Only generate Octavia certs on stack create
We are regenerating octavia certs whenever an overcloud is updated, breaking any deployments using the auto-generated certs. Certificate updates after the initial deployment require special handling and shouldn't be performed by stack updates/upgrades at this time. Note: depends on changed because the dependent patch was a semantic backport. Depends-On: I8088a0a42094b2d038ba29779535a05195138747 Closes-Bug: #1838039 Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90 (cherry picked from commitb611567855
) (cherry picked from commit2f4dd2c927
) (cherry picked from commit82bfea421e
)
This commit is contained in:
parent
fbaffba284
commit
73fa7e2c32
|
@ -30,6 +30,13 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
StackAction:
|
||||
type: string
|
||||
description: >
|
||||
Heat action on performed top-level stack. Note StackUpdateType is
|
||||
set to UPGRADE when a major-version upgrade is in progress.
|
||||
constraints:
|
||||
- allowed_values: ['CREATE', 'UPDATE']
|
||||
OctaviaPostWorkflowName:
|
||||
description: Mistral workflow name for octavia configuration steps
|
||||
once the overcloud is ready.
|
||||
|
@ -159,6 +166,13 @@ parameters:
|
|||
type: string
|
||||
default: 'service'
|
||||
|
||||
generate_certs:
|
||||
and:
|
||||
- get_param: OctaviaGenerateCerts
|
||||
- equals:
|
||||
- get_param: StackAction
|
||||
- CREATE
|
||||
|
||||
resources:
|
||||
default_key_pair:
|
||||
type: OS::Nova::KeyPair
|
||||
|
@ -202,7 +216,7 @@ outputs:
|
|||
ca_private_key_path: { get_param: OctaviaCaKeyFile }
|
||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
||||
generate_certs: {if: [generate_certs, true, false]}
|
||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||
overcloud_password: { get_param: AdminPassword }
|
||||
overcloud_project: 'admin'
|
||||
|
|
Loading…
Reference in New Issue