Tree: 43cef529b6

master

stable/train

stable/wallaby

0.1.0

0.2.0

0.3.0

0.4.0

0.4.1

0.5.0

0.6.0

0.7.0

0.8.0

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.6.0

1.7.0

1.8.0

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

3.0.0

3.1.0

3.1.1

3.1.2

3.2.0

3.3.0

4.0.0

4.1.0

4.2.0

train-em

ussuri-em

ussuri-eol

victoria-em

victoria-eol

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '43cef529b6'

${ noResults }

Commit Graph

2 Commits (43cef529b6881bd29f64d0d373614c0751740103)

Author	SHA1	Message	Date
Gregory Thiemonge	0f168dc9ca	Increase validity period of Octavia CA and certificates ... Current validity period of Octavia CA and certificates is one year, this is too short for cloud deployments: Octavia services can no longer control a load balancer that has been running for more than one year (dataplane still works, but cannot be configured). This commit defines these values: - Octavia CA validity period is 50 years. - Octavia client certificate validity period is 10 years. For existing deployment, the existing CA private key is fetched from controllers, is updated using AES256 cipher if needed, then the key is used to generate a new CA. Using an existing private key for this CA allows to keep compability with existing client certificates. Change-Id: I435c86306ecd5e0cafeda9d8d468483b7a34f040 Related-Bug: #1869203	2 years ago
Brent Eagles	d3e7a42cda	Scan existing controllers on update to pick up existing certs/private keys ... Adds an octavia related role to pick up CA (cert and private key pairs) and client certificate from controllers and modifies existing roles to use them instead of generating new ones. Depends-On: https://review.opendev.org/714982 Change-Id: I5c18a59bf11e3915ef5f88c1eb2af1b4713af35b Co-Authored-By: Gregory Thiemonge <gthiemon@redhat.com> Related-Bug: #1849548 Related-Bug: #1849550	2 years ago