Reload kafka TLS listeners automatically when updating the cert
Related to T2544
Test Plan
Running the commands manually on kafka1 made it properly present its new certificate on both ports (checked with openssl s_client -connect -showcerts | openssl x509 -text).
octocatalog-diff on kafka[1-4] and journal0 yield the same results:
*** Running octocatalog-diff on host kafka1.internal.softwareheritage.org
I, [2021-06-14T13:01:47.205782 #136015] INFO -- : Catalogs compiled for kafka1.internal.softwareheritage.org
I, [2021-06-14T13:01:47.449599 #136015] INFO -- : Diffs computed for kafka1.internal.softwareheritage.org
diff origin/production/kafka1.internal.softwareheritage.org current/kafka1.internal.softwareheritage.org
*******************************************
+ Exec[kafka-reload-tls:EXTERNAL] =>
parameters =>
"command": ["/opt/kafka/bin/kafka-configs.sh", "--bootstrap-server", "kafka1.internal.softwareheritage.org:9092", "--entity-name", "1", "--entity-type", "brokers", "--add-config", "listener.name.EXTERNAL.ssl.keystore.location=/opt/kafka/config/broker.ks", "--alter"]
"refreshonly": true
*******************************************
+ Exec[kafka-reload-tls:INTERNAL] =>
parameters =>
"command": ["/opt/kafka/bin/kafka-configs.sh", "--bootstrap-server", "kafka1.internal.softwareheritage.org:9092", "--entity-name", "1", "--entity-type", "brokers", "--add-config", "listener.name.INTERNAL.ssl.keystore.location=/opt/kafka/config/broker.ks", "--alter"]
"refreshonly": true
*******************************************
- File[/opt/kafka/config/kafka_broker_jaas.conf]
*******************************************
Java_ks[kafka:broker] =>
parameters =>
notify =>
+ ["Exec[kafka-reload-tls:EXTERNAL]", "Exec[kafka-reload-tls:INTERNAL]"]
*******************************************
*** End octocatalog-diff on kafka1.internal.softwareheritage.orgMigrated from D5864 (view on Phabricator)