HA: do not rotate cluster passwords

Various passwords used by pacemaker (pcsd, pacemaker remote, clustercheck), cannot currently be updated on one node without impacting communication with the other nodes in the cluster (pacemaker), or other clustered services (galera). Do not rotate those cluster passwords by default, until an orchestrated rotation is implemented specifically for each of them. Closes-Bug: #1960277 Change-Id: I4132f184454b9c2b907d3317256c3de185fd9da9 (cherry picked from commit 77130ddcea) (cherry picked from commit 301b6b8a5c)
2021-12-02 15:58:28 +01:00 · 2021-12-02 15:58:28 +01:00 · efae439343
parent 597231e26f
commit efae439343
1 changed files with 3 additions and 0 deletions
--- a/tripleo_common/constants.py
+++ b/tripleo_common/constants.py
@ -161,6 +161,9 @@ DO_NOT_ROTATE_LIST = (
    'CephManilaClientKey',
    'CephRgwKey',
    'HeatAuthEncryptionKey',
+    'MysqlClustercheckPassword',
+    'PacemakerRemoteAuthkey',
+    'PcsdPassword',
 )

 PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'