Only generate Octavia certs on stack create

We are regenerating octavia certs whenever an overcloud is updated,
breaking any deployments using the auto-generated certs. Certificate
updates after the initial deployment require special handling and
shouldn't be performed by stack updates/upgrades at this time.

Depends-On: I90bb377c76f51db906de64c134271ec866d11bb5
Closes-Bug: #1838039
Change-Id: I05f69df627e5637fdb254285cb3ad6d3d8328f90
This commit is contained in:
Brent Eagles 2019-07-26 11:50:19 -02:30
parent 0951f7e5fb
commit b611567855
1 changed files with 15 additions and 1 deletions

View File

@ -34,6 +34,13 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackAction:
type: string
description: >
Heat action on performed top-level stack. Note StackUpdateType is
set to UPGRADE when a major-version upgrade is in progress.
constraints:
- allowed_values: ['CREATE', 'UPDATE']
OctaviaPostWorkflowName:
description: Mistral workflow name for octavia configuration steps
once the overcloud is ready.
@ -187,6 +194,13 @@ conditions:
- raw
- get_param: NovaEnableRbdBackend
generate_certs:
and:
- get_param: OctaviaGenerateCerts
- equals:
- get_param: StackAction
- CREATE
resources:
{% if not octavia_standalone %}
default_key_pair:
@ -226,7 +240,7 @@ resources:
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
generate_certs: {if: [generate_certs, true, false]}
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'