The java::security is obsolete and replaced by the hardened_tls=true of profile::java.
profile::hadoop::common and profile::kafka::broker still use java::security and should move to the new structure eventually (and java::security removed).
The java::security is obsolete and replaced by the hardened_tls=true of profile::java.
profile::hadoop::common and profile::kafka::broker still use java::security and should move to the new structure eventually (and java::security removed).
Can we add defaults for the profile::java parameters? I see some duplicate values copy and pasted in quite a few role yamls already.
Oh, you put the defaults in the common/profile/java.yaml class parameter hiera? Huh. I had thought that wasn't allowed:
https://wikitech.wikimedia.org/wiki/Puppet_coding#Hiera
?
Change 692626 had a related patch set uploaded (by Ottomata; author: Ottomata):
[operations/puppet@production] Hadoop - set hardened_tls: true and remove java::securty from hadoop::common
Change 692734 had a related patch set uploaded (by Ottomata; author: Ottomata):
[operations/puppet@production] kafka - Use hardened_tls instead of java::security if $ssl_enabled
Change 692626 merged by Elukey:
[operations/puppet@production] Hadoop - set hardened_tls: true and remove java::securty from hadoop::common
Change 692734 merged by Ottomata:
[operations/puppet@production] kafka - Use hardened_tls instead of java::security if $ssl_enabled
Had to revert Kafka change: https://gerrit.wikimedia.org/r/c/operations/puppet/+/692661
Can un-revert after T279342: Migrate colocated kafka-logging brokers to dedicated kafka-logging hosts is done.
Change 719261 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):
[operations/puppet@production] Remove obsolete java::security
Change 719261 merged by Muehlenhoff:
[operations/puppet@production] Remove obsolete java::security