CI should auto-generate server_certs_key_passphrase

Bug 1833942 showed that in a case that the generated value
server_certs_key_passphrase is invalid, Octavia will fail to operate.

In CI, we currently provide a pre-defined passphrase that might cover
for potential breakages in the future. This patch removes the
pre-defined passphrase so it will get generated on each run.

Note that, TripleO will now[1] either auto-generate a valid passphrase
or validate a pre-defined one.

Related-Bug: #1833942

[1] https://review.opendev.org/#/q/topic:OctaviaServerCertsKeyPassphrase-32chars

Depends-On: I5c2629d9e7700fe1dd6f915bc257b1f058e40617
Depends-On: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989
Depends-On: I886f2b8ac7092d9b3da38852e92a615d5666eea7

Change-Id: Ie596b04614c2ca9d961694f4012c1553a092aa3e
This commit is contained in:
Nir Magnezi 2019-07-04 13:46:36 +03:00
parent cf21af0b95
commit 1f3088c4aa
2 changed files with 0 additions and 2 deletions

View File

@ -112,7 +112,6 @@ parameter_defaults:
NeutronEnableForceMetadata: true NeutronEnableForceMetadata: true
OctaviaManageNovaFlavor: true OctaviaManageNovaFlavor: true
# For now, we hardcode it but soon it'll be generated in tripleo-common # For now, we hardcode it but soon it'll be generated in tripleo-common
OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key'
OctaviaCaKeyPassphrase: 'upstreamci' OctaviaCaKeyPassphrase: 'upstreamci'
OctaviaGenerateCerts: true OctaviaGenerateCerts: true
# Remove ContainerCli once this scenario is tested on CentOS8 # Remove ContainerCli once this scenario is tested on CentOS8

View File

@ -32,7 +32,6 @@ resource_registry:
parameter_defaults: parameter_defaults:
OctaviaAmphoraSshKeyFile: /home/zuul/.ssh/id_rsa.pub OctaviaAmphoraSshKeyFile: /home/zuul/.ssh/id_rsa.pub
OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key'
NodeDataLookup: NodeDataLookup:
AB4114B1-9C9D-409A-BEFB-D88C151BF2C3: {"foo": "bar"} AB4114B1-9C9D-409A-BEFB-D88C151BF2C3: {"foo": "bar"}
8CF1A7EA-7B4B-4433-AC83-17675514B1B8: {"foo2": "bar2"} 8CF1A7EA-7B4B-4433-AC83-17675514B1B8: {"foo2": "bar2"}