James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 1 | :title: Tenant Configuration |
| 2 | |
| 3 | .. _tenant-config: |
| 4 | |
| 5 | Tenant Configuration |
| 6 | ==================== |
| 7 | |
| 8 | After *zuul.conf* is configured, Zuul component servers will be able |
| 9 | to start, but a tenant configuration is required in order for Zuul to |
| 10 | perform any actions. The tenant configuration file specifies upon |
| 11 | which projects Zuul should operate. These repositories are |
| 12 | grouped into tenants. The configuration of each tenant is separate |
| 13 | from the rest (no pipelines, jobs, etc are shared between them). |
| 14 | |
| 15 | A project may appear in more than one tenant; this may be useful if |
| 16 | you wish to use common job definitions across multiple tenants. |
| 17 | |
| 18 | The tenant configuration file is specified by the *tenant_config* |
| 19 | setting in the *scheduler* section of *zuul.yaml*. It is a YAML file |
| 20 | which, like other Zuul configuration files, is a list of configuration |
| 21 | objects, though only one type of object is supported, *tenant*. |
| 22 | |
| 23 | Tenant |
| 24 | ------ |
| 25 | |
| 26 | A tenant is a collection of projects which share a Zuul |
| 27 | configuration. An example tenant definition is:: |
| 28 | |
| 29 | - tenant: |
| 30 | name: my-tenant |
Tristan Cacqueray | 82f864b | 2017-08-01 05:54:42 +0000 | [diff] [blame] | 31 | max-nodes-per-job: 5 |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 32 | source: |
| 33 | gerrit: |
| 34 | config-projects: |
| 35 | - common-config |
| 36 | - shared-jobs: |
Tristan Cacqueray | 6256a10 | 2017-07-25 04:30:50 +0000 | [diff] [blame] | 37 | include: job |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 38 | untrusted-projects: |
James E. Blair | 4b42e36 | 2017-07-13 13:52:22 -0700 | [diff] [blame] | 39 | - zuul-jobs: |
| 40 | shadow: common-config |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 41 | - project1 |
| 42 | - project2 |
| 43 | |
| 44 | The following attributes are supported: |
| 45 | |
| 46 | **name** (required) |
| 47 | The name of the tenant. This may appear in URLs, paths, and |
| 48 | monitoring fields, and so should be restricted to URL friendly |
| 49 | characters (ASCII letters, numbers, hyphen and underscore) and you |
| 50 | should avoid changing it unless necessary. |
| 51 | |
Tristan Cacqueray | 82f864b | 2017-08-01 05:54:42 +0000 | [diff] [blame] | 52 | **max-nodes-per-job** (optional) |
| 53 | The maximum number of nodes a job can request, default to 5. |
| 54 | A '-1' value removes the limit. |
| 55 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 56 | **source** (required) |
| 57 | A dictionary of sources to consult for projects. A tenant may |
| 58 | contain projects from multiple sources; each of those sources must |
| 59 | be listed here, along with the projects it supports. The name of a |
| 60 | :ref:`connection<connections>` is used as the dictionary key |
| 61 | (e.g. `gerrit` in the example above), and the value is a further |
| 62 | dictionary containing the keys below. |
| 63 | |
| 64 | **config-projects** |
| 65 | A list of projects to be treated as config projects in this |
| 66 | tenant. The jobs in a config project are trusted, which means |
| 67 | they run with extra privileges, do not have their configuration |
| 68 | dynamically loaded for proposed changes, and zuul.yaml files are |
| 69 | only searched for in the master branch. |
| 70 | |
| 71 | **untrusted-projects** |
| 72 | A list of projects to be treated as untrusted in this tenant. An |
| 73 | untrusted project is the typical project operated on by Zuul. |
| 74 | Their jobs run in a more restrictive environment, they may not |
| 75 | define pipelines, their configuration dynamically changes in |
| 76 | response to proposed changes, Zuul will read configuration files |
| 77 | in all of their branches. |
| 78 | |
| 79 | Each of the projects listed may be either a simple string value, or |
| 80 | it may be a dictionary with the following keys: |
| 81 | |
| 82 | **include** |
| 83 | Normally Zuul will load all of the configuration classes |
| 84 | appropriate for the type of project (config or untrusted) in |
| 85 | question. However, if you only want to load some items, the |
| 86 | *include* attribute can be used to specify that *only* the |
| 87 | specified classes should be loaded. Supplied as a string, or a |
| 88 | list of strings. |
| 89 | |
| 90 | **exclude** |
| 91 | A list of configuration classes that should not be loaded. |
| 92 | |
James E. Blair | 4b42e36 | 2017-07-13 13:52:22 -0700 | [diff] [blame] | 93 | **shadow** |
| 94 | A list of projects which this project is permitted to shadow. |
| 95 | Normally, only one project in Zuul may contain definitions for a |
| 96 | given job. If a project earlier in the configuration defines a |
| 97 | job which a later project redefines, the later definition is |
| 98 | considered an error and is not permitted. The "shadow" attribute |
| 99 | of a project indicates that job definitions in this project which |
| 100 | conflict with the named projects should be ignored, and those in |
| 101 | the named project should be used instead. The named projects must |
| 102 | still appear earlier in the configuration. In the example above, |
| 103 | if a job definition appears in both the "common-config" and |
| 104 | "zuul-jobs" projects, the definition in "common-config" will be |
| 105 | used. |
| 106 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 107 | The order of the projects listed in a tenant is important. A job |
| 108 | which is defined in one project may not be redefined in another |
| 109 | project; therefore, once a job appears in one project, a project |
| 110 | listed later will be unable to define a job with that name. |
| 111 | Further, some aspects of project configuration (such as the merge |
| 112 | mode) may only be set on the first appearance of a project |
| 113 | definition. |
| 114 | |
| 115 | Zuul loads the configuration from all *config-projects* in the order |
| 116 | listed, followed by all *trusted-projects* in order. |