summaryrefslogtreecommitdiff
path: root/releasenotes/notes
diff options
context:
space:
mode:
authorJames E. Blair <jim@acmegating.com>2022-01-06 13:06:05 -0800
committerJames E. Blair <jim@acmegating.com>2022-01-11 13:27:49 -0800
commit488c99dab31d8167291af3ddbfd7e73f4e125024 (patch)
treeb7cd3c175ea11665f3dc2ebc5e0de6fb0d48bb97 /releasenotes/notes
parent02efa8fb28af77c63990722f9b21241132a7de60 (diff)
downloadzuul-488c99dab31d8167291af3ddbfd7e73f4e125024.tar.gz
Offload FrozenJob secrets
The following potential problems were observed with FrozenJob secrets: 1) They may be repetitive: since the FrozenJob contains lists of playbooks and each playbook record has a copy of all the secrets which should be used for that playbook, if a job has multiple playbooks the secrets will be repeated for each job. Consider a base job with three playbooks: the base job's secrets will be included three times. 2) They may be large: secrets in ZK are stored encrypted and suffer the same size explosion that they do when encrypted into zuul.yaml files. 3) Take #1 and #2 together and we have the possibility of having FrozenJob objects that are larger than 1MB which is a problem for ZK. Address all three issues by offloading the secrets to a new ZK node if they are large (using the existing JobData framework) and de-duplicate them and refer to them by index. There is no backwards compatability handling here, so the ZK state needs to be deleted. Change-Id: I32133e8dd0e933528381f1187d270142046ff08f
Diffstat (limited to 'releasenotes/notes')
-rw-r--r--releasenotes/notes/offloaded-secrets-c1e1d70158bf68b4.yaml9
1 files changed, 9 insertions, 0 deletions
diff --git a/releasenotes/notes/offloaded-secrets-c1e1d70158bf68b4.yaml b/releasenotes/notes/offloaded-secrets-c1e1d70158bf68b4.yaml
new file mode 100644
index 000000000..ccf6aa2ff
--- /dev/null
+++ b/releasenotes/notes/offloaded-secrets-c1e1d70158bf68b4.yaml
@@ -0,0 +1,9 @@
+---
+upgrade:
+ - |
+ Due to a change in the ZooKeeper data format, the following
+ upgrade procedure is required:
+
+ * Stop all Zuul components
+ * Run ``zuul delete-state``
+ * Start all Zuul components