Only generate Octavia certs on stack create
We are regenerating octavia certs whenever an overcloud is updated, breaking any deployments using the auto-generated certs. Certificate updates after the initial deployment require special handling and shouldn't be performed by stack updates/upgrades at this time. Note: depends on changed because the dependent patch was a semantic backport. Depends-On: I8088a0a42094b2d038ba29779535a05195138747 Closes-Bug: #1838039 Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90 (cherry picked from commitb611567855) (cherry picked from commit2f4dd2c927)
This commit is contained in:
Brent Eagles
parent
683d4bf859
commit
82bfea421e
|
|
@ -30,6 +30,13 @@ parameters:
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
via parameter_defaults in the resource registry.
|
via parameter_defaults in the resource registry.
|
||||||
type: json
|
type: json
|
||||||
|
StackAction:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Heat action on performed top-level stack. Note StackUpdateType is
|
||||||
|
set to UPGRADE when a major-version upgrade is in progress.
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ['CREATE', 'UPDATE']
|
||||||
OctaviaPostWorkflowName:
|
OctaviaPostWorkflowName:
|
||||||
description: Mistral workflow name for octavia configuration steps
|
description: Mistral workflow name for octavia configuration steps
|
||||||
once the overcloud is ready.
|
once the overcloud is ready.
|
||||||
|
|
@ -161,6 +168,13 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
default: 'service'
|
default: 'service'
|
||||||
|
|
||||||
|
generate_certs:
|
||||||
|
and:
|
||||||
|
- get_param: OctaviaGenerateCerts
|
||||||
|
- equals:
|
||||||
|
- get_param: StackAction
|
||||||
|
- CREATE
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
default_key_pair:
|
default_key_pair:
|
||||||
type: OS::Nova::KeyPair
|
type: OS::Nova::KeyPair
|
||||||
|
|
@ -195,7 +209,7 @@ resources:
|
||||||
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
|
||||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
generate_certs: {if: [generate_certs, true, false]}
|
||||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||||
os_password: { get_param: AdminPassword }
|
os_password: { get_param: AdminPassword }
|
||||||
os_project_name: 'admin'
|
os_project_name: 'admin'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue