
187 |         <option name="percentagesRow">false</option>
188 |         <option name="refresh.display">progressbar</option>
189 |         <option name="rowNumbers">false</option>
190 |         <option name="totalsRow">false</option>
191 |         <option name="wrap">true</option>
192 |       </table>
193 |     </panel>
194 |   </row>
195 | </form>


--------------------------------------------------------------------------------
/files/vagrant-generate-tls-certs.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # change to output certs dir based on $1 or current directory
 4 | cert_path=$( cd "$(dirname "${BASH_SOURCE[1]}")" ; pwd -P )
 5 | 
 6 | key_pass="IdontKnow"
 7 | key_size=4096
 8 | key_alg="RSA"
 9 | 
10 | for zook_host in 1 2 3
11 | do
12 |     echo
13 |     echo "------------------------------------------------"
14 |     echo "Generating Keystore for zookeeper$zook_host.localhost with RSA 4096"
15 |     keytool -genkeypair -alias "zookeeper$zook_host.localhost" \
16 |         -keyalg "$key_alg" -keysize $key_size -dname "cn=zookeeper$zook_host.localhost" \
17 |         -keypass "$key_pass" \
18 |         -keystore "$cert_path/keystore-zookeeper$zook_host.localhost.jks" \
19 |         -storepass "$key_pass" \
20 |         -validity 9999 \
21 |         -ext san=ip:192.168.56.11$zook_host,dns:zookeeper$zook_host.localhost,dns:localhost,dns:*.localhost
22 | 
23 |     echo
24 |     echo "------------------------------------------------"
25 |     echo "Extracting Cert. for zookeeper$zook_host.localhost from Keystore"
26 |     keytool -exportcert -alias "zookeeper$zook_host.localhost" \
27 |         -keystore "$cert_path/keystore-zookeeper$zook_host.localhost.jks" \
28 |         -file "$cert_path/zookeeper$zook_host.localhost.cer" -storepass "$key_pass" -rfc
29 | 
30 |     echo
31 |     echo "------------------------------------------------"
32 |     echo "Merge certs into One Truststore with Hostname"
33 |     keytool -importcert -alias "zookeeper$zook_host.localhost" \
34 |         -file "$cert_path/zookeeper$zook_host.localhost.cer" \
35 |         -keystore "$cert_path/truststore.jks" \
36 |         -storepass "$key_pass" -noprompt
37 | 
38 |     echo
39 |     echo "------------------------------------------------"
40 |     echo "Merge certs into One Truststore with IP"
41 |     keytool -importcert -alias "192.168.56.11$zook_host" \
42 |         -file "$cert_path/zookeeper$zook_host.localhost.cer" \
43 |         -keystore "$cert_path/truststore.jks" \
44 |         -storepass "$key_pass" -noprompt
45 | 
46 |     echo
47 |     echo "------------------------------------------------"
48 |     echo "Merge keystores into One Keystore"
49 |     keytool -importkeystore \
50 |         -srckeystore "$cert_path/keystore-zookeeper$zook_host.localhost.jks" \
51 |         -destkeystore "$cert_path/keystore.jks" \
52 |         -srcstorepass "$key_pass" \
53 |         -deststorepass "$key_pass" \
54 |         -noprompt
55 | done
56 | 
57 | 
58 | echo
59 | echo "------------------------------------------------"
60 | echo "Merge certs into One CA Crt, will be used to scrap admin endpoint"
61 | echo "------------------------------------------------"
62 | cat ./*.cer >> zookeeper-all.crt
63 | 
64 | echo
65 | echo "------------------------------------------------"
66 | echo "Print Number of Private keys in Unified Keystore"
67 | echo "------------------------------------------------"
68 | keytool -list -keystore "$cert_path/keystore.jks" -storepass "$key_pass"
69 | 
70 | echo
71 | echo "------------------------------------------------"
72 | echo "Print Number of Certs in Truststore"
73 | echo "------------------------------------------------"
74 | keytool -list -keystore "$cert_path/truststore.jks" -storepass "$key_pass"
75 | 
76 | # echo
77 | # echo "------------------------------------------------"
78 | # echo "Print Certs Details in All.crt"
79 | # echo "------------------------------------------------"
80 | # keytool -printcert -file "$cert_path/zookeeper-all.crt" | grep -A 10 "Certificate\["
81 | 
82 | # echo remove certs
83 | rm -rf ./*.cer


--------------------------------------------------------------------------------
/index.md:
--------------------------------------------------------------------------------
1 | readme.md


--------------------------------------------------------------------------------
/inventory/development/cluster-aws.ini:
--------------------------------------------------------------------------------
 1 | [all:vars]
 2 | ansible_user=ec2-user
 3 | ansible_connection=ssh 
 4 | ansible_become_method=sudo 
 5 | ansible_become=true
 6 | ansible_ssh_private_key_file=~/.ssh/davinder-rnd-terraform.pem
 7 | 
 8 | [clusterNodes]
 9 | 18.232.168.89
10 | 
11 | [clusterRemoveNodes]
12 | 18.232.168.89


--------------------------------------------------------------------------------
/inventory/development/cluster.ini:
--------------------------------------------------------------------------------
 1 | [all:vars]
 2 | ansible_user=vagrant
 3 | ansible_connection=ssh
 4 | ansible_become_method=sudo
 5 | ansible_become=true
 6 | #ansible_ssh_private_key_file = ~/.vagrant.d/insecure_private_key
 7 | 
 8 | [clusterNodes]
 9 | zookeeper1.localhost ansible_host=192.168.56.111 zookeeperMyId=111
10 | zookeeper2.localhost ansible_host=192.168.56.112 zookeeperMyId=112
11 | zookeeper3.localhost ansible_host=192.168.56.113 zookeeperMyId=113
12 | 
13 | [clusterRemoveNodes]
14 | zookeeper1.localhost ansible_host=192.168.56.111
15 | zookeeper2.localhost ansible_host=192.168.56.112
16 | zookeeper3.localhost ansible_host=192.168.56.113


