openstack/openstack-ansible-os_nova
Code Issues Proposed changes
61be9e722d
openstack-ansible-os_nova/releasenotes/notes/fix_aio_nova_pki_idempotence-e9b8aa38231825e8.yaml
Dmitriy Rabotyagov ea39d38321 Ensure PKI role is run idempotently for AIO metal scenario 
Due to clash in resulting certificate names they were re-genearated each
playbook run.

In order to sort that we need to rename certificate names. As `nova_backend_ssl`
was implemented latest and not that widely adopted, we change name
for it.

This will cause all backend certificates for API to be re-generated.

Change-Id: I4bca3bb2733fe25dad71345f84d9030c535c901b
2024-04-10 12:13:33 +02:00

13 lines
431 B
YAML
Raw Blame History

---
upgrade:
- |
For deployments with ``nova_backend_ssl: True`` TLS certificates for
Nova API backends will be re-generated during upgrade. From now on they
will be suffixed with `_api`.
fixes:
- |
PKI role idempotence has been fixed for the ``metal`` scenario when
nova-compute was placed on the same hosts as nova-api.
Previously, certificates were re-generated each run due to non-unique
names.
View Git Blame Copy Permalink