That's great news! In-repo configs will speed up development for teams, with a security caveat for infrastructure team to keep in mind. The ansible runner CI node which runs playbooks for defined jobs, should not content sensitive information, like keys and secrets in files or exported env vars, unless they are a one time or limited in time. The same applies to the nodepool nodes allocated for a particular CI test run. Otherwise, a malformed patch could make ansible to cat/echo all of the secrets to the publicly available build logs.
> ________________________________________ > From: Monty Taylor [mordred at inaugust.com] > Sent: 01 March 2017 7:26 > To: OpenStack Development Mailing List (not for usage questions) > Subject: [openstack-dev] Zuul v3 - What's Coming: What to expect with the Zuul v3 Rollout > > ... > * Self-testing In-Repo Job Config > * Ansible Job Content > ... -- Best regards, Bogdan Dobrelya, Irc #bogdando -- Best regards, Bogdan Dobrelya, Irc #bogdando __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