--------------------------------------------------------------------------------
/inventory/development/group_vars/all.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | systemUpgradeRequired: false
 4 | 
 5 | javaVersion: 17
 6 | updateJava: false # only when you need to update java version
 7 | 
 8 | useSystemFirewall: false
 9 | 
10 | zookeeperGroup: "zookeeper"
11 | zookeeperUser: "zookeeper"
12 | zookeeperGroupId: 6000
13 | zookeeperUserId: 6000
14 | 
15 | zookeeperInstallDir: "/zookeeper"
16 | zookeeperDataDir: "{{ zookeeperInstallDir }}/zookeeper-data"
17 | zookeeperLogDir: "{{ zookeeperInstallDir }}/zookeeper-logs"
18 | zookeeperLogLevel: "DEBUG"    # DEBUG/INFO/WARN/ERROR/FATAL
19 | 
20 | # zookeeper user generated MyID + FQDN for zoo.cfg are useful incase of MTLS
21 | zookeeperUserGeneratedMyId: true
22 | 
23 | # zookeeper quorum sasl + Digest-MD5 mutual auth (optional)
24 | # Note: for fresh clusters it can be set to `true`
25 | #       but existing clusters must use `clusterMigrateToSasLAuth.yml` playbook for migrations
26 | zookeeperQuorumAuthEnableSasl: true
27 | zookeeperQuorumCnxnThreadsSize: 20
28 | zookeeperQuorumUsername: "quorum"
29 | zookeeperQuorumPassword: "IdontKnow"
30 | 
31 | # zookeeper quorum with mtls
32 | zookeeperSslQuorum: true
33 | zookeeperPortUnification: "false"
34 | zookeeperSecureClientPort: 2182 # only defined in zoo.cfg but not used/tested
35 | zookeeperSslQuorumReloadCertFiles: "false"
36 | zookeeperSslQuorumProtocol: "TLSv1.2"
37 | zookeeperSslQuorumKeystorePassword: "IdontKnow"
38 | zookeeperSslQuorumTruststorePassword: "IdontKnow"
39 | zookeeperSslQuorumHostnameVerification: "true"
40 | zookeeperSslHostnameVerification: "true"
41 | zookeeperSslQuorumKeystoreLocation: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/keystore.jks"
42 | zookeeperSslQuorumTruststoreLocation: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/truststore.jks"
43 | zookeeperCopyFiles:
44 |   - { src: "files/certs/keystore-{{ ansible_fqdn }}.jks", dest: "{{ zookeeperSslQuorumKeystoreLocation }}" }
45 |   - { src: "files/certs/truststore.jks", dest: "{{ zookeeperSslQuorumTruststoreLocation }}" }
46 | 
47 | # zookeeper uncategorized settings
48 | zookeeperAdminPortUnification: "false"
49 | 
50 | # jvm settings
51 | zookeeperXms: "256m"
52 | zookeeperXmx: "{{ zookeeperXms }}"
53 | ZookeeperJvmFlags: ""
54 | 
55 | # jmx settings, updated via clusterConfigsUpdate.yml
56 | zookeeperJmxEnabled: true
57 | zookeeperJmxPort: 9999
58 | 
59 | zookeeperVmMaxMapCount: 100000
60 | zookeeperTickTime: 2000
61 | zookeeperInitLimit: 5
62 | zookeeperSyncLimit: 2
63 | zookeeperMaxClientCnxns: 60
64 | zookeeperClientPort: 2181
65 | 
66 | # zookeeper prometheus settings
67 | zookeeperPrometheusExporterEnabled: true
68 | zookeeperPrometheusExporterHttpPort: 7000
69 | 
70 | # zookeeper versions
71 | zookeeperVersion: 3.9.1
72 | zookeeperOldVersion: 3.8.0 # only used in removing old versions
73 | 
74 | # use local tar only
75 | zookeeperTarLocation: "/home/pox/zookeeper-cluster-ansible/apache-zookeeper-{{ zookeeperVersion }}-bin.tar.gz"
76 | 
77 | # splunk/Cloudwatch monitoring
78 | zookeeperEnvironment: "development"
79 | 
80 | # Only for AWS Based Cluster
81 | aws_zookeeper_ec2_region: "us-east-1"
82 | aws_zookeeper_ebs_device: "/dev/nvme1n1"
83 | aws_zookeeper_ebs_device_fs: "xfs"
84 | aws_zookeeper_ebs_device_mount_location: "/zookeeper"
85 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
  1 | # Apache Zookeeper Ansible
  2 | 
  3 | It is group of playbooks to manage apache zookeeper.
  4 | 
  5 | ## **Requirements**
  6 | 
  7 | * Download Apache Zookeeper Tar Manually ( Mandatory )
  8 | * vagrant ( Optional )
  9 | * Any OS with SystemD ( Mandatory )
 10 | * Ansible ( Mandatory )
 11 | * `netaddr` python package on ansible controller node.
 12 | 
 13 | ## **Notes***
 14 | 
 15 | ```
 16 | 1. All tasks like jvm/logging/downgrade/removeOldVersion will be done in serial order.
 17 | ```
 18 | 
 19 | ## **Development Environment Setup**
 20 | 
 21 | * **STEP-0**
 22 | [Vagrant-Readme.md](./docs/vagrant-notes.md)
 23 | 
 24 | * **STEP-1**
 25 | ```
 26 | vagrant up
 27 | ```
 28 | 
 29 | Generate MTLS Certs/JKS Files
 30 | 
 31 | ```bash
 32 | mkdir files/certs/
 33 | 
 34 | cd files/certs/
 35 | 
 36 | ../vagrant-generate-tls-certs.sh
 37 | ```
 38 | 
 39 | * **STEP-2**
 40 | 
 41 | ```bash
 42 | ansible-playbook -i inventory/development/cluster.ini clusterSetup.yml
 43 | ```
 44 | 
 45 | ## **Apache Zookeeper Playbooks**
 46 | 
 47 | ### **Cloud Infra Using Terraform**
 48 | 
 49 | * `terraform/aws`
 50 | * `terraform/oci`
 51 | 
 52 | ### **AWS Cloud PreSetup for cluster**
 53 | 
 54 | It will enable following things on all nodes.
 55 | 
 56 | 1. `/zookeeper` mount point from ebs created by terraform.
 57 | 2. Install and configure `awslogs` agent for kafka-logs.
 58 | 3. Install python3 packages
 59 | 
 60 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
 61 | * Update Required vars in ```inventory/<environment>/cluster.ini``` .
 62 | 
 63 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterAwsPreSetup.yml```
 64 | 
 65 | ### **To start new cluster**
 66 | 
 67 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
 68 | * Update Required vars in ```inventory/<environment>/cluster.ini``` .
 69 | 
 70 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterSetup.yml```
 71 | 
 72 | ### **Monitoring Setup**
 73 | 
 74 | * **To add custom metric exporter to cluster**
 75 | 
 76 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterCustomMetricExporter.yml```
 77 | 
 78 | * **To add newrelic monitoring to cluster**
 79 | 
 80 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterNewRelicSetup.yml```
 81 | 
 82 | ### **Rolling restart cluster**
 83 | 
 84 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterRollingRestart.yml```
 85 | 
 86 | ### **To update jvm/logging/zoo.cg/jaas.conf settings of cluster**
 87 | 
 88 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
 89 | 
 90 | ```bash
 91 | ansible-playbook -i inventory/<environment>/cluster.ini clusterConfigsUpdate.yml -e zookeeperConfigFile=zoo.cfg
 92 | ansible-playbook -i inventory/<environment>/cluster.ini clusterConfigsUpdate.yml -e zookeeperConfigFile=java.env
 93 | ansible-playbook -i inventory/<environment>/cluster.ini clusterConfigsUpdate.yml -e zookeeperConfigFile=jaas.conf
 94 | ansible-playbook -i inventory/<environment>/cluster.ini clusterConfigsUpdate.yml -e zookeeperConfigFile=logback.xml
 95 | ```
 96 | 
 97 | ### **To upgrade zookeeper version of cluster**
 98 | 
 99 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
100 | 
101 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterUpgrade.yml```
102 | 
103 | ### **To upgrade java version of cluster**
104 | 
105 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
106 | 
107 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterJava.yml```
108 | 
109 | ### **To upgrade OS version of cluster**
110 | 
111 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
112 | 
113 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterOSUpgrade.yml```
114 | 
115 | ### **To remove old version files of zookeeper from cluster**
116 | 
117 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
118 | 
119 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterRemoveOldVersion.yml```
120 | 
121 | ### **To remove zookeeper cluster**
122 | 
123 | * Update Required vars in ```inventory/<environment>/group_vars/all.yml``` .
124 | 
125 | ```ansible-playbook -i inventory/<environment>/cluster.ini clusterRemoveNodes.yml```
126 | 
127 | ## **Migration Playbooks**
128 | 
129 | ### [Migrate Zookeeper to FQDN based Configurations](./docs/migrate-to-fqdn-based-configs.md)
130 | 
131 | ### [Migrate Zookeeper to SASL Cluster](./docs/migrate-to-sasl.md)
132 | 
133 | ### [Migrate Zookeeper to MTLS Quorum Cluster](./docs/migrate-to-mtls.md)
134 | 
135 | ### **Tested Zookeeper Versions**
136 | 
137 | * `3.7.1`
138 | * `3.8.0`
139 | * `3.9.1`
140 | 
141 | ### **Tested OS**
142 | 
143 | * CentOS 7
144 | * RedHat 7
145 | * Amzaon Linux 2
146 | * Ubuntu 18
147 | 
148 | ### **Tested Ansible Version**
149 | 
150 | ```
151 | ansible==9.2.0
152 | ansible-core==2.16.3
153 | ```
154 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | netaddr
2 | 


--------------------------------------------------------------------------------
/roles/cloudwatch/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: install awslogs agents
 4 |   ansible.builtin.package:
 5 |     name: "awslogs"
 6 |     state: "latest"
 7 |     update_cache: true
 8 | 
 9 | - name: update location for zookeeper-logs in cloudwtch agent conf
10 |   ansible.builtin.blockinfile:
11 |     path: "/etc/awslogs/awslogs.conf"
12 |     block: |
13 |       [cloudwatch-zookeeper-logs]
14 |       time_zone = LOCAL
15 |       datetime_format = %b %d %H:%M:%S
16 |       file = {{ zookeeperInstallDir }}/zookeeper-logs/*
17 |       buffer_duration = 5000
18 |       log_stream_name = {instance_id}
19 |       initial_position = start_of_file
20 |       log_group_name = zookeeper-{{ zookeeperEnvironment }}-logs
21 | 
22 | - name: update aws region of clouwatch agent
23 |   ansible.builtin.lineinfile:
24 |     path: "/etc/awslogs/awscli.conf"
25 |     regexp: '^region ='
26 |     line: "region = {{ aws_zookeeper_ec2_region }}"
27 | 
28 | - name: service enable awslogsd
29 |   ansible.builtin.systemd:
30 |     name: awslogsd
31 |     state: restarted
32 |     enabled: true
33 | 


--------------------------------------------------------------------------------
/roles/common/tasks/commonUtils.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install Common Utils
 4 |   ansible.builtin.package:
 5 |     name: "{{ item }}"
 6 |     state: present
 7 |   loop:
 8 |     - net-tools
 9 |     - tar
10 |     - unzip
11 |     - wget
12 |     - gcc
13 | 
14 | - name: install python3* packages and dependencies
15 |   ansible.builtin.package:
16 |     name: "{{ item }}"
17 |     state: latest
18 |   loop:
19 |     - python3
20 |     - python3-pip
21 |     - python3-devel
22 |   when:
23 |     - ansible_distribution in ['CentOS', 'RedHat'] | list
24 | 
25 | - name: install python3* packages and dependencies  | Debian
26 |   ansible.builtin.package:
27 |     name: "{{ item }}"
28 |     state: latest
29 |   loop:
30 |     - python3
31 |     - python3-pip
32 |     - python3-dev
33 |   when: ansible_distribution in ['Debian', 'Ubuntu'] | list


--------------------------------------------------------------------------------
/roles/common/tasks/createDirStructure.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Creating installing dir | {{ zookeeperInstallDir }}
 4 |   ansible.builtin.file:
 5 |     path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}"
 6 |     recurse: true
 7 |     state: directory
 8 | 
 9 | - name: Creating zookeeper directories
10 |   ansible.builtin.file:
11 |     path: "{{ item }}"
12 |     state: directory
13 |     owner: "{{ zookeeperUser }}"
14 |     group: "{{ zookeeperGroup }}"
15 |     mode: 0775
16 |   loop:
17 |     - "{{ zookeeperDataDir }}"
18 |     - "{{ zookeeperLogDir }}"


--------------------------------------------------------------------------------
/roles/common/tasks/createUser.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: creating zookeeper group
 4 |   ansible.builtin.group:
 5 |     name: "{{  zookeeperGroup }}"
 6 |     gid: "{{ zookeeperGroupId }}"
 7 |     state: present
 8 | 
 9 | - name: creating zookeeper user
10 |   ansible.builtin.user:
11 |     name: "{{ zookeeperUser }}"
12 |     comment: zookeeper Default User
13 |     uid: "{{ zookeeperUserId }}"
14 |     group: "{{ zookeeperGroup }}"


--------------------------------------------------------------------------------
/roles/common/tasks/disableFirewall.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: disable ufw firewall if exists
 4 |   ansible.builtin.command: ufw disable
 5 |   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 6 | 
 7 | - name: disable firewalld service if exists
 8 |   ansible.builtin.systemd:
 9 |     name: firewalld
10 |     enabled: false
11 |     state: stopped
12 |   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'RedHat'
13 | 
14 | - name: taking iptables backup | /opt/iptables-{{ ansible_date_time.date }}.bak
15 |   ansible.builtin.shell: "iptables-save > /opt/iptables-{{ ansible_date_time.date }}.bak"
16 |   args:
17 |     creates: "/opt/iptables-{{ ansible_date_time.date }}.bak"
18 |   ignore_errors: true
19 | 
20 | - name: flushing all iptables rules if exists
21 |   ansible.builtin.command: iptables -F
22 |   ignore_errors: true
23 | 


