0bf6e14720
This removes the filesystem-based keystore in favor of only using ZooKeeper. Zuul will no longer load missing keys from the filesystem, nor will it write out decrypted copies of all keys to the filesystem. This is more secure since it allows sites better control over when and where secret data are written to disk. To provide for system backups to aid in disaster recovery in the case that the ZK data store is lost, two new scheduler commands are added: * export-keys * import-keys These write the password-protected versions of the keys (in fact, a raw dump of the ZK data) to the filesystem, and read the same data back in. An administrator can invoke export-keys before performing a system backup, and run import-keys to restore the data. A minor doc change recommending the use of ``zuul-scheduler stop`` was added as well, since that section is being updated. Change-Id: I5e6ea37c94ab73ec6f850591871c4127118414ed |
||
---|---|---|
.. | ||
fixtures | ||
nodepool | ||
remote | ||
unit | ||
zuul_client | ||
__init__.py | ||
base.py | ||
encrypt_secret.py | ||
fake_graphql.py | ||
fakegithub.py | ||
make_playbooks.py | ||
print_layout.py |