Selaa lähdekoodia

Only generate Octavia certs on stack create

We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.

Note: depends on changed because the dependent patch was a semantic
backport.

Depends-On: I8088a0a42094b2d038ba29779535a05195138747
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
(cherry picked from commit b611567855)
(cherry picked from commit 2f4dd2c927)
tags/9.4.1
Brent Eagles 3 kuukautta sitten
vanhempi
commit
82bfea421e
1 muutettua tiedostoa jossa 15 lisäystä ja 1 poistoa
  1. 15
    1
      docker/services/octavia/octavia-deployment-config.yaml

+ 15
- 1
docker/services/octavia/octavia-deployment-config.yaml Näytä tiedosto

@@ -30,6 +30,13 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackAction:
type: string
description: >
Heat action on performed top-level stack. Note StackUpdateType is
set to UPGRADE when a major-version upgrade is in progress.
constraints:
- allowed_values: ['CREATE', 'UPDATE']
OctaviaPostWorkflowName:
description: Mistral workflow name for octavia configuration steps
once the overcloud is ready.
@@ -161,6 +168,13 @@ parameters:
type: string
default: 'service'

generate_certs:
and:
- get_param: OctaviaGenerateCerts
- equals:
- get_param: StackAction
- CREATE

resources:
default_key_pair:
type: OS::Nova::KeyPair
@@ -195,7 +209,7 @@ resources:
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
generate_certs: {if: [generate_certs, true, false]}
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'

Loading…
Peruuta
Tallenna