--------------------------------------------------------------------------------
/roles/common/tasks/ebsDisk.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: install xfs untils
 4 |   ansible.builtin.package:
 5 |     name: xfsprogs
 6 |     state: present
 7 |   when: aws_zookeeper_ebs_device_fs | lower == "xfs"
 8 | 
 9 | - name: check filesystem on given device | {{ aws_zookeeper_ebs_device }}
10 |   ansible.builtin.command: file -s "{{ aws_zookeeper_ebs_device }}"
11 |   register: zookeeper_ebs_device_status
12 | 
13 | - name: create filesystem on given device | {{ aws_zookeeper_ebs_device }}
14 |   community.general.filesystem:
15 |     fstype: "{{ aws_zookeeper_ebs_device_fs }}"
16 |     dev: "{{ aws_zookeeper_ebs_device }}"
17 |   when: zookeeper_ebs_device_status.stdout | regex_search(' data')
18 | 
19 | - name: create zookeeper ebs mount dir
20 |   ansible.builtin.file:
21 |     path: "{{ aws_zookeeper_ebs_device_mount_location }}"
22 |     state: "directory"
23 | 
24 | - name: mount zookeeper ebs volume | {{ aws_zookeeper_ebs_device }}
25 |   ansible.posix.mount:
26 |     path: "{{ aws_zookeeper_ebs_device_mount_location }}"
27 |     src: "{{ aws_zookeeper_ebs_device }}"
28 |     fstype: "{{ aws_zookeeper_ebs_device_fs }}"
29 |     state: "mounted"
30 | 


--------------------------------------------------------------------------------
/roles/common/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Installing common utils
 4 |   ansible.builtin.include_tasks: commonUtils.yml
 5 | 
 6 | - name: Create user and group
 7 |   ansible.builtin.include_tasks: createUser.yml
 8 | 
 9 | - name: Create zookeeper dir structure
10 |   ansible.builtin.include_tasks: createDirStructure.yml
11 | 
12 | - name: System tuning tasks
13 |   ansible.builtin.include_tasks: systemTuning.yml
14 | 
15 | - name: Disable firewall
16 |   ansible.builtin.include_tasks: disableFirewall.yml
17 |   ignore_errors: true
18 |   when: not useSystemFirewall


--------------------------------------------------------------------------------
/roles/common/tasks/systemTuning.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: OS Tunning
 4 |   ansible.posix.sysctl:
 5 |     name: "{{ item.key }}"
 6 |     value: "{{ item.value }}"
 7 |     state: present
 8 |   loop:
 9 |     - { "key":"vm.max_map_count", "value": "{{ zookeeperVmMaxMapCount }}" }
10 |   ignore_errors: true
11 | 
12 | - name: Networking Tunning
13 |   ansible.posix.sysctl:
14 |     name: "{{ item.key }}"
15 |     value: "{{ item.value }}"
16 |     sysctl_set: yes
17 |     state: present
18 |     reload: true
19 |   loop:
20 |     - { "key": "net.ipv4.tcp_max_syn_backlog", "value": "40000" }
21 |     - { "key": "net.core.somaxconn", "value": "40000" }
22 |     - { "key": "net.ipv4.tcp_sack", "value": "1" }
23 |     - { "key": "net.ipv4.tcp_window_scaling", "value": "1" }
24 |     - { "key": "net.ipv4.tcp_fin_timeout", "value": "15" }
25 |     - { "key": "net.ipv4.tcp_keepalive_intvl", "value": "60" }
26 |     - { "key": "net.ipv4.tcp_keepalive_probes", "value": "5" }
27 |     - { "key": "net.ipv4.tcp_keepalive_time", "value": "180" }
28 |     - { "key": "net.ipv4.tcp_tw_reuse", "value": "1" }
29 |     - { "key": "net.ipv4.tcp_moderate_rcvbuf", "value": "1" }
30 |     - { "key": "net.core.rmem_default", "value": "8388608" }
31 |     - { "key": "net.core.wmem_default", "value": "8388608" }
32 |     - { "key": "net.core.rmem_max", "value": "134217728" }
33 |     - { "key": "net.core.wmem_max", "value": "134217728" }
34 |     - { "key": "net.ipv4.tcp_mem", "value": "134217728 134217728 134217728" }
35 |     - { "key": "net.ipv4.tcp_rmem", "value": "4096 277750 134217728" }
36 |     - { "key": "net.ipv4.tcp_wmem", "value": "4096 277750 134217728" }
37 |     - { "key": "net.core.netdev_max_backlog", "value": "300000" }
38 |   ignore_errors: true
39 | 
40 | - name: update ulimits
41 |   ansible.builtin.blockinfile:
42 |     path: /etc/security/limits.conf
43 |     block: |
44 |       {{ zookeeperUser }} hard core 0
45 |       {{ zookeeperUser }} soft nofile 65535
46 |       {{ zookeeperUser }} hard nofile 65535
47 |       {{ zookeeperUser }} soft nproc 4096
48 |       {{ zookeeperUser }} hard nproc 16384


--------------------------------------------------------------------------------
/roles/configure/tasks/dynamicConfigs.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Creating zookeeper configurations | {{ zookeeperConfigFile }}
3 |   ansible.builtin.template:
4 |     src: "{{ zookeeperConfigFile }}"
5 |     dest: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/conf/{{ zookeeperConfigFile }}"
6 |     owner: "{{ zookeeperUser }}"
7 |     group: "{{ zookeeperGroup }}"
8 |   register: configStatus


--------------------------------------------------------------------------------
/roles/configure/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Adding Zookeeper ID File | {{ zookeeperDataDir }}/myid
 4 |   ansible.builtin.template:
 5 |     dest: "{{ zookeeperDataDir }}/myid"
 6 |     src: myid
 7 | 
 8 | - name: Creating zookeeper configurations
 9 |   ansible.builtin.include_role:
10 |       name: configure
11 |       tasks_from: dynamicConfigs.yml
12 |   vars:
13 |     zookeeperConfigFile: "{{ item }}"
14 |   loop:
15 |     - zoo.cfg
16 |     - java.env
17 |     - jaas.conf
18 |     - logback.xml
19 | 


--------------------------------------------------------------------------------
/roles/configure/templates/jaas.conf:
--------------------------------------------------------------------------------
 1 | QuorumServer {
 2 |        org.apache.zookeeper.server.auth.DigestLoginModule required
 3 |        user_{{ zookeeperQuorumUsername }}="{{ zookeeperQuorumPassword }}";
 4 | };
 5 |  
 6 | QuorumLearner {
 7 |        org.apache.zookeeper.server.auth.DigestLoginModule required
 8 |        username="{{ zookeeperQuorumUsername }}"
 9 |        password="{{ zookeeperQuorumPassword }}";
10 | };
11 | 
12 | Server {
13 |        org.apache.zookeeper.server.auth.DigestLoginModule required
14 |        user_{{ zookeeperQuorumUsername }}="{{ zookeeperQuorumPassword }}";
15 | };
16 | 
17 | Client {
18 |        org.apache.zookeeper.server.auth.DigestLoginModule required
19 |        username="{{ zookeeperQuorumUsername }}"
20 |        password="{{ zookeeperQuorumPassword }}";
21 | };
22 | 


--------------------------------------------------------------------------------
/roles/configure/templates/java.env:
--------------------------------------------------------------------------------
 1 | export JVMFLAGS="-Xmx{{ zookeeperXmx }} -Xms{{ zookeeperXms }} {{ ZookeeperJvmFlags | default(omit) }}"
 2 | 
 3 | {% if zookeeperJmxEnabled %}
 4 | export JMXPORT={{ zookeeperJmxPort }}
 5 | {% endif %}
 6 | 
 7 | {% if zookeeperQuorumAuthEnableSasl %}
 8 | # sasl + Digest-MD5 mutual auth
 9 | export JVMFLAGS="$JVMFLAGS -Djava.security.auth.login.config={{ zookeeperInstallDir }}/zookeeper/conf/jaas.conf"
10 | {% endif %}


