From 4505baf9f9696336256f98264fe4a98f5f05740e Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jim@acmegating.com>
Date: Mon, 12 Apr 2021 14:58:07 -0700
Subject: [PATCH] Add zuul keystore password

This matches the proposal in https://review.opendev.org/785972

It's safe to merge now (secret storage on bridge is updated) and get
ahead of the curve.  It's harmless to add unused items.

Change-Id: I942ef5f95f9f1afe39b7d9a044276bfb338d6760
---
 playbooks/roles/zuul/templates/zuul.conf.j2                | 5 +++++
 playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2  | 1 +
 playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2 | 1 +
 3 files changed, 7 insertions(+)

diff --git a/playbooks/roles/zuul/templates/zuul.conf.j2 b/playbooks/roles/zuul/templates/zuul.conf.j2
index 811f5b37e5..ca7079c713 100644
--- a/playbooks/roles/zuul/templates/zuul.conf.j2
+++ b/playbooks/roles/zuul/templates/zuul.conf.j2
@@ -35,6 +35,11 @@ tls_key=/etc/zuul/keys/key.pem
 tls_ca=/etc/zuul/certs/cacert.pem
 session_timeout=40
 
+[keystore]
+{% if zuul_keystore_password is defined -%}
+password={{ zuul_keystore_password }}
+{% endif -%}
+
 [statsd]
 server=graphite.opendev.org
 
diff --git a/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2 b/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2
index 0d5a5b4ce4..447ade61d5 100644
--- a/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/zuul-executor.yaml.j2
@@ -27,3 +27,4 @@ nodepool_test_node_ssh_private_key_contents: |
   kKs0kTPPsrkufb/VkksOGVP6WqcaHIfEbcTqxapjrBgLPhPQ9zDI5JSVziJkh4XGzmGNw6
   2oaCng9UyII8j8R3AAAAH21vcmRyZWRATWFjQm9vay1BaXIubG9jYWxkb21haW4BAgM=
   -----END OPENSSH PRIVATE KEY-----
+zuul_keystore_password: secretpassword
diff --git a/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2 b/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2
index 4c28636436..b2b5d86425 100644
--- a/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/zuul-scheduler.yaml.j2
@@ -109,3 +109,4 @@ zuul_ssh_private_key_contents: |
   X58RKjrCY/UVW4xaMikMXZuTzq2F4KA0F5rpFD+1E00UledMWq7u1o1R1qnFEW6z/B9rUl
   TFg6lZUdaYGinDUAAAAfbW9yZHJlZEBNYWNCb29rLUFpci5sb2NhbGRvbWFpbgECAwQ=
   -----END OPENSSH PRIVATE KEY-----
+zuul_keystore_password: secretpassword