e42e72b0f3
A recent change[1] to Octavia added a parameter named
server_certs_key_passphrase, which means that TripleO should
generate a password for it to avoid using the default value.
This patch adds OctaviaServerCertsKeyPassphrase to the list
of parameters TripleO configures in Octavia.
Conflicts:
ci/environments/scenario010-standalone.yaml
deployment/octavia/octavia-base.yaml
environments/services/octavia.yaml
Note that octavia-base.yaml exists under puppet/services since
https://review.opendev.org/#/c/638762 got merged in
stable/stein.
Closes-Bug: #1821756
Related-Bug: #1821751
[1] I06d329ca53bc36bd27f7870ae7c7ca0cf18575b2
Depends-On: I9699961faf8b3430e4372e4ff3ae2bf7e7ceea18
Depends-On: Id6c0d156715147c6559dc39098a6eaabf77ac426
Depends-On: I5e60e8fbb7af381b59c6d7b02d5ba8eb47e91720
Change-Id: Icadd090f027af6f958c25af6bfb09195a4019aa8
(cherry picked from commit 4559d3b74f)
(cherry picked from commit de16ec8b02)
17 lines
838 B
YAML
17 lines
838 B
YAML
resource_registry:
|
|
OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml
|
|
OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml
|
|
OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml
|
|
OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml
|
|
OS::TripleO::Services::OctaviaDeploymentConfig: ../../puppet/services/octavia/octavia-deployment-config.yaml
|
|
|
|
parameter_defaults:
|
|
NeutronEnableForceMetadata: true
|
|
|
|
# This flag enables internal generation of certificates for communication
|
|
# with amphorae. Use OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase,
|
|
# OctaviaClient and OctaviaServerCertsKeyPassphrase cert to configure
|
|
# secure production environments.
|
|
OctaviaGenerateCerts: true
|
|
|