Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long
Conflicts: deployment/octavia/octavia-base.yaml Closes-bug: #1833942 Depends-On: https://review.opendev.org/#/c/669824/ Depends-On: https://review.opendev.org/#/c/669829/ Change-Id: I886f2b8ac7092d9b3da38852e92a615d5666eea7 (cherry picked from commita6fef3aad6
) (cherry picked from commitcfb8e97867
) (cherry picked from commit992ad5437c
)
This commit is contained in:
parent
c4f13f39e1
commit
b2065e2be4
|
@ -111,8 +111,10 @@ parameters:
|
|||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -104,8 +104,10 @@ parameters:
|
|||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- The passphrase for config option 'server_certs_key_passphrase', is used as
|
||||
a Fernet key in Octavia and thus must be 32 bytes long. In the case of an
|
||||
operator-provided passphrase, TripleO will validate that.
|
Loading…
Reference in New Issue