From 297e3ba1e11694a98a98eba9703adec2730754bd Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 13 Jan 2022 10:49:47 -0800 Subject: [PATCH] Add release note about additional zuul-web requirements Two issues were observed: * Zuul-web required MQTT connection secrets * Zuul-web required the keystore password The first is now required because zuul-web must instantiate a connection object for each defined connection in order to parse pipeline definitions. The second is an oversight in documentation. Zuul-web does use the keystore to answer requests for public keys now (and we generate public keys from private keys), so it does legitimately need access to the keystore. This change adds a release note to indicate that (our original release note for the keystore indicated that only the scheduler and executor require it), and updates the documentation for zuul-web to indicate it is required. Change-Id: I4673c28272576e1e5d6d8123a93fb46abfc85348 --- doc/source/configuration.rst | 7 +++++++ .../notes/web-keystore-config-63c234fcc4b1bdbe.yaml | 13 +++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 releasenotes/notes/web-keystore-config-63c234fcc4b1bdbe.yaml diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 26b861bfc3..3203207379 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -926,6 +926,13 @@ sections of ``zuul.conf`` are used by the web server: If this is used the finger gateways should be configured accordingly. +.. attr:: keystore + + .. attr:: password + :required: + + Encryption password for private data stored in Zookeeper. + Authentication ~~~~~~~~~~~~~~ diff --git a/releasenotes/notes/web-keystore-config-63c234fcc4b1bdbe.yaml b/releasenotes/notes/web-keystore-config-63c234fcc4b1bdbe.yaml new file mode 100644 index 0000000000..a791f09dbc --- /dev/null +++ b/releasenotes/notes/web-keystore-config-63c234fcc4b1bdbe.yaml @@ -0,0 +1,13 @@ +--- +upgrade: + - | + Zuul-web now requires access to the Zookeeper keystore. Ensure that + the :attr:`keystore.password` option is included in ``zuul.conf`` + on at least the scheduler, executor, and web servers (it may be included + on all components if desired). + - | + Zuul-web requires information for all defined connections. + Previously, zuul-web may have started without all of the + connections fully defined in its config file, or with some + requirements (such as keys used for connecting to remote services) + present. They are now required in order for zuul-web to start.