Browse Source

Only generate Octavia certs on stack create

We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.

Note: depends on changed because the dependent patch was a semantic
backport.

Depends-On: I8088a0a42094b2d038ba29779535a05195138747
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
(cherry picked from commit b611567855)
(cherry picked from commit 2f4dd2c927)
tags/9.4.1
Brent Eagles 2 months ago
parent
commit
82bfea421e
1 changed files with 15 additions and 1 deletions
  1. 15
    1
      docker/services/octavia/octavia-deployment-config.yaml

+ 15
- 1
docker/services/octavia/octavia-deployment-config.yaml View File

@@ -30,6 +30,13 @@ parameters:
30 30
     description: Mapping of service endpoint -> protocol. Typically set
31 31
                  via parameter_defaults in the resource registry.
32 32
     type: json
33
+  StackAction:
34
+    type: string
35
+    description: >
36
+      Heat action on performed top-level stack.  Note StackUpdateType is
37
+      set to UPGRADE when a major-version upgrade is in progress.
38
+    constraints:
39
+    - allowed_values: ['CREATE', 'UPDATE']
33 40
   OctaviaPostWorkflowName:
34 41
     description: Mistral workflow name for octavia configuration steps
35 42
                  once the overcloud is ready.
@@ -161,6 +168,13 @@ parameters:
161 168
     type: string
162 169
     default: 'service'
163 170
 
171
+  generate_certs:
172
+      and:
173
+      - get_param: OctaviaGenerateCerts
174
+      - equals:
175
+        - get_param: StackAction
176
+        - CREATE
177
+
164 178
 resources:
165 179
   default_key_pair:
166 180
     type: OS::Nova::KeyPair
@@ -195,7 +209,7 @@ resources:
195 209
           server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
196 210
           ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
197 211
           client_cert_path: { get_param: OctaviaClientCertFile }
198
-          generate_certs: { get_param: OctaviaGenerateCerts }
212
+          generate_certs: {if: [generate_certs, true, false]}
199 213
           mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
200 214
           os_password: { get_param: AdminPassword }
201 215
           os_project_name: 'admin'

Loading…
Cancel
Save