First, create the VPC by using https://github.com/sknop/bootcamp-vpc. The output of the terraform script serves as the input into these Ansible scripts.
Hashicorp Vault is used to generate the CA (certificate authority) for the entire bootcamp and to generate the certificates for Samba, the Confluent services and for the applications.
Edit the file inventory. You need to adjust the IP address of your samba host:
vault ansible_host=54.78.227.71
Your jumphost:
jumphost ansible_host=52.210.210.44
The location of the SSL key generated by the above terraform script.
ansible_ssh_private_key_file=/Users/Sven/IdeaProjects/bootcamp-vpc/bootcamp.pem
And the desired name of your domain:
domain_name=bootcamp.confluent.io
Since there is only a single Route 53 for the whole AWS account, it is recommended to adjust the domain for your region, for example
domain_name=bootcamp-apac.confluent.io
Once done run command:
ansible-playbook playbook.yml
This will install the infrastructure required to create a fully secured Confluent cluster via https://github.com/sknop/bootcamp-terraform and cp-ansible.
- Vault
- Samba
- Root CA
- Intermediate CA
- truststore
- Webservice that will serve both service and client certificates and Kerberos keytabs