HA: do not rotate cluster passwords

Various passwords used by pacemaker (pcsd, pacemaker remote, clustercheck), cannot currently be updated on one node without impacting communication with the other nodes in the cluster (pacemaker), or other clustered services (galera). Do not rotate those cluster passwords by default, until an orchestrated rotation is implemented specifically for each of them. Closes-Bug: #1960277 Change-Id: I4132f184454b9c2b907d3317256c3de185fd9da9
2021-12-02 15:58:28 +01:00 · 2021-12-02 15:58:28 +01:00 · 77130ddcea
parent 62713d731b
commit 77130ddcea
1 changed files with 3 additions and 0 deletions
--- a/tripleo_common/constants.py
+++ b/tripleo_common/constants.py
@ -104,6 +104,9 @@ DO_NOT_ROTATE_LIST = (
    'CephManilaClientKey',
    'CephRgwKey',
    'HeatAuthEncryptionKey',
+    'MysqlClustercheckPassword',
+    'PacemakerRemoteAuthkey',
+    'PcsdPassword',
 )

 # The default version of the Identity API to set in overcloudrc.