Merge "Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long" into stable/queens
This commit is contained in:
commit
a6451f0915
|
@ -111,8 +111,10 @@ parameters:
|
||||||
default: '/etc/octavia/certs/private/cakey.pem'
|
default: '/etc/octavia/certs/private/cakey.pem'
|
||||||
description: Octavia CA private key file path.
|
description: Octavia CA private key file path.
|
||||||
OctaviaServerCertsKeyPassphrase:
|
OctaviaServerCertsKeyPassphrase:
|
||||||
|
constraints:
|
||||||
|
- length: { min: 32, max: 32}
|
||||||
description: Passphrase for encrypting Amphora Certificates and
|
description: Passphrase for encrypting Amphora Certificates and
|
||||||
Private Keys.
|
Private Keys. Must be exactly 32 characters.
|
||||||
type: string
|
type: string
|
||||||
hidden: true
|
hidden: true
|
||||||
OctaviaCaKeyPassphrase:
|
OctaviaCaKeyPassphrase:
|
||||||
|
|
|
@ -104,8 +104,10 @@ parameters:
|
||||||
with the path provided in OctaviaCaKeyFile with the key
|
with the path provided in OctaviaCaKeyFile with the key
|
||||||
data.
|
data.
|
||||||
OctaviaServerCertsKeyPassphrase:
|
OctaviaServerCertsKeyPassphrase:
|
||||||
|
constraints:
|
||||||
|
- length: { min: 32, max: 32}
|
||||||
description: Passphrase for encrypting Amphora Certificates and
|
description: Passphrase for encrypting Amphora Certificates and
|
||||||
Private Keys.
|
Private Keys. Must be exactly 32 characters.
|
||||||
type: string
|
type: string
|
||||||
hidden: true
|
hidden: true
|
||||||
OctaviaCaKeyPassphrase:
|
OctaviaCaKeyPassphrase:
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- The passphrase for config option 'server_certs_key_passphrase', is used as
|
||||||
|
a Fernet key in Octavia and thus must be 32 bytes long. In the case of an
|
||||||
|
operator-provided passphrase, TripleO will validate that.
|
Loading…
Reference in New Issue