Improve documentation around ZK requirements

Zuul requires ZK connections are encrypted and ZK 3.5.1 or newer is required to make that happen. Make this a bit more clear in the documentation. Story: 2009317 Change-Id: Icb335f69446f7db3d3e1e018d031c31c9a2be98b
2022-01-12 10:28:42 -08:00
parent 02efa8fb28
commit 7bc45b02d7
2 changed files with 5 additions and 2 deletions
--- a/doc/source/howtos/zookeeper.rst
+++ b/doc/source/howtos/zookeeper.rst
@@ -25,6 +25,7 @@ will avoid filling the disk.
 Encrypted Connections
 ---------------------

+Zuul requires its connections to ZooKeeper are TLS encrypted.
 ZooKeeper version 3.5.1 or greater is required for TLS support.
 ZooKeeper performs hostname validation for all ZooKeeper servers
 ("quorum members"), therefore each member of the ZooKeeper cluster
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@@ -38,9 +38,11 @@ ZooKeeper
 Nodepool uses ZooKeeper to communicate internally among its
 components, and also to communicate with Zuul.  You can run a simple
 single-node ZooKeeper instance, or a multi-node cluster.  Ensure that
-the host running the Zuul scheduler has access to the cluster.  See
+the host running the Zuul scheduler has access to the cluster.  Zuul
+requires its connections to ZooKeeper be TLS encrypted. ZooKeeper
+TLS connectivity requires ZooKeeper 3.5.1 or newer. See
 :ref:`howto-zookeeper` for recommendations for operating a small
-ZooKeeper cluster.
+ZooKeeper cluster that meet these requirements.

 Zuul stores private keys for each project it knows about in ZooKeeper.
 It is recommended that you periodically back up the private keys in