--------------------------------------------------------------------------------
/roles/configure/templates/logback.xml:
--------------------------------------------------------------------------------
  1 | <!--
  2 |  Copyright 2022 The Apache Software Foundation
  3 | 
  4 |  Licensed to the Apache Software Foundation (ASF) under one
  5 |  or more contributor license agreements.  See the NOTICE file
  6 |  distributed with this work for additional information
  7 |  regarding copyright ownership.  The ASF licenses this file
  8 |  to you under the Apache License, Version 2.0 (the
  9 |  "License"); you may not use this file except in compliance
 10 |  with the License.  You may obtain a copy of the License at
 11 | 
 12 |      http://www.apache.org/licenses/LICENSE-2.0
 13 | 
 14 |  Unless required by applicable law or agreed to in writing, software
 15 |  distributed under the License is distributed on an "AS IS" BASIS,
 16 |  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 17 |  See the License for the specific language governing permissions and
 18 |  limitations under the License.
 19 | 
 20 |  Define some default values that can be overridden by system properties
 21 | -->
 22 | <configuration>
 23 |   <!-- Uncomment this if you would like to expose Logback JMX beans -->
 24 |   <!--jmxConfigurator /-->
 25 | 
 26 |   <property name="zookeeper.console.threshold" value="ERROR" />
 27 | 
 28 |   <property name="zookeeper.log.dir" value="{{ zookeeperLogDir }}" />
 29 |   <property name="zookeeper.log.file" value="zookeeper.log" />
 30 |   <property name="zookeeper.log.threshold" value="DEBUG" />
 31 |   <property name="zookeeper.log.maxfilesize" value="256MB" />
 32 |   <property name="zookeeper.log.maxbackupindex" value="20" />
 33 | 
 34 |   <!--
 35 |     console
 36 |     Add "console" to root logger if you want to use this
 37 |   -->
 38 |   <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
 39 |     <encoder>
 40 |       <pattern>%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n</pattern>
 41 |     </encoder>
 42 |     <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
 43 |       <level>${zookeeper.console.threshold}</level>
 44 |     </filter>
 45 |   </appender>
 46 | 
 47 |   <!--
 48 |     Add ROLLINGFILE to root logger to get log file output
 49 |   -->
 50 |   <appender name="ROLLINGFILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 51 |     <File>${zookeeper.log.dir}/${zookeeper.log.file}</File>
 52 |     <encoder>
 53 |       <pattern>%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n</pattern>
 54 |     </encoder>
 55 |     <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
 56 |       <level>${zookeeper.log.threshold}</level>
 57 |     </filter>
 58 |     <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
 59 |       <maxIndex>${zookeeper.log.maxbackupindex}</maxIndex>
 60 |       <FileNamePattern>${zookeeper.log.dir}/${zookeeper.log.file}.%i</FileNamePattern>
 61 |     </rollingPolicy>
 62 |     <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
 63 |       <MaxFileSize>${zookeeper.log.maxfilesize}</MaxFileSize>
 64 |     </triggeringPolicy>
 65 |   </appender>
 66 | 
 67 |   <!--
 68 |     Add TRACEFILE to root logger to get log file output
 69 |     Log TRACE level and above messages to a log file
 70 |   -->
 71 |   <!--property name="zookeeper.tracelog.dir" value="${zookeeper.log.dir}" />
 72 |   <property name="zookeeper.tracelog.file" value="zookeeper_trace.log" />
 73 |   <appender name="TRACEFILE" class="ch.qos.logback.core.FileAppender">
 74 |     <File>${zookeeper.tracelog.dir}/${zookeeper.tracelog.file}</File>
 75 |     <encoder>
 76 |       <pattern>%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n</pattern>
 77 |     </encoder>
 78 |     <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
 79 |       <level>TRACE</level>
 80 |     </filter>
 81 |   </appender-->
 82 | 
 83 |   <!--
 84 |     zk audit logging
 85 |   -->
 86 |   <!--property name="zookeeper.auditlog.file" value="zookeeper_audit.log" />
 87 |   <property name="zookeeper.auditlog.threshold" value="INFO" />
 88 |   <property name="audit.logger" value="INFO, RFAAUDIT" />
 89 | 
 90 |   <appender name="RFAAUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
 91 |     <File>${zookeeper.log.dir}/${zookeeper.auditlog.file}</File>
 92 |     <encoder>
 93 |       <pattern>%d{ISO8601} %p %c{2}: %m%n</pattern>
 94 |     </encoder>
 95 |     <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
 96 |       <level>${zookeeper.auditlog.threshold}</level>
 97 |     </filter>
 98 |     <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
 99 |       <maxIndex>10</maxIndex>
100 |       <FileNamePattern>${zookeeper.log.dir}/${zookeeper.auditlog.file}.%i</FileNamePattern>
101 |     </rollingPolicy>
102 |     <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
103 |       <MaxFileSize>10MB</MaxFileSize>
104 |     </triggeringPolicy>
105 |   </appender>
106 | 
107 |   <logger name="org.apache.zookeeper.audit.Slf4jAuditLogger" additivity="false" level="${audit.logger}">
108 |     <appender-ref ref="RFAAUDIT" />
109 |   </logger-->
110 | 
111 |   <root level="{{ zookeeperLogLevel | default('INFO')}}">
112 |     <appender-ref ref="CONSOLE" />
113 |     <appender-ref ref="ROLLINGFILE" />
114 |   </root>
115 | </configuration>


--------------------------------------------------------------------------------
/roles/configure/templates/myid:
--------------------------------------------------------------------------------
1 | {% set id = ansible_host.split('.')[3] | int | abs %}{{ id }}
2 | 


--------------------------------------------------------------------------------
/roles/configure/templates/zoo.cfg:
--------------------------------------------------------------------------------
 1 | # The number of milliseconds of each tick
 2 | tickTime={{ zookeeperTickTime }}
 3 | 
 4 | # The number of ticks that the initial
 5 | # synchronization phase can take
 6 | initLimit={{ zookeeperInitLimit }}
 7 | 
 8 | # The number of ticks that can pass between
 9 | # sending a request and getting an acknowledgement
10 | syncLimit={{ zookeeperSyncLimit }}
11 | 
12 | # the directory where the snapshot is stored.
13 | # do not use /tmp for storage, /tmp here is just
14 | # example sakes.
15 | dataDir={{ zookeeperDataDir }}
16 | 
17 | # the port at which the clients will connect
18 | clientPort={{ zookeeperClientPort }}
19 | 
20 | # the maximum number of client connections.
21 | # increase this if you need to handle more clients
22 | maxClientCnxns={{ zookeeperMaxClientCnxns }}
23 | 
24 | # whitelist all four letter commands so splunk can get stats
25 | 4lw.commands.whitelist=*
26 | #
27 | # Be sure to read the maintenance section of the
28 | # administrator guide before turning on autopurge.
29 | #
30 | # http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
31 | #
32 | # The number of snapshots to retain in dataDir
33 | autopurge.snapRetainCount={{ zookeeperAutoPurgeSnapRetainCount | default(3) }}
34 | 
35 | # Purge task interval in hours
36 | # Set to "0" to disable auto purge feature
37 | autopurge.purgeInterval={{ zookeeperAutoPurgeIntervalHour | default(1) }}
38 | 
39 | {% if not zookeeperUserGeneratedMyId %}
40 | # ansible autogenerated server list with IP Addresses
41 | {% for host in groups['clusterNodes'] %}
42 | {% if not host | ansible.utils.ipv4 %}
43 | {% set ip = hostvars[host]['ansible_host'] %}
44 | {% else %}
45 | {% set ip = host %}
46 | {% endif %}
47 | {% set id = ip.split('.')[3] | int | abs %}
48 | server.{{ id }}={{ ip }}:2888:3888
49 | {% endfor %}
50 | {% else %}
51 | # ansible autogenerated server list with FQDN and User Defined MyID
52 | {% for host in groups['clusterNodes'] %}
53 | {% set ip = hostvars[host]['ansible_fqdn'] %}
54 | {% set id = hostvars[host]['zookeeperMyId'] | int | abs %}
55 | server.{{ id }}={{ ip }}:2888:3888
56 | {% endfor %}
57 | {% endif %}
58 | 
59 | {% if zookeeperPrometheusExporterEnabled %}
60 | ## Metrics Providers
61 | #
62 | # https://prometheus.io Metrics Exporter
63 | metricsProvider.className=org.apache.zookeeper.metrics.prometheus.PrometheusMetricsProvider
64 | metricsProvider.httpPort={{ zookeeperPrometheusExporterHttpPort }}
65 | metricsProvider.exportJvmInfo=true
66 | {% endif %}
67 | 
68 | {% if zookeeperQuorumAuthEnableSasl %}
69 | # SASL Mutual Authentication
70 | # Ref: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
71 | quorum.auth.enableSasl=true
72 | quorum.auth.learnerRequireSasl=true
73 | quorum.auth.serverRequireSasl=true
74 | quorum.cnxn.threads.size={{ zookeeperQuorumCnxnThreadsSize }}
75 | quorum.auth.learner.saslLoginContext=QuorumLearner
76 | quorum.auth.server.saslLoginContext=QuorumServer
77 | {% endif %}
78 | 
79 | {% if zookeeperSslQuorum and zookeeperVersion is version("3.5.5", '>=') %}
80 | # Quorun with MTLS
81 | # Ref: https://zookeeper.apache.org/doc/r3.8.0/zookeeperAdmin.html#Quorum+TLS
82 | sslQuorum=true
83 | portUnification={{ zookeeperPortUnification | default("false") }}
84 | secureClientPort={{ zookeeperSecureClientPort }}
85 | serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
86 | ssl.quorum.keyStore.location={{ zookeeperSslQuorumKeystoreLocation }}
87 | ssl.quorum.keyStore.password={{ zookeeperSslQuorumKeystorePassword }}
88 | ssl.quorum.trustStore.location={{ zookeeperSslQuorumTruststoreLocation }}
89 | ssl.quorum.trustStore.password={{ zookeeperSslQuorumTruststorePassword }}
90 | ssl.quorum.hostnameVerification={{ zookeeperSslQuorumHostnameVerification | default("true") }}
91 | ssl.quorum.protocol={{ zookeeperSslQuorumProtocol | default("TLSv1.2") }}
92 | sslQuorumReloadCertFiles={{ zookeeperSslQuorumReloadCertFiles | default("false") }}
93 | {% endif %}
94 | 
95 | admin.portUnification={{ zookeeperAdminPortUnification | default("false") }}
96 | 


--------------------------------------------------------------------------------
/roles/copyFiles/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Ref: https://www.dontpanicblog.co.uk/2021/11/30/securing-a-zookeeper-ensemble/?utm_source=rss&utm_medium=rss&utm_campaign=securing-a-zookeeper-ensemble
 4 | # https://docs.ansible.com/ansible/latest/collections/community/general/java_cert_module.html
 5 | # https://docs.ansible.com/ansible/latest/collections/community/general/java_keystore_module.html
 6 | 
 7 | 
 8 | # steps 
 9 | # generate RSA key with https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_module.html
10 | # generate RSA Public Key with https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_publickey_module.html
11 | # 
12 | 
13 | - name: copy files
14 |   ansible.builtin.copy:
15 |     src: "{{ item.src }}"
16 |     dest: "{{ item.dest }}"
17 |     mode: "{{ item.mode | default(omit) }}"
18 |     owner: "{{ zookeeperUser }}"
19 |     group: "{{ zookeeperGroup }}"
20 |   loop: "{{ zookeeperCopyFiles }}"
21 |   when:
22 |     - zookeeperCopyFiles is defined
23 |     - zookeeperCopyFiles | length > 0


--------------------------------------------------------------------------------
/roles/customMetricExporter/files/readme.md:
--------------------------------------------------------------------------------
1 | # Zooki
2 | Apache Zookeeper Metric Collector
3 | 
4 | Usage: `python3 zooki.py /zookeeper /zookeeper/zookeeper-logs/ dev-env-zookeeper true`
5 | 
6 | 
7 |         <python version> <script path> <Zookeeper Partition> <Metric Output Folder> <cluster environment name> <zookeeper-ssl-status>


--------------------------------------------------------------------------------
/roles/customMetricExporter/files/requirements.txt:
--------------------------------------------------------------------------------
1 | requests


--------------------------------------------------------------------------------
/roles/customMetricExporter/files/zooki.py:
--------------------------------------------------------------------------------
 1 | # Cloned from: https://github.com/116davinder/zooki
 2 | 
 3 | # usage: python3 zooki.py /zookeeper /zookeeper/zookeeper-logs/ dev-zookeeper false
 4 | 
 5 | # This script suppose to export all zookeeper metric from one node and write to file
 6 | # from where splunk/cloudwatch like tools can read it.
 7 | 
 8 | import requests
 9 | import shutil
10 | from socket import gethostname
11 | import json
12 | import sys
13 | import os.path
14 | from datetime import datetime
15 | 
16 | 
17 | class Zooki:
18 |     def __init__(self):
19 |         self.zAddr = gethostname()
20 |         self.zPort = 8080
21 |         try:
22 |             self.zHttpScheme = "https://" if sys.argv[4].lower() == "true" else "http://"
23 |         except IndexError:
24 |             self.zHttpScheme = "http://"
25 | 
26 |         self.zHttpAddr = f"{self.zHttpScheme}{self.zAddr}:{self.zPort}/commands/"
27 |         self.cTimeNow = str(datetime.now())
28 | 
29 |     def getStorageMetric(self):
30 |         total, used, free = shutil.disk_usage(sys.argv[1])
31 |         _sMetric = {
32 |             "@timestamp": self.cTimeNow,
33 |             "command": "disk",
34 |             "environment": sys.argv[3],
35 |             "totalInGB": total // (2 ** 30),
36 |             "usedInGB": used // (2 ** 30),
37 |             "freeInGB": free // (2 ** 30),
38 |         }
39 |         return json.dumps(_sMetric)
40 | 
41 |     def getZMetric(self, commandPath):
42 |         with requests.get(self.zHttpAddr + commandPath, verify=False) as f:
43 |             if f.status_code == 200:
44 |                 _zMetric = f.json()
45 |                 _zMetric["@timestamp"] = self.cTimeNow
46 |                 _zMetric["environment"] = sys.argv[3]
47 |             else:
48 |                 _zMetric = {}
49 |         return json.dumps(_zMetric)
50 | 
51 |     # json retruned by monitor is too big to be handled by splunk indexer
52 |     # so separate function to reduce the json size
53 |     def getMonitorMetric(self):
54 |         with requests.get(self.zHttpAddr + "monitor", verify=False) as f:
55 |             if f.status_code == 200:
56 |                 _MM = f.json()
57 |                 _zMetric = {
58 |                     "@timestamp": self.cTimeNow,
59 |                     "environment": sys.argv[3],
60 |                     "command": _MM["command"],
61 |                     "znode_count": _MM["znode_count"],
62 |                     "watch_count": _MM["watch_count"],
63 |                     "outstanding_requests": _MM["outstanding_requests"],
64 |                     "open_file_descriptor_count": _MM["open_file_descriptor_count"],
65 |                     "ephemerals_count": _MM["ephemerals_count"],
66 |                     "max_latency": _MM["max_latency"],
67 |                     "avg_latency": _MM["avg_latency"],
68 |                     "synced_followers": _MM["synced_followers"] if "synced_followers" in _MM else 0,
69 |                     "pending_syncs": _MM["pending_syncs"] if "pending_syncs" in _MM else 0,
70 |                     "version": _MM["version"],
71 |                     "quorum_size": _MM["quorum_size"] if "quorum_size" in _MM else 0,
72 |                     "uptime": _MM["uptime"],
73 |                 }
74 |             else:
75 |                 _zMetric = {}
76 |         return json.dumps(_zMetric)
77 | 
78 | 
79 | def main():
80 | 
81 |     commandPaths = ["connections", "leader", "watch_summary"]
82 | 
83 |     z = Zooki()
84 |     with open(os.path.join(sys.argv[2], "disk.out"), "w") as zMetricFile:
85 |         zMetricFile.write(z.getStorageMetric())
86 | 
87 |     for command in commandPaths:
88 |         with open(os.path.join(sys.argv[2], command + ".out"), "w") as zMetricFile:
89 |             zMetricFile.write(z.getZMetric(command))
90 | 
91 |     with open(os.path.join(sys.argv[2], "monitor.out"), "w") as zMetricFile:
92 |         zMetricFile.write(z.getMonitorMetric())
93 | 
94 | 
95 | main()
96 | 


--------------------------------------------------------------------------------
/roles/customMetricExporter/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: copying zooki.py to {{ zookeeperInstallDir }}
 4 |   ansible.builtin.copy:
 5 |     src: zooki.py
 6 |     dest: "{{ zookeeperInstallDir }}"
 7 |     owner: "{{ zookeeperUser }}"
 8 |     group: "{{ zookeeperGroup }}"
 9 |     mode: 0777
10 | 
11 | - name: cron for zookeeper metric collector ( zooki.py )
12 |   ansible.builtin.cron:
13 |     name: "zookeeper metric collector"
14 |     minute: "*"
15 |     hour: "*"
16 |     weekday: "*"
17 |     user: "{{ zookeeperUser }}"
18 |     job: 'python3 {{ zookeeperInstallDir }}/zooki.py {{ zookeeperInstallDir }} {{ zookeeperLogDir }}/  {{ zookeeperEnvironment }} false \;'
19 | 


--------------------------------------------------------------------------------
/roles/decomissionNodes/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Stoping zookeeper related services
 4 |   ansible.builtin.include_role:
 5 |     name: "serviceState"
 6 |   vars:
 7 |     serviceName: "{{ item }}"
 8 |     serviceState: "stopped"
 9 |   loop:
10 |     - "zookeeper"
11 |     - "awslogsd"
12 | 
13 | - name: zookeeper Port Status
14 |   ansible.builtin.include_role:
15 |     name: portCheck
16 |   vars:
17 |     PortNumber: "{{ item }}"
18 |     PortStatus: "stopped"
19 |   loop:
20 |     - "{{ zookeeperClientPort }}"
21 | 
22 | - name: Removing data & log dirs related to installation
23 |   ansible.builtin.file:
24 |     path: "{{ item }}"
25 |     state: "absent"
26 |   loop:
27 |     - "{{ zookeeperInstallDir }}/zookeeper"
28 |     - "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}"
29 |     - "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperOldVersion }}"
30 |     - "{{ zookeeperDataDir }}"
31 |     - "{{ zookeeperLogDir }}"
32 |     - "{{ zookeeperInstallDir }}/zooki.py"
33 | 
34 | - name: deleting zookeeper user
35 |   ansible.builtin.user:
36 |     name: "{{ zookeeperUser }}"
37 |     comment: zookeeper Default User
38 |     uid: "{{ zookeeperUserId }}"
39 |     group: "{{ zookeeperGroup }}"
40 |     state: "absent"
41 | 
42 | - name: deleting zookeeper group
43 |   ansible.builtin.group:
44 |     name: "{{  zookeeperGroup }}"
45 |     gid: "{{ zookeeperGroupId }}"
46 |     state: "absent"
47 | 
48 | - name: remove zookeeper cron
49 |   ansible.builtin.cron:
50 |     name: "zookeeper metric collector"
51 |     state: "absent"
52 |     user: "{{ zookeeperUser }}"
53 | 
54 | - name: remove zookeeper systemd file
55 |   ansible.builtin.file:
56 |     path: "/usr/lib/systemd/system/zookeeper.service"
57 |     state: "absent"
58 | 
59 | - name: unmount zookeeper ebs volume | {{ aws_zookeeper_ebs_device }}
60 |   ansible.posix.mount:
61 |     path: "{{ aws_zookeeper_ebs_device_mount_location }}"
62 |     src: "{{ aws_zookeeper_ebs_device }}"
63 |     fstype: "{{ aws_zookeeper_ebs_device_fs }}"
64 |     state: "absent"


--------------------------------------------------------------------------------
/roles/install/tasks/createSymlink.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Creating symlink to latest version | {{ zookeeperVersion }}
 4 |   ansible.builtin.file:
 5 |     src: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}"
 6 |     dest: "{{ zookeeperInstallDir }}/zookeeper"
 7 |     owner: "{{ zookeeperUser }}"
 8 |     group: "{{ zookeeperGroup }}"
 9 |     state: link
10 |   register: zookeeperSymlinkStatus


--------------------------------------------------------------------------------
/roles/install/tasks/download.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # TODO: download zookeeper tar file to ansible server only if possible 
 4 | #       to reduce multiple downloads on all nodes.
 5 | #       Not Required: if downloading from local company mirror.
 6 | 
 7 | - name: Copying and Unarchive zookeeper tar | {{ zookeeperVersion }}
 8 |   ansible.builtin.unarchive:
 9 |     src: "{{ zookeeperTarLocation }}"
10 |     dest: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}"
11 |     owner: "{{ zookeeperUser }}"
12 |     group: "{{ zookeeperGroup }}"
13 |     validate_certs: false
14 |     keep_newer: yes
15 |     extra_opts: ["--strip-components=1"]
16 |     creates: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}/bin"
17 | 
18 | - name: Ensuring permissions on unarchieved files
19 |   ansible.builtin.file:
20 |     path: "{{ zookeeperInstallDir }}/zookeeper-{{ zookeeperVersion }}"
21 |     owner: "{{ zookeeperUser }}"
22 |     group: "{{ zookeeperGroup }}"
23 |     recurse: true
24 |     mode: 0775


--------------------------------------------------------------------------------
/roles/install/tasks/envSet.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Setting zookeeper Home | /etc/profile.d/zookeeper.sh
 4 |   ansible.builtin.blockinfile:
 5 |     path: /etc/profile.d/zookeeper.sh
 6 |     mode: 0775
 7 |     group: root
 8 |     owner: root
 9 |     create: true
10 |     block: |
11 |       export ZOOKEEPER_HOME={{ zookeeperInstallDir }}/zookeeper
12 |       export PATH=$ZOOKEEPER_HOME/bin:$PATH


