diff --git a/.buildkite/scripts/standup-cluster.sh b/.buildkite/scripts/standup-cluster.sh index afa4377..884758a 100755 --- a/.buildkite/scripts/standup-cluster.sh +++ b/.buildkite/scripts/standup-cluster.sh @@ -50,6 +50,7 @@ if [ -z "$PREFIX" ] || [ -z "$DISTRO" ] || [ -z "$UNSTABLE" ] || [ -z "$TIERED" exit 1 fi +trap cleanup EXIT INT TERM cleanup() { exit_code=$? echo "trapped exit, cleaning up" @@ -63,7 +64,6 @@ cleanup() { }' exit $exit_code } -trap cleanup EXIT INT TERM if [ -z "$MACHINE_ARCH" ]; then MACHINE_ARCH="x86_64" @@ -105,7 +105,7 @@ echo "building cluster" DEPLOYMENT_ID=$PREFIX DISTRO=$DISTRO IS_USING_UNSTABLE=$UNSTABLE task "create-$TASK_NAME" error_code=$? if [ $error_code -ne 0 ]; then - echo "error in ansible standup" + echo "error in create $TASK_NAME" exit 1 fi @@ -113,7 +113,7 @@ echo "testing cluster" DEPLOYMENT_ID=$PREFIX DISTRO=$DISTRO task "test-$TASK_NAME" error_code=$? if [ $error_code -ne 0 ]; then - echo "error in test-tls-cluster" + echo "error in test $TASK_NAME" exit 1 fi diff --git a/.buildkite/scripts/test-basic-cluster.sh b/.buildkite/scripts/test-basic-cluster.sh index 80c5997..1f02a7a 100755 --- a/.buildkite/scripts/test-basic-cluster.sh +++ b/.buildkite/scripts/test-basic-cluster.sh @@ -45,16 +45,16 @@ sed 's/,$/\n/') ## test that we can check status, create a topic and produce to the topic echo "checking cluster status" -"${PATH_TO_RPK_FILE}" cluster status --brokers "$REDPANDA_BROKERS" -v || exit 1 +"${PATH_TO_RPK_FILE}" cluster status --user admin --password admin --brokers "$REDPANDA_BROKERS" -v || exit 1 echo "creating topic" "${PATH_TO_RPK_FILE}" topic create testtopic --brokers "$REDPANDA_BROKERS" -v || exit 1 echo "producing to topic" -echo squirrel | "${PATH_TO_RPK_FILE}" topic produce testtopic --brokers "$REDPANDA_BROKERS" -v || exit 1 +echo squirrel | "${PATH_TO_RPK_FILE}" topic produce --user admin --password admin testtopic --brokers "$REDPANDA_BROKERS" -v || exit 1 echo "consuming from topic" -"${PATH_TO_RPK_FILE}" topic consume testtopic --brokers "$REDPANDA_BROKERS" -v -o :end | grep squirrel || exit 1 +"${PATH_TO_RPK_FILE}" topic consume --user admin --password admin testtopic --brokers "$REDPANDA_BROKERS" -v -o :end | grep squirrel || exit 1 echo "testing schema registry" for ip_port in $(echo $REDPANDA_REGISTRY | tr ',' ' '); do curl $ip_port/subjects ; done diff --git a/.buildkite/scripts/test-tiered-storage-cluster.sh b/.buildkite/scripts/test-tiered-storage-cluster.sh index 1e1f3b8..35433f6 100755 --- a/.buildkite/scripts/test-tiered-storage-cluster.sh +++ b/.buildkite/scripts/test-tiered-storage-cluster.sh @@ -56,23 +56,28 @@ sed 's/,$/\n/') ## test that we can check status, create a topic and produce to the topic echo "checking cluster status" -"${PATH_TO_RPK_FILE}" cluster status --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v || exit 1 +"${PATH_TO_RPK_FILE}" cluster status --user admin --password password --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v || exit 1 echo "creating topic" -"${PATH_TO_RPK_FILE}" topic create testtopic \ +"${PATH_TO_RPK_FILE}" topic create --user admin --password password testtopic \ --brokers "$REDPANDA_BROKERS" \ --tls-truststore "$PATH_TO_CA_CRT" \ -v || exit 1 echo "producing to topic" -echo squirrels | "${PATH_TO_RPK_FILE}" topic produce testtopic --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v || exit 1 +echo squirrels | "${PATH_TO_RPK_FILE}" topic produce --user admin --password password testtopic --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v || exit 1 sleep 30 echo "consuming from topic" -testoutput=$("${PATH_TO_RPK_FILE}" topic consume testtopic --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v -o :end) +testoutput=$("${PATH_TO_RPK_FILE}" topic consume --user admin --password password testtopic --brokers "$REDPANDA_BROKERS" --tls-truststore "$PATH_TO_CA_CRT" -v -o :end) echo $testoutput | grep squirrels || exit 1 +"${PATH_TO_RPK_FILE}" acl user list --user admin --password password \ +--brokers "$REDPANDA_BROKERS" \ +--tls-truststore "$PATH_TO_CA_CRT" \ +-v || exit 1 + echo "testing schema registry" for ip_port in $(echo $REDPANDA_REGISTRY | tr ',' ' '); do curl $ip_port/subjects -k --cacert "$PATH_TO_CA_CRT" ; done diff --git a/Taskfile.yaml b/Taskfile.yaml index 055fb4b..fc8d516 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -51,9 +51,9 @@ tasks: vars: SSH_EMAIL: '{{default "test@redpanda.com" .SSH_EMAIL | lower}}' cmds: - - ssh-keygen -t rsa -b 4096 -C "{{.SSH_EMAIL}}" -N "" -f artifacts/testkey <<< y && chmod 0700 artifacts/testkey + - ssh-keygen -t rsa -b 4096 -C "{{.SSH_EMAIL}}" -N "" -f {{ .PRIVATE_KEY }} <<< y && chmod 0700 {{ .PRIVATE_KEY }} status: - - test f artifacts/testkey + - test -f {{ .PRIVATE_KEY }} build: desc: init and apply terraform diff --git a/ansible/provision-basic-cluster.yml b/ansible/provision-basic-cluster.yml index ca3b0af..a7316b9 100644 --- a/ansible/provision-basic-cluster.yml +++ b/ansible/provision-basic-cluster.yml @@ -7,6 +7,7 @@ vars: advertise_public_ips: true redpanda_version: latest + enable_sasl: true tasks: - name: Install system prereqs ansible.builtin.include_role: @@ -22,6 +23,7 @@ advertise_public_ips: true redpanda_version: latest install_console: true + enable_sasl: true tasks: - name: Install and start redpanda console ansible.builtin.include_role: diff --git a/ansible/provision-tiered-storage-cluster.yml b/ansible/provision-tiered-storage-cluster.yml index 391975a..d5bc063 100644 --- a/ansible/provision-tiered-storage-cluster.yml +++ b/ansible/provision-tiered-storage-cluster.yml @@ -22,6 +22,7 @@ ca_cert_file: "tls/ca/ca.crt" node_cert_file: "tls/certs/{{ansible_hostname}}/node.crt" cloud_storage_credentials_source: "aws_instance_metadata" + enable_sasl: true tasks: - name: Install and configure CA certs for running tls ansible.builtin.include_role: @@ -33,6 +34,10 @@ ansible.builtin.include_role: name: redpanda.cluster.redpanda_broker when: not skip_node | default(false) | bool + - name: Add Users and ACLs + ansible.builtin.include_role: + name: redpanda.cluster.user_config + when: not skip_node | default(false) | bool - name: Provision redpanda console hosts: client @@ -46,6 +51,7 @@ root_ca_dir: "{{ playbook_dir }}/tls/ca" ca_cert_file: "tls/ca/ca.crt" node_cert_file: "tls/certs/{{ansible_hostname}}/node.crt" + enable_sasl: true tasks: - name: Install and configure CA certs for running tls ansible.builtin.include_role: @@ -54,3 +60,6 @@ ansible.builtin.include_role: name: redpanda.cluster.redpanda_broker when: not skip_node | default(false) | bool + - name: Configure client for use with RPK + ansible.builtin.include_role: + name: redpanda.cluster.client_config diff --git a/ansible/provision-tls-cluster.yml b/ansible/provision-tls-cluster.yml index 1606e20..44f6ea9 100644 --- a/ansible/provision-tls-cluster.yml +++ b/ansible/provision-tls-cluster.yml @@ -20,6 +20,7 @@ redpanda_version: latest ca_cert_file: "tls/ca/ca.crt" node_cert_file: "tls/certs/{{ansible_hostname}}/node.crt" + enable_sasl: true tasks: - name: Install and configure CA certs for running tls ansible.builtin.include_role: @@ -31,6 +32,10 @@ ansible.builtin.include_role: name: redpanda.cluster.redpanda_broker when: not skip_node | default(false) | bool + - name: Add Users and ACLs + ansible.builtin.include_role: + name: redpanda.cluster.user_config + when: not skip_node | default(false) | bool - name: Provision redpanda console hosts: client @@ -44,6 +49,7 @@ root_ca_dir: "{{ playbook_dir }}/tls/ca" ca_cert_file: "tls/ca/ca.crt" node_cert_file: "tls/certs/{{ansible_hostname}}/node.crt" + enable_sasl: true tasks: - name: Install and configure CA certs for running tls ansible.builtin.include_role: