From 1f3088c4aa2612a772e023f14fafc72c61c6cb07 Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Thu, 4 Jul 2019 13:46:36 +0300 Subject: [PATCH] CI should auto-generate server_certs_key_passphrase Bug 1833942 showed that in a case that the generated value server_certs_key_passphrase is invalid, Octavia will fail to operate. In CI, we currently provide a pre-defined passphrase that might cover for potential breakages in the future. This patch removes the pre-defined passphrase so it will get generated on each run. Note that, TripleO will now[1] either auto-generate a valid passphrase or validate a pre-defined one. Related-Bug: #1833942 [1] https://review.opendev.org/#/q/topic:OctaviaServerCertsKeyPassphrase-32chars Depends-On: I5c2629d9e7700fe1dd6f915bc257b1f058e40617 Depends-On: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989 Depends-On: I886f2b8ac7092d9b3da38852e92a615d5666eea7 Change-Id: Ie596b04614c2ca9d961694f4012c1553a092aa3e --- ci/environments/scenario010-multinode-containers.yaml | 1 - ci/environments/scenario010-standalone.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/ci