--------------------------------------------------------------------------------
/roles/install/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: copy zookeeper tar
 4 |   ansible.builtin.include_tasks: download.yml
 5 | 
 6 | - name: Create zookeeper dir symlink
 7 |   ansible.builtin.include_tasks: createSymlink.yml
 8 | 
 9 | - name: Setting zookeeper version into profile.d
10 |   ansible.builtin.include_tasks: envSet.yml


--------------------------------------------------------------------------------
/roles/java/tasks/install.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: 'Check Java Version Support'
 4 |   ansible.builtin.fail:
 5 |     msg: 'java version is not supported, please use, <= 8 or >= 11'
 6 |   when:
 7 |     - javaVersion | int in [9,10]
 8 | 
 9 | - name: Setting java update true if required
10 |   ansible.builtin.set_fact:
11 |     javaUpdateState: latest
12 |   when: updateJava
13 | 
14 | - name: Install Openjdk | <= 8 | RedHat | if java version is less than 8
15 |   ansible.builtin.yum:
16 |     name: "{{ item }}"
17 |     state: "{{ javaUpdateState | default('present') }}"
18 |     update_cache: true
19 |   loop:
20 |     - "java-1.{{ javaVersion }}.0-openjdk"
21 |     - "java-1.{{ javaVersion }}.0-openjdk-devel"
22 |   when:
23 |     - ansible_distribution in ['CentOS', 'RedHat'] | list
24 |     - javaVersion | int <= 8
25 | 
26 | # INFO: Java 9 & 10 packages are not avilable
27 | - name: Install Openjdk | >= 11 | RedHat | if java version is greater than 11
28 |   ansible.builtin.yum:
29 |     name: "{{ item }}"
30 |     state: "{{ javaUpdateState | default('present') }}"
31 |     update_cache: true
32 |   loop:
33 |     - "java-{{ javaVersion }}-openjdk"
34 |     - "java-{{ javaVersion }}-openjdk-devel"
35 |   when:
36 |     - ansible_distribution in ['CentOS', 'RedHat'] | list
37 |     - javaVersion | int >= 11
38 | 
39 | - name: Install OpenJdk | {{ javaVersion }} | Debian/Ubuntu
40 |   ansible.builtin.apt:
41 |     name: "{{ item }}"
42 |     state: "{{ javaUpdateState | default('present') }}"
43 |     update_cache: true
44 |   loop:
45 |     - "openjdk-{{ javaVersion }}-jdk-headless"
46 |     - "openjdk-{{ javaVersion }}-jdk"
47 |   when: ansible_distribution in ['Debian', 'Ubuntu'] | list
48 | 
49 | - name: Install Openjdk | <= 8 | Amazon | if java version is less than 8
50 |   ansible.builtin.command: "amazon-linux-extras install java-1.{{ javaVersion }}.0-openjdk -y"
51 |   when:
52 |     - ansible_distribution in ['Amazon'] | list
53 |     - javaVersion | int <= 8
54 | 
55 | # INFO: Java 9 & 10 packages are not avilable
56 | - name: Install Openjdk | >= 11 | Amazon | if java version is greater than 11
57 |   ansible.builtin.command: "amazon-linux-extras install java-openjdk{{ javaVersion }} -y"
58 |   when:
59 |     - ansible_distribution in ['Amazon'] | list
60 |     - javaVersion | int >= 11


--------------------------------------------------------------------------------
/roles/java/tasks/javaHome.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Getting Java Home Path from System
 4 |   ansible.builtin.shell: "set -o pipefail && readlink -fsq $(which java) | sed 's:/jre/bin/java::'"
 5 |   register: javaHomeLocation
 6 |   changed_when: false
 7 | 
 8 | - name: removing Java Home | /etc/profile.d/java.sh
 9 |   ansible.builtin.blockinfile:
10 |     path: /etc/profile.d/java.sh
11 |     state: absent
12 |     mode: 0775
13 |     group: root
14 |     owner: root
15 |     create: true
16 |     block: |
17 |       export JAVA_HOME={{ javaHomeLocation.stdout }}
18 |       export PATH=$JAVA_HOME/bin:$PATH
19 | 


--------------------------------------------------------------------------------
/roles/java/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: checking java installation
 4 |   ansible.builtin.raw: which java
 5 |   register: javaRequired
 6 |   ignore_errors: true
 7 |   changed_when: false
 8 | 
 9 | - ansible.builtin.include_tasks: install.yml
10 |   when: javaRequired is failed or updateJava
11 | 
12 | # Not Required
13 | # As System Admin Team might upgrade Java Part of Patch Cycle
14 | # old version of java might cause issue.
15 | 
16 | #- name: Checking if Java_home setting is needed
17 | #   ansible.builtin.command:  /bin/bash -l -c "echo $JAVA_HOME"
18 | #   register: checkJavaHome
19 | #   changed_when: false
20 | 
21 | # - ansible.builtin.include_tasks: javaHome.yml
22 | #   when: checkJavaHome.stdout == ''
23 | 


--------------------------------------------------------------------------------
/roles/nri-zookeeper/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: install common utils
 4 |   ansible.builtin.packages:
 5 |     name: "{{ item }}"
 6 |     state: present
 7 |   loop:
 8 |     - nc
 9 | 
10 | - name: download newrelic pulgin for zookeeper
11 |   ansible.builtin.unarchieve:
12 |     src: "https://github.com/newrelic/nri-zookeeper/releases/download/{{ zookeeper_nri_pulgin_version }}/zookeeper-plugin-linux-amd64.tar.gz"
13 |     dest: /tmp
14 |     remote_src: true
15 | 
16 | - name: copying nri-zookeeper binary
17 |   ansible.builtin.copy:
18 |     src: "/tmp/zookeeper-plugin-{{ zookeeper_nri_pulgin_version }}/bin/nr-zookeeper"
19 |     dest: /var/db/newrelic-infra/newrelic-integrations/bin/
20 |     mode: 0755
21 | 
22 | - name: copying newrelic zookeeper-definition.yml
23 |   ansible.builtin.copy:
24 |     src: "/tmp/zookeeper-plugin-{{ zookeeper_nri_pulgin_version }}/zookeeper-definition.yml"
25 |     dest: /var/db/newrelic-infra/newrelic-integrations/
26 |     remote_Src: true
27 | 
28 | - name: copying zookeeper-config.yml
29 |   ansible.builtin.template:
30 |     src: zookeeper-config.yml
31 |     dest: /etc/newrelic-infra/integrations.d/
32 | 
33 | - name: restarting newrelic infra agent
34 |   ansible.builtin.service:
35 |     name: newrelic-infra
36 |     state: restarted
37 | 
38 | - name: remove temp files
39 |   ansible.builtin.file:
40 |     path: "/tmp/zookeeper-plugin-{{ zookeeper_nri_pulgin_version }}"
41 |     state: absent


--------------------------------------------------------------------------------
/roles/nri-zookeeper/templates/zookeeper-config.yml:
--------------------------------------------------------------------------------
 1 | integration_name: com.newrelic.zookeeper
 2 | 
 3 | instances:
 4 |   - name: {{ ansible_fqdn }}
 5 |     command: metrics
 6 |     arguments:
 7 |       host: localhost
 8 |       port: 2181
 9 |       cmd: nc
10 |     labels:
11 |       role: zookeeper
12 |       env: {{ zookeeperEnvironment }}


--------------------------------------------------------------------------------
/roles/portCheck/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Waiting for port | "{{ PortNumber }}" | to be | "{{ PortStatus }}"
 4 |   ansible.builtin.wait_for:
 5 |     host: "{{ ansible_host }}"
 6 |     port: "{{ PortNumber }}"
 7 |     state: "{{ PortStatus }}"
 8 |     timeout: 180
 9 |     delay: 10
10 | 


--------------------------------------------------------------------------------
/roles/service/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Creating Service File | zookeeper | RedHat
 4 |   ansible.builtin.template:
 5 |     src: service.j2
 6 |     dest: /usr/lib/systemd/system/zookeeper.service
 7 |   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux', 'RedHat'] | list
 8 | 
 9 | - name: Creating Service File | zookeeper | Debian/Ubuntu
10 |   ansible.builtin.template:
11 |     src: service.j2
12 |     dest: /lib/systemd/system/zookeeper.service
13 |   when: ansible_distribution in ['Debian', 'Ubuntu'] | list
14 | 


--------------------------------------------------------------------------------
/roles/service/templates/service.j2:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=Apache Zookeeper
 3 | Requires=network.target
 4 | After=network.target
 5 | 
 6 | [Service]
 7 | Type=forking
 8 | User={{ zookeeperUser }}
 9 | Group={{ zookeeperGroup }}
10 | 
11 | Environment=ZOO_LOG_DIR={{ zookeeperLogDir }}
12 | 
13 | ExecStart={{ zookeeperInstallDir }}/zookeeper/bin/zkServer.sh start {{ zookeeperInstallDir }}/zookeeper/conf/zoo.cfg
14 | ExecStop={{ zookeeperInstallDir }}/zookeeper/bin/zkServer.sh stop {{ zookeeperInstallDir }}/zookeeper/conf/zoo.cfg
15 | 
16 | Restart=no
17 | 
18 | [Install]
19 | WantedBy=multi-user.target


--------------------------------------------------------------------------------
/roles/serviceState/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - name: "{{ serviceName }} Service | {{ serviceState }}"
4 |   ansible.builtin.systemd:
5 |     name: "{{ serviceName }}"
6 |     state: "{{ serviceState }}"
7 |     enabled: true
8 |     daemon_reload: true


--------------------------------------------------------------------------------
/roles/systemUpgrade/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: system upgrade | RedHat
 4 |   ansible.builtin.yum:
 5 |     name: "*"
 6 |     state: latest
 7 |     update_cache: true
 8 |   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
 9 | 
10 | - block:
11 | 
12 |     - name: system upgrade | Debian
13 |       ansible.builtin.apt:
14 |         upgrade: dist
15 |         update_cache: true
16 | 
17 |     - name: removing unused packages | Debian
18 |       ansible.builtin.apt:
19 |         autoclean: true
20 |         autoremove: true
21 | 
22 |   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'


