Merge "Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long" into stable/queens
This commit is contained in:
commit
a6451f0915
|
@ -111,8 +111,10 @@ parameters:
|
|||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -104,8 +104,10 @@ parameters:
|
|||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- The passphrase for config option 'server_certs_key_passphrase', is used as
|
||||
a Fernet key in Octavia and thus must be 32 bytes long. In the case of an
|
||||
operator-provided passphrase, TripleO will validate that.
|
Loading…
Reference in New Issue