Add release note about additional zuul-web requirements

Two issues were observed:

* Zuul-web required MQTT connection secrets
* Zuul-web required the keystore password

The first is now required because zuul-web must instantiate a
connection object for each defined connection in order to parse
pipeline definitions.

The second is an oversight in documentation.  Zuul-web does use
the keystore to answer requests for public keys now (and we generate
public keys from private keys), so it does legitimately need access
to the keystore.  This change adds a release note to indicate that
(our original release note for the keystore indicated that only the
scheduler and executor require it), and updates the documentation
for zuul-web to indicate it is required.

Change-Id: I4673c28272576e1e5d6d8123a93fb46abfc85348
This commit is contained in:
James E. Blair 2022-01-13 10:49:47 -08:00
parent b9f35466a8
commit 297e3ba1e1
2 changed files with 20 additions and 0 deletions

View File

@ -926,6 +926,13 @@ sections of ``zuul.conf`` are used by the web server:
If this is used the finger gateways should be configured accordingly.
.. attr:: keystore
.. attr:: password
:required:
Encryption password for private data stored in Zookeeper.
Authentication
~~~~~~~~~~~~~~

View File

@ -0,0 +1,13 @@
---
upgrade:
- |
Zuul-web now requires access to the Zookeeper keystore. Ensure that
the :attr:`keystore.password` option is included in ``zuul.conf``
on at least the scheduler, executor, and web servers (it may be included
on all components if desired).
- |
Zuul-web requires information for all defined connections.
Previously, zuul-web may have started without all of the
connections fully defined in its config file, or with some
requirements (such as keys used for connecting to remote services)
present. They are now required in order for zuul-web to start.