--------------------------------------------------------------------------------
/terraform/aws/cloudwatch-agent-policy.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Version": "2012-10-17",
 3 |     "Statement": [
 4 |       {
 5 |           "Action": "sts:AssumeRole",
 6 |           "Principal": {
 7 |           "Service": "ec2.amazonaws.com"
 8 |           },
 9 |           "Effect": "Allow",
10 |           "Sid": "AllowCloudwatchToSendLogs"
11 |       }
12 |     ]
13 | }


--------------------------------------------------------------------------------
/terraform/aws/data.tf:
--------------------------------------------------------------------------------
 1 | data "aws_ami" "amazon_ami" {
 2 |   most_recent = true
 3 |   owners      = ["amazon"]
 4 | 
 5 |   filter {
 6 |     name   = "owner-alias"
 7 |     values = ["amazon"]
 8 |   }
 9 | 
10 |   filter {
11 |     name   = "name"
12 |     values = ["amzn2-ami-hvm*"]
13 |   }
14 | 
15 | }


--------------------------------------------------------------------------------
/terraform/aws/ebs.tf:
--------------------------------------------------------------------------------
1 | resource "aws_ebs_volume" "this" {
2 |   count             = local.create ? var.zookeeper_nodes : 0
3 |   availability_zone = keys(var.az_subnet_mapping[count.index % local.subnet_count])[0]
4 |   size              = var.zookeeper_volume_size
5 |   encrypted         = true
6 |   type              = "gp3"
7 |   tags              = merge(local.tags, map("Name", "zookeeper-${var.env}-${count.index}"))
8 | }


--------------------------------------------------------------------------------
/terraform/aws/iam.tf:
--------------------------------------------------------------------------------
 1 | data "aws_iam_policy" "cloudwatchAgent" {
 2 |   arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
 3 | }
 4 | 
 5 | resource "aws_iam_role" "this" {
 6 |   count = local.create ? 1 : 0
 7 |   name  = "zookeeper-cloud-watch-agent-role-${var.env}"
 8 | 
 9 |   assume_role_policy = file("${path.module}/cloudwatch-agent-policy.json")
10 |   tags               = local.tags
11 | }
12 | 
13 | resource "aws_iam_role_policy_attachment" "this" {
14 |   count      = local.create ? 1 : 0
15 |   role       = aws_iam_role.this[0].name
16 |   policy_arn = data.aws_iam_policy.cloudwatchAgent.arn
17 | }
18 | 
19 | resource "aws_iam_instance_profile" "this" {
20 |   count = local.create ? 1 : 0
21 |   name  = "zookeeper-cloud-watch-agent-profile-${var.env}"
22 |   role  = aws_iam_role.this[0].name
23 | }


--------------------------------------------------------------------------------
/terraform/aws/instance.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_instance" "this" {
 2 |   count = local.create ? var.zookeeper_nodes : 0
 3 | 
 4 |   ami                    = data.aws_ami.amazon_ami.id
 5 |   instance_type          = var.instance_type
 6 |   key_name               = var.key_name
 7 |   subnet_id              = values(var.az_subnet_mapping[count.index % local.subnet_count])[0]
 8 |   vpc_security_group_ids = ["${aws_security_group.this[0].id}"]
 9 | 
10 |   root_block_device {
11 |     volume_type = "gp2"
12 |     volume_size = var.zookeeper_root_volume_size
13 |     encrypted   = true
14 |   }
15 | 
16 |   tags = merge(
17 |     local.tags,
18 |     map("Name", "zookeeper-node-${var.env}-${count.index}"),
19 |     map("ami", data.aws_ami.amazon_ami.name)
20 |   )
21 | 
22 |   monitoring           = false
23 |   iam_instance_profile = aws_iam_instance_profile.this[0].id
24 | 
25 |   availability_zone           = keys(var.az_subnet_mapping[count.index % local.subnet_count])[0]
26 |   associate_public_ip_address = var.associate_public_ip_address
27 | }
28 | 
29 | resource "aws_volume_attachment" "this" {
30 |   count        = local.create ? var.zookeeper_nodes : 0
31 |   device_name  = var.zookeeper_ebs_attach_location
32 |   volume_id    = element(aws_ebs_volume.this.*.id, count.index)
33 |   instance_id  = element(aws_instance.this.*.id, count.index)
34 |   force_detach = true
35 | }


--------------------------------------------------------------------------------
/terraform/aws/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 |   tags         = merge(var.tags, map("env", var.env))
3 |   subnet_count = length(var.az_subnet_mapping)
4 |   create       = var.zookeeper_nodes > 0 && local.subnet_count > 0 ? true : false
5 | }
6 | 


--------------------------------------------------------------------------------
/terraform/aws/output.tf:
--------------------------------------------------------------------------------
1 | output "public_ips" {
2 |   value = try(aws_instance.this[*].public_ip, [])
3 | }
4 | 
5 | output "private_dns" {
6 |   value = try(aws_instance.this[*].private_dns, [])
7 | }


--------------------------------------------------------------------------------
/terraform/aws/provider.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_version = ">= 0.12"
3 | }
4 | 
5 | provider aws {
6 |   region  = var.region
7 |   version = ">= 3.37, < 4"
8 | }


--------------------------------------------------------------------------------
/terraform/aws/readme.md:
--------------------------------------------------------------------------------
 1 | ## Requirements
 2 | 
 3 | | Name | Version |
 4 | |------|---------|
 5 | | terraform | >= 0.12 |
 6 | | aws | >= 3.37, < 4 |
 7 | 
 8 | ## Providers
 9 | 
10 | | Name | Version |
11 | |------|---------|
12 | | aws | >= 3.37, < 4 |
13 | 
14 | ## Inputs
15 | 
16 | | Name | Description | Type | Default | Required |
17 | |------|-------------|------|---------|:--------:|
18 | | allowed\_inbound\_client\_cidrs | list of cidrs to allow inbound client port (2181) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
19 | | allowed\_inbound\_ssh\_cidrs | list of cidrs to allow inbound ssh access from | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
20 | | associate\_public\_ip\_address | do you want to assign public ip to kafka instances? | `bool` | `true` | no |
21 | | az\_subnet\_mapping | list of map of private / public subnets with respective az | `list(map(string))` | <pre>[<br>  {<br>    "us-east-1a": "subnet-08eb68191564b2f17"<br>  },<br>  {<br>    "us-east-1b": "subnet-06575de9cbffc4085"<br>  },<br>  {<br>    "us-east-1c": "subnet-01ed603570aa2ee80"<br>  }<br>]</pre> | no |
22 | | env | environment name? | `string` | `"development"` | no |
23 | | instance\_type | Instance Type | `string` | `"t2.micro"` | no |
24 | | key\_name | aws ec2 ssh key pair name | `string` | `"davinder-terraform"` | no |
25 | | region | aws region | `string` | `"us-east-1"` | no |
26 | | tags | Tags to be Added to All Resources, except Env & Name Tag | `map(string)` | <pre>{<br>  "owner": "Terraform",<br>  "software": "Apache Zookeeper"<br>}</pre> | no |
27 | | vpc\_id | n/a | `string` | `"vpc-0646ae67a3f8ac6d7"` | no |
28 | | zookeeper\_ebs\_attach\_location | disk location in linux machine | `string` | `"/dev/sdc"` | no |
29 | | zookeeper\_nodes | how many nodes of zookeeper cluster is required? | `number` | `1` | no |
30 | | zookeeper\_root\_volume\_size | how much size of zookeeper root volume is required in GB? | `number` | `10` | no |
31 | | zookeeper\_volume\_size | how much size of zookeeper ebs volume is required in GB? | `number` | `50` | no |
32 | 
33 | ## Outputs
34 | 
35 | | Name | Description |
36 | |------|-------------|
37 | | private\_dns | n/a |
38 | | public\_ips | n/a |
39 | 
40 | 


--------------------------------------------------------------------------------
/terraform/aws/security-groups.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "this" {
 2 |   count       = local.create ? 1 : 0
 3 |   name        = "zookeeper-sg-${var.env}"
 4 |   description = "Allow Zookeeper traffic"
 5 |   vpc_id      = var.vpc_id
 6 | 
 7 |   ingress {
 8 |     from_port             = 0
 9 |     to_port               = 0
10 |     protocol              = "-1"
11 |     self                  = true
12 |     description = "allow traffic within sg"
13 |   }
14 | 
15 |   ingress {
16 |     from_port   = 22
17 |     to_port     = 22
18 |     protocol    = "tcp"
19 |     cidr_blocks = var.allowed_inbound_ssh_cidrs
20 |     description = "allow ssh connections"
21 |   }
22 | 
23 |   ingress {
24 |     from_port   = 2181
25 |     to_port     = 2181
26 |     protocol    = "tcp"
27 |     cidr_blocks = var.allowed_inbound_client_cidrs
28 |     description = "allow client connections"
29 |   }
30 | 
31 |   egress {
32 |     from_port   = 0
33 |     to_port     = 0
34 |     protocol    = "-1"
35 |     cidr_blocks = ["0.0.0.0/0"]
36 |   }
37 | 
38 |   tags = merge(local.tags, map("Name", "zookeeper-sg-${var.env}"))
39 | }


--------------------------------------------------------------------------------
/terraform/aws/var.tf:
--------------------------------------------------------------------------------
 1 | variable "region" {
 2 |   type        = string
 3 |   default     = "us-east-1"
 4 |   description = "aws region"
 5 | }
 6 | 
 7 | variable "env" {
 8 |   type        = string
 9 |   default     = "development"
10 |   description = "environment name?"
11 | }
12 | 
13 | variable "vpc_id" {
14 |   type    = string
15 |   default = "vpc-0646ae67a3f8ac6d7"
16 | }
17 | 
18 | variable "az_subnet_mapping" {
19 |   type = list(map(string))
20 |   default = [
21 |     { "us-east-1a" = "subnet-08eb68191564b2f17" },
22 |     { "us-east-1b" = "subnet-06575de9cbffc4085" },
23 |     { "us-east-1c" = "subnet-01ed603570aa2ee80" },
24 |   ]
25 |   description = "list of map of private / public subnets with respective az"
26 | }
27 | 
28 | variable "allowed_inbound_ssh_cidrs" {
29 |   type        = list(string)
30 |   default     = ["0.0.0.0/0"]
31 |   description = "list of cidrs to allow inbound ssh access from"
32 | }
33 | 
34 | variable "allowed_inbound_client_cidrs" {
35 |   type        = list(string)
36 |   default     = ["0.0.0.0/0"]
37 |   description = "list of cidrs to allow inbound client port (2181)"
38 | }
39 | 
40 | variable "instance_type" {
41 |   type        = string
42 |   default     = "t3a.xlarge"
43 |   description = "Instance Type"
44 | }
45 | 
46 | variable "key_name" {
47 |   type        = string
48 |   default     = "davinder-terraform"
49 |   description = "aws ec2 ssh key pair name"
50 | }
51 | 
52 | variable "zookeeper_nodes" {
53 |   type        = number
54 |   default     = 1
55 |   description = "how many nodes of zookeeper cluster is required?"
56 | }
57 | 
58 | variable "zookeeper_root_volume_size" {
59 |   type        = number
60 |   default     = 10
61 |   description = "how much size of zookeeper root volume is required in GB?"
62 | }
63 | 
64 | variable "zookeeper_volume_size" {
65 |   type        = number
66 |   default     = 50
67 |   description = "how much size of zookeeper ebs volume is required in GB?"
68 | }
69 | 
70 | variable "zookeeper_ebs_attach_location" {
71 |   type        = string
72 |   default     = "/dev/sdc"
73 |   description = "disk location in linux machine"
74 | }
75 | 
76 | variable "associate_public_ip_address" {
77 |   type        = bool
78 |   default     = true
79 |   description = "do you want to assign public ip to zookeeper instances?"
80 | }
81 | 
82 | variable "tags" {
83 |   type        = map(string)
84 |   description = "Tags to be Added to All Resources, except Env & Name Tag"
85 |   default = {
86 |     "owner"    = "Terraform"
87 |     "software" = "Apache Zookeeper"
88 |   }
89 | }
90 | 


--------------------------------------------------------------------------------
/terraform/oci/block_storage.tf:
--------------------------------------------------------------------------------
 1 | resource "oci_core_volume" "zookeeper-volume" {
 2 |   count               = var.zookeeper_instance_count
 3 |   availability_domain = var.instance_availability_domain
 4 |   compartment_id      = var.compartment_ocid
 5 |   display_name        = "zookeeper-volume-${count.index + 1}"
 6 |   size_in_gbs         = var.zookeeper_block_volume_size_gb
 7 | }
 8 | 
 9 | resource "oci_core_volume_attachment" "zookeeper_volume_attachment" {
10 |   count           = var.zookeeper_instance_count
11 |   attachment_type = "iscsi"
12 |   instance_id     = element(oci_core_instance.zookeeper.*.id, count.index)
13 |   volume_id       = element(oci_core_volume.zookeeper-volume.*.id, count.index)
14 | 
15 |   display_name                        = "zookeeper-volume-attachment-${count.index + 1}"
16 |   is_pv_encryption_in_transit_enabled = false
17 |   is_read_only                        = false
18 |   use_chap                            = false
19 | }
20 | 
21 | output "zookeeper-volume-attachment-details" {
22 |   value = oci_core_volume_attachment.zookeeper_volume_attachment[*].id
23 | }
24 | 


--------------------------------------------------------------------------------
/terraform/oci/provider.tf:
--------------------------------------------------------------------------------
1 | provider "oci" {
2 |   tenancy_ocid     = var.t_ocid
3 |   user_ocid        = var.u_ocid
4 |   fingerprint      = var.u_fingerprint
5 |   private_key_path = var.u_private_key_pem
6 |   region           = var.u_region
7 | }


--------------------------------------------------------------------------------
/terraform/oci/var.tf:
--------------------------------------------------------------------------------
 1 | variable "t_ocid" {
 2 |   description = "Root Tenant ID"
 3 |   default     = "ocid1.tenancy.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbdmaxhlduzwtxryat3zbha"
 4 | }
 5 | 
 6 | variable "u_ocid" {
 7 |   description = "User ID from compute console"
 8 |   default     = "ocid1.user.xxxxxxxxxxxxxxxxxxxxxxv5shhccn7uglfoxpsa"
 9 | }
10 | 
11 | variable "compartment_ocid" {
12 |   description = "Compartment ID"
13 |   default     = "ocid1.compartment.xxxxxxxxxxxxxxxxxxxxxxxxxxxxzba2f34w6vnw3yxaackla"
14 | }
15 | 
16 | variable "u_fingerprint" {
17 |   description = "User ID fingerprint from compute console"
18 |   default     = "f7:16:fd:xxxxxxxxxxxxxxxxxxxxx:ab:d4:ee:9a"
19 | }
20 | 
21 | variable "u_private_key_pem" {
22 |   description = "User Private PEM from Compute"
23 |   default     = "/home/davinderpal/.oci/oci_api_key.pem"
24 | }
25 | 
26 | variable "u_region" {
27 |   description = "User Region from Compute"
28 |   default     = "eu-frankfurt-1"
29 | }
30 | 
31 | variable "instance_image_ocid" {
32 |   description = "Oracle-Linux-7.6-2019.06.15-0"
33 |   default     = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaazfzlw2infpo3svzjgrcl237xsbod4l5yuzfpqdqmmawia2womz5q"
34 | }
35 | 
36 | variable "vcn_ocid" {
37 |   description = "Virtual Cloud Networt ID"
38 |   default     = "ocid1.vcn.oc1.eu-frankfurt-1.xxxxxxxxxxxxxxxxxxxxxxo734ycb3pn75cua"
39 | }
40 | 
41 | variable "subnet_ocid" {
42 |   description = "Subnet ID 1"
43 |   default     = "ocid1.subnet.oc1.eu-frankfurt-1.xxxxxxxxxxxxxxxxxxxxxxwpzaejapzt3vzuc2q"
44 | }
45 | 
46 | variable "instance_shape" {
47 |   description = "CPU:2,	RAM: 30GB, Block Storage only, Network:	2 Gbps,	NIC: 2"
48 |   default     = "VM.Standard2.2"
49 | }
50 | 
51 | variable "instance_availability_domain" {
52 |   description = "Region in which resource will be created or destoryed"
53 |   default     = "ExfZ:EU-FRANKFURT-1-AD-1"
54 | }
55 | 
56 | variable "secuirty" {
57 |   default = "ocid1.securitylist.oc1.eu-frankfurt-1.xxxxxxxxxxxxxxxxxxxx25ecj2sa6xe533giwiva"
58 | }
59 | 
60 | variable "ssh_public_key" {
61 |   default = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx rsa-key2047@Davinder_Pal"
62 | }
63 | 
64 | variable "zookeeper_instance_count" {
65 |   default = 3
66 | }
67 | 
68 | variable "zookeeper_block_volume_size_gb" {
69 |   default = 100
70 | }
71 | 
72 | variable "use_pblic_ip" {
73 |   type    = bool
74 |   default = true
75 | }
76 | 


--------------------------------------------------------------------------------
/terraform/oci/zookeeper.tf:
--------------------------------------------------------------------------------
 1 | resource "oci_core_instance" "zookeeper" {
 2 |   count               = var.zookeeper_instance_count
 3 |   availability_domain = var.instance_availability_domain
 4 |   compartment_id      = var.compartment_ocid
 5 |   shape               = var.instance_shape
 6 | 
 7 |   agent_config {
 8 |     is_monitoring_disabled = false
 9 |   }
10 |   create_vnic_details {
11 |     subnet_id        = var.subnet_ocid
12 |     assign_public_ip = var.use_public_ip
13 |   }
14 |   metadata = {
15 |     ssh_authorized_keys = var.ssh_public_key
16 |   }
17 |   display_name = "zookeeper-${count.index + 1}"
18 |   source_details {
19 |     source_id   = var.instance_image_ocid
20 |     source_type = "image"
21 |   }
22 |   preserve_boot_volume = false
23 | }
24 | 
25 | output "zookeeper-private-ip-details" {
26 |   value = oci_core_instance.zookeeper[*].private_ip
27 | }
28 | 
29 | output "zookeeper-public-ip-details" {
30 |   value = oci_core_instance.zookeeper[*].public_ip
31 | }


--------------------------------------------------------------------------------
/terraform/readme.md:
--------------------------------------------------------------------------------
 1 | # Terraform Guide
 2 | Use Terraform to create resources for Zookeeper in AWS and Other Cloud Provider and zookeeper being managed by Ansible.
 3 | 
 4 | ## How to Use for AWS?
 5 | * update `aws/var.tf` file with your requirements and variables.
 6 | * update your `~/.aws/credentials` file.
 7 | * export `AWS_PROFILE=<your aws profile>`.
 8 | * Run `terraform init` in `terraform/aws` folder.
 9 | * Run `terraform plan` to see resources which will be created.
10 | * Run `terraform apply` to create resources.
11 | 
12 | ## How to Use for OCI ( Oracle Cloud )?
13 | `OCI is not 100% tested version`
14 | 
15 | Ref: https://www.terraform.io/docs/providers/oci/index.html
16 | 
17 | * update `oci/var.tf` file with your requirements and variables.
18 | * set your OCI credentials.
19 | * Run `terraform init` in `terraform/oci` folder.
20 | * Run `terraform plan` to see resources which will be created.
21 | * Run `terraform apply` to create resources.
22 | 
23 | ## Terraform Tested Version
24 | ```
25 | $ terraform version
26 | Terraform v0.12.29
27 | + provider.aws v2.70.0
28 | 
29 | $ terraform version
30 | Terraform v0.12.29
31 | + provider.oci v3.86.0
32 | ```


--------------------------------------------------------------------------------