Only generate Octavia certs on stack create
We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.
Note: depends on changed because the dependent patch was a semantic
backport.
Depends-On: I8088a0a42094b2d038ba29779535a05195138747
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
(cherry picked from commit b611567855
)
This commit is contained in:
parent
3151e73c29
commit
2f4dd2c927
|
@ -34,6 +34,13 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
StackAction:
|
||||
type: string
|
||||
description: >
|
||||
Heat action on performed top-level stack. Note StackUpdateType is
|
||||
set to UPGRADE when a major-version upgrade is in progress.
|
||||
constraints:
|
||||
- allowed_values: ['CREATE', 'UPDATE']
|
||||
OctaviaPostWorkflowName:
|
||||
description: Mistral workflow name for octavia configuration steps
|
||||
once the overcloud is ready.
|
||||
|
@ -187,6 +194,13 @@ conditions:
|
|||
- raw
|
||||
- get_param: NovaEnableRbdBackend
|
||||
|
||||
generate_certs:
|
||||
and:
|
||||
- get_param: OctaviaGenerateCerts
|
||||
- equals:
|
||||
- get_param: StackAction
|
||||
- CREATE
|
||||
|
||||
resources:
|
||||
{% if not octavia_standalone %}
|
||||
default_key_pair:
|
||||
|
@ -226,7 +240,7 @@ resources:
|
|||
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
||||
generate_certs: {if: [generate_certs, true, false]}
|
||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||
os_password: { get_param: AdminPassword }
|
||||
os_project_name: 'admin'
|
||||
|
|
Loading…
Reference in New Issue