49d945b5bd
This removes the filesystem-based keystore in favor of only using ZooKeeper. Zuul will no longer load missing keys from the filesystem, nor will it write out decrypted copies of all keys to the filesystem. This is more secure since it allows sites better control over when and where secret data are written to disk. To provide for system backups to aid in disaster recovery in the case that the ZK data store is lost, two new scheduler commands are added: * export-keys * import-keys These write the password-protected versions of the keys (in fact, a raw dump of the ZK data) to the filesystem, and read the same data back in. An administrator can invoke export-keys before performing a system backup, and run import-keys to restore the data. A minor doc change recommending the use of ``zuul-scheduler stop`` was added as well; this is left over from a previous version of this change but warrants updating. This also removes the test_keystore test file; key generation is tested in test_v3, and key usage is tested by tests which have encrypted secrets. Change-Id: I5e6ea37c94ab73ec6f850591871c4127118414ed
14 lines
553 B
YAML
14 lines
553 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Zuul no longer reads or writes project private key files from the
|
|
scheduler's filesystem. In order to load existing keys into
|
|
ZooKeeper, run version 4.6.0 of the scheduler at least once, if
|
|
you haven't already.
|
|
|
|
A new command ``zuul export-keys`` has been added to export the
|
|
encrypted keys from ZooKeeper onto the filesystem for backup.
|
|
Likewise, ``zuul import-keys`` will load a previously-exported
|
|
backup into ZooKeeper. It is recommended that you use these
|
|
commands in system backup scripts.
|