Page MenuHomePhabricator
Create Task
Maniphest T379776

Enable SSL client authentication on haproxykafka
Open, Needs TriagePublic
Actions

Description

The current haproxykafka code already supports the ssl.key.location and ssl.cert.location and I've already tested it using the varnishkafka certificate/key for this.

What is needed now is:

  • Generate the required key/cert signed by the correct CA (cergen? cfssl?)
  • Create puppet code to bring it to the correct place in the haproxykafka module/profile

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
haproxykafka: enable ssl authenticationoperations/puppetproduction+68 -35
haproxykafka: missing variable in mergeoperations/puppetproduction+32 -28
haproxykafka: fix permissions on ssl filesoperations/puppetproduction+27 -0
haproxykafka: working on TLS client authentication to kafkaoperations/puppetproduction+30 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Fabfur created this task.Nov 13 2024, 4:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 13 2024, 4:08 PM
gerritbot added a comment.Nov 13 2024, 5:33 PM

Change #1090915 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] haproxykafka: working on TLS client authentication to kafka

https://gerrit.wikimedia.org/r/1090915

gerritbot added a project: Patch-For-Review.Nov 13 2024, 5:33 PM
gerritbot added a comment.Nov 20 2024, 11:55 AM

Change #1090915 merged by Fabfur:

[operations/puppet@production] haproxykafka: working on TLS client authentication to kafka

https://gerrit.wikimedia.org/r/1090915

gerritbot added a comment.Nov 20 2024, 12:02 PM

Change #1093317 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] haproxykafka: fix permissions on ssl files

https://gerrit.wikimedia.org/r/1093317

Fabfur closed subtask T380373: Allow TLS authenticated client to write on new topics as Resolved.Nov 21 2024, 5:44 PM
gerritbot added a comment.Nov 21 2024, 5:46 PM

Change #1093317 merged by Fabfur:

[operations/puppet@production] haproxykafka: fix permissions on ssl files

https://gerrit.wikimedia.org/r/1093317

gerritbot added a comment.Nov 21 2024, 5:58 PM

Change #1093975 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] haproxykafka: missing variable in merge

https://gerrit.wikimedia.org/r/1093975

gerritbot added a comment.Nov 21 2024, 7:01 PM

Change #1093990 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] haproxykafka: enable ssl authentication

https://gerrit.wikimedia.org/r/1093990

Fabfur edited parent tasks, added: T370668: New software: haproxykafka; removed: T374128: haproxykafka minor features.Apr 3 2025, 8:31 AM
Fabfur added a project: HaproxyKafka.May 20 2025, 11:06 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits