diff options
author | James E. Blair <jim@acmegating.com> | 2021-04-12 13:53:51 -0700 |
---|---|---|
committer | James E. Blair <jim@acmegating.com> | 2021-04-14 06:42:44 -0700 |
commit | 3647139920f977c4db0bd371366e41ca64b57060 (patch) | |
tree | f5f1c9d82812d5e5bae33a483c01519e146d6224 /etc | |
parent | dd2d7fee4c2b98c34a90d56710dc32ceff1e8581 (diff) | |
download | zuul-3647139920f977c4db0bd371366e41ca64b57060.tar.gz |
Move key_store_password to keystore section in zuul.conf
This is likely to be needed by executors as well since passing
decrypted secrets to the executors via zookeeper has the same
encrypted-at-rest concerns as they keystore itself. To avoid
confusion around executors needing a zuul.conf with a scheduler
section, start a new keystore section which we can later indicate
is used by schedulers and executors. It also makes it convenient
to add new options (like those dealing with rotation, or even
using an external keystore).
Also change some log levels from debug to info where it's useful
for the operator to know that the backup keystore was used (or
a key was generated).
Change-Id: If2491bbe4eb80b76435a274cf5354a4918315e65
Diffstat (limited to 'etc')
-rw-r--r-- | etc/zuul.conf-sample | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/zuul.conf-sample b/etc/zuul.conf-sample index 318498254..4a83e04ed 100644 --- a/etc/zuul.conf-sample +++ b/etc/zuul.conf-sample @@ -18,8 +18,10 @@ start=true ;ssl_key=/path/to/server.key ;port=4730 +[keystore] +password=secret + [scheduler] -key_store_password=secret tenant_config=/etc/zuul/main.yaml log_config=/etc/zuul/logging.conf pidfile=/var/run/zuul/zuul.pid |