From e19279f8edb0a54f3d74ee97ba85815d32c85baa Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 2 Feb 2022 11:36:14 +0200 Subject: [PATCH] Pass config to castellan Currently castellan can't be configured through octavia.conf as conf is not passed while initializing backend. Also document castellan configuration options in reference. Backports on stable branches also include [0] which adds a release note. [0] Iacc796737bad8881873da7db5273338c2cff9e68 Conflicts: etc/config/octavia-config-generator.conf (doesn't exist on stable branches) Change-Id: I30b81866989c22b94fb77e62e7abd180f0f0af50 (cherry picked from commit f5ac714a7b22687fbb5b12db7f41c283cee12aee) (cherry picked from commit e8ada397f9a7acc3d25d5557e7ecf6a7742ff319) (cherry picked from commit 8fbe035cd13920f174beb8f528cc93a52a96570f) (cherry picked from commit 006e0c5ff0b1dc106e3585491e56bb307a8f908e) --- octavia/certificates/manager/castellan_mgr.py | 5 ++++- .../notes/octavia_castellan_config-995e65f129e3e983.yaml | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/octavia_castellan_config-995e65f129e3e983.yaml diff --git a/octavia/certificates/manager/castellan_mgr.py b/octavia/certificates/manager/castellan_mgr.py index cfe592586f..37d67fd99e 100644 --- a/octavia/certificates/manager/castellan_mgr.py +++ b/octavia/certificates/manager/castellan_mgr.py @@ -19,12 +19,15 @@ Cert manager implementation for Castellan from castellan.common.objects import opaque_data from castellan import key_manager from OpenSSL import crypto +from oslo_config import cfg from oslo_log import log as logging from octavia.certificates.common import pkcs12 from octavia.certificates.manager import cert_mgr from octavia.common import exceptions +CONF = cfg.CONF + LOG = logging.getLogger(__name__) @@ -33,7 +36,7 @@ class CastellanCertManager(cert_mgr.CertManager): def __init__(self): super().__init__() - self.manager = key_manager.API() + self.manager = key_manager.API(CONF) def store_cert(self, context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, diff --git a/releasenotes/notes/octavia_castellan_config-995e65f129e3e983.yaml b/releasenotes/notes/octavia_castellan_config-995e65f129e3e983.yaml new file mode 100644 index 0000000000..5f5f4d1f1f --- /dev/null +++ b/releasenotes/notes/octavia_castellan_config-995e65f129e3e983.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Usage of ``castellan_cert_manager`` as cert_manager has been significantly + improved. Now you can define configuration options for castellan in + octavia.conf and they will be passed properly to castellan beckend. This + allows to use allowed castellan backends as for certificate storage.