From 73fa7e2c32b99a6dd819ca31915d3e7e3a1de824 Mon Sep 17 00:00:00 2001 From: Brent Eagles Date: Fri, 26 Jul 2019 11:50:19 -0230 Subject: [PATCH] Only generate Octavia certs on stack create We are regenerating octavia certs whenever an overcloud is updated, breaking any deployments using the auto-generated certs. Certificate updates after the initial deployment require special handling and shouldn't be performed by stack updates/upgrades at this time. Note: depends on changed because the dependent patch was a semantic backport. Depends-On: I8088a0a42094b2d038ba29779535a05195138747 Closes-Bug: #1838039 Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90 (cherry picked from commit b61156785517f767a9ad0ee1613588f6b049fc8c) (cherry picked from commit 2f4dd2c927660e1d950e9d6ef49e4cdc628c94df) (cherry picked from commit 82bfea421e7f8195b7bd6cd3bbb93e605f82163e) --- .../octavia/octavia-deployment-config.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/docker/services/octavia/octavia-deployment-config.yaml b/docker/services/octavia/octavia-deployment-config.yaml index 2eb9afddd7..c49215db7b 100644 --- a/docker/services/octavia/octavia-deployment-config.yaml +++ b/docker/services/octavia/octavia-deployment-config.yaml @@ -30,6 +30,13 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackAction: + type: string + description: > + Heat action on performed top-level stack. Note StackUpdateType is + set to UPGRADE when a major-version upgrade is in progress. + constraints: + - allowed_values: ['CREATE', 'UPDATE'] OctaviaPostWorkflowName: description: Mistral workflow name for octavia configuration steps once the overcloud is ready. @@ -159,6 +166,13 @@ parameters: type: string default: 'service' + generate_certs: + and: + - get_param: OctaviaGenerateCerts + - equals: + - get_param: StackAction + - CREATE + resources: default_key_pair: type: OS::Nova::KeyPair @@ -202,7 +216,7 @@ outputs: ca_private_key_path: { get_param: OctaviaCaKeyFile } ca_passphrase: { get_param: OctaviaCaKeyPassphrase } client_cert_path: { get_param: OctaviaClientCertFile } - generate_certs: { get_param: OctaviaGenerateCerts } + generate_certs: {if: [generate_certs, true, false]} mgmt_port_dev: { get_param: OctaviaMgmtPortDevName } overcloud_password: { get_param: AdminPassword } overcloud_project: 'admin'