Add zuul keystore password

This matches the proposal in https://review.opendev.org/785972 It's safe to merge now (secret storage on bridge is updated) and get ahead of the curve. It's harmless to add unused items. Change-Id: I942ef5f95f9f1afe39b7d9a044276bfb338d6760
2021-04-12 14:58:07 -07:00 · 2021-04-12 14:58:07 -07:00 · 4505baf9f9
commit 4505baf9f9
parent dd8dca09f8
3 changed files with 7 additions and 0 deletions
--- a/playbooks/roles/zuul/templates/zuul.conf.j2
+++ b/playbooks/roles/zuul/templates/zuul.conf.j2
@ -35,6 +35,11 @@ tls_key=/etc/zuul/keys/key.pem
 tls_ca=/etc/zuul/certs/cacert.pem
 session_timeout=40

+[keystore]
+{% if zuul_keystore_password is defined -%}
+password={{ zuul_keystore_password }}
+{% endif -%}
+
 [statsd]
 server=graphite.opendev.org

--- a/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2
@ -27,3 +27,4 @@ nodepool_test_node_ssh_private_key_contents: |
  kKs0kTPPsrkufb/VkksOGVP6WqcaHIfEbcTqxapjrBgLPhPQ9zDI5JSVziJkh4XGzmGNw6
  2oaCng9UyII8j8R3AAAAH21vcmRyZWRATWFjQm9vay1BaXIubG9jYWxkb21haW4BAgM=
  -----END OPENSSH PRIVATE KEY-----
+zuul_keystore_password: secretpassword
--- a/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2
@ -109,3 +109,4 @@ zuul_ssh_private_key_contents: |
  X58RKjrCY/UVW4xaMikMXZuTzq2F4KA0F5rpFD+1E00UledMWq7u1o1R1qnFEW6z/B9rUl
  TFg6lZUdaYGinDUAAAAfbW9yZHJlZEBNYWNCb29rLUFpci5sb2NhbGRvbWFpbgECAwQ=
  -----END OPENSSH PRIVATE KEY-----
+zuul_keystore_password: secretpassword