dc4c0b6249
Octavia creates certificates and keys to manage encrypted
communication channel to amphorae.
When debug is enabled, the python taskflow module will log
all the information we provide to tasks (and sub-flows)
when we create amphorae or handle with anything related to
certificates and keys management (rotations, etc).
There are ways to tell taskflow to exclude specific things
from being logged (e.g., I136081045787c1bbe3ee846d5845a34201c57864).
While this handles some information in specific flows from being
logged, it is susceptive to code changes.
To avoid an everlasting whack-a-mole game, this patch will merely
encrypt sensitive information so we can safely log it and decrypts
it only when we need to use it.
Conflicts:
octavia/controller/worker/controller_worker.py
octavia/controller/worker/tasks/database_tasks.py
Change-Id: I06d329ca53bc36bd27f7870ae7c7ca0cf18575b2
(cherry picked from commit
|
||
---|---|---|
.. | ||
contrib | ||
etc/octavia | ||
files | ||
pregenerated | ||
samples | ||
upgrade | ||
README.md | ||
plugin.sh | ||
settings |
README.md
This directory contains the octavia devstack plugin. To configure octavia, in the local section you will need to enable the octavia devstack plugin and enable the octavia service by editing the local section of your local.conf file.
- Enable the plugin
To enable the octavia plugin, add a line of the form:
enable_plugin octavia <GITURL> [GITREF]
where
<GITURL> is the URL of an octavia repository
[GITREF] is an optional git ref (branch/ref/tag). The default is
master.
For example
enable_plugin octavia https://git.openstack.org/openstack/octavia master
- Enable the Octavia services
For example
ENABLED_SERVICES+=octavia,o-api,o-cw,o-hk,o-hm
For more information, see the "Externally Hosted Plugins" section of https://docs.openstack.org/devstack/latest/plugins.html