Only generate Octavia certs on stack create

We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.

Note: depends on changed because the dependent patch was a semantic
backport.

Depends-On: I8088a0a42094b2d038ba29779535a05195138747
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
(cherry picked from commit b611567855)
This commit is contained in:
Brent Eagles 2019-07-26 11:50:19 -02:30
parent 3151e73c29
commit 2f4dd2c927
1 changed files with 15 additions and 1 deletions

View File

@ -34,6 +34,13 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackAction:
type: string
description: >
Heat action on performed top-level stack. Note StackUpdateType is
set to UPGRADE when a major-version upgrade is in progress.
constraints:
- allowed_values: ['CREATE', 'UPDATE']
OctaviaPostWorkflowName:
description: Mistral workflow name for octavia configuration steps
once the overcloud is ready.
@ -187,6 +194,13 @@ conditions:
- raw
- get_param: NovaEnableRbdBackend
generate_certs:
and:
- get_param: OctaviaGenerateCerts
- equals:
- get_param: StackAction
- CREATE
resources:
{% if not octavia_standalone %}
default_key_pair:
@ -226,7 +240,7 @@ resources:
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
generate_certs: {if: [generate_certs, true, false]}
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'