openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Only generate Octavia certs on stack create 

We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.

Note: depends on changed because the dependent patch was a semantic
backport.

Depends-On: I8088a0a42094b2d038ba29779535a05195138747
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
(cherry picked from commit b611567855)
(cherry picked from commit 2f4dd2c927)
(cherry picked from commit 82bfea421e)
This commit is contained in:
Brent Eagles 2019-07-26 11:50:19 -02:30
parent fbaffba284
commit 73fa7e2c32
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docker/services/octavia/octavia-deployment-config.yaml
View File

@ -30,6 +30,13 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackAction:
type: string
description: >
Heat action on performed top-level stack. Note StackUpdateType is
set to UPGRADE when a major-version upgrade is in progress.
constraints:
- allowed_values: ['CREATE', 'UPDATE']
OctaviaPostWorkflowName:
description: Mistral workflow name for octavia configuration steps
once the overcloud is ready.
@ -159,6 +166,13 @@ parameters:
type: string
default: 'service'
generate_certs:
and:
- get_param: OctaviaGenerateCerts
- equals:
- get_param: StackAction
- CREATE
resources:
default_key_pair:
type: OS::Nova::KeyPair
@ -202,7 +216,7 @@ outputs:
ca_private_key_path: { get_param: OctaviaCaKeyFile }
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
generate_certs: {if: [generate_certs, true, false]}
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
overcloud_password: { get_param: AdminPassword }
overcloud_project: 'admin'