[openstack-dev] Zuul v3 - What's Coming: What to expect with the Zuul v3 Rollout
bogdando at mail.ru
bogdando at mail.ru
Fri Mar 3 13:08:07 UTC 2017
That's great news! In-repo configs will speed up development for teams,
with a security caveat for infrastructure team to keep in mind. The
ansible runner CI node which runs playbooks for defined jobs, should not
content sensitive information, like keys and secrets in files or
exported env vars, unless they are a one time or limited in time. The
same applies to the nodepool nodes allocated for a particular CI test
run. Otherwise, a malformed patch could make ansible to cat/echo all of
the secrets to the publicly available build logs.
> ________________________________________
> From: Monty Taylor [mordred at inaugust.com]
> Sent: 01 March 2017 7:26
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] Zuul v3 - What's Coming: What to expect with
the Zuul v3 Rollout
>
> ...
> * Self-testing In-Repo Job Config
> * Ansible Job Content
> ...
--
Best regards,
Bogdan Dobrelya,
Irc #bogdando
--
Best regards,
Bogdan Dobrelya,
Irc #bogdando
More information about the OpenStack-dev
mailing list