From 4ba4409e463f96cd28b1ca915a25031d183863d9 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Mon, 4 Apr 2022 13:47:06 +0100
Subject: [PATCH] Change octavia private key ciphers to type 'auto'

Modern ansible only supports the 'cryptography' backend for the
openssl_privatekey module. In this case, the 'cipher' module
parameter must be set to 'auto'.

Change-Id: I2bfe5fa57c7deb201f56f82d5699c91fcccb766d
---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8c948d20..d4b2c83b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -435,8 +435,8 @@ octavia_cert_dir: "{{ lookup('env', 'HOME') }}/openstack-ansible/octavia"
 octavia_cert_dir_owner: "{{ lookup('env', 'USER') }}"
 
 octavia_cert_key_length_server: '4096' # key length
-octavia_cert_cipher_server: 'aes256'
-octavia_cert_cipher_client: 'aes256'
+octavia_cert_cipher_server: 'auto'
+octavia_cert_cipher_client: 'auto'
 octavia_cert_key_length_client: '4096' # key length
 octavia_cert_server_ca_subject: '/C=US/ST=Denial/L=Nowhere/O=Dis/CN=www.example.com' # change this to something more real
 octavia_cert_client_ca_subject: '/C=US/ST=Denial/L=Nowhere/O=Dis/CN=www.example.com' # change this to something more real