HA: do not rotate cluster passwords
Various passwords used by pacemaker (pcsd, pacemaker remote, clustercheck), cannot currently be updated on one node without impacting communication with the other nodes in the cluster (pacemaker), or other clustered services (galera). Do not rotate those cluster passwords by default, until an orchestrated rotation is implemented specifically for each of them. Closes-Bug: #1960277 Change-Id: I4132f184454b9c2b907d3317256c3de185fd9da9
This commit is contained in:
parent
62713d731b
commit
77130ddcea
|
@ -104,6 +104,9 @@ DO_NOT_ROTATE_LIST = (
|
|||
'CephManilaClientKey',
|
||||
'CephRgwKey',
|
||||
'HeatAuthEncryptionKey',
|
||||
'MysqlClustercheckPassword',
|
||||
'PacemakerRemoteAuthkey',
|
||||
'PcsdPassword',
|
||||
)
|
||||
|
||||
# The default version of the Identity API to set in overcloudrc.
|
||||
|
|
Loading…
Reference in New Issue