CI should auto-generate server_certs_key_passphrase
Bug 1833942 showed that in a case that the generated value
server_certs_key_passphrase is invalid, Octavia will fail to operate.
In CI, we currently provide a pre-defined passphrase that might cover
for potential breakages in the future. This patch removes the
pre-defined passphrase so it will get generated on each run.
Note that, TripleO will now[1] either auto-generate a valid passphrase
or validate a pre-defined one.
Related-Bug: #1833942
[1] https://review.opendev.org/#/q/topic:OctaviaServerCertsKeyPassphrase-32chars
Depends-On: https://review.opendev.org/#/c/669653/
Depends-On: https://review.opendev.org/#/c/669657/
Depends-On: https://review.opendev.org/#/c/669667/
Change-Id: Ie596b04614c2ca9d961694f4012c1553a092aa3e
(cherry picked from commit 1f3088c4aa
)
This commit is contained in:
parent
e49b8db269
commit
680f341f19
|
@ -109,7 +109,6 @@ parameter_defaults:
|
|||
NeutronEnableForceMetadata: true
|
||||
OctaviaManageNovaFlavor: true
|
||||
# For now, we hardcode it but soon it'll be generated in tripleo-common
|
||||
OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key'
|
||||
OctaviaCaKeyPassphrase: 'upstreamci'
|
||||
OctaviaGenerateCerts: true
|
||||
# Remove ContainerCli once this scenario is tested on CentOS8
|
||||
|
|
|
@ -32,7 +32,6 @@ resource_registry:
|
|||
|
||||
parameter_defaults:
|
||||
OctaviaAmphoraSshKeyFile: /home/zuul/.ssh/id_rsa.pub
|
||||
OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key'
|
||||
NodeDataLookup:
|
||||
AB4114B1-9C9D-409A-BEFB-D88C151BF2C3: {"foo": "bar"}
|
||||
8CF1A7EA-7B4B-4433-AC83-17675514B1B8: {"foo2": "bar2"}
|
||||
|
|
Loading…
Reference in New Issue