diff options
| author | James E. Blair <jim@acmegating.com> | 2022-01-06 13:06:05 -0800 |
|---|---|---|
| committer | James E. Blair <jim@acmegating.com> | 2022-01-11 13:27:49 -0800 |
| commit | 488c99dab31d8167291af3ddbfd7e73f4e125024 (patch) | |
| tree | b7cd3c175ea11665f3dc2ebc5e0de6fb0d48bb97 /playbooks | |
| parent | 02efa8fb28af77c63990722f9b21241132a7de60 (diff) | |
| download | zuul-488c99dab31d8167291af3ddbfd7e73f4e125024.tar.gz | |
Offload FrozenJob secrets
The following potential problems were observed with FrozenJob secrets:
1) They may be repetitive: since the FrozenJob contains
lists of playbooks and each playbook record has a copy of all the
secrets which should be used for that playbook, if a job has multiple
playbooks the secrets will be repeated for each job. Consider a base
job with three playbooks: the base job's secrets will be included
three times.
2) They may be large: secrets in ZK are stored encrypted and suffer the
same size explosion that they do when encrypted into zuul.yaml files.
3) Take #1 and #2 together and we have the possibility of having FrozenJob
objects that are larger than 1MB which is a problem for ZK.
Address all three issues by offloading the secrets to a new ZK node if
they are large (using the existing JobData framework) and de-duplicate
them and refer to them by index.
There is no backwards compatability handling here, so the ZK state needs
to be deleted.
Change-Id: I32133e8dd0e933528381f1187d270142046ff08f
Diffstat (limited to 'playbooks')
0 files changed, 0 insertions, 0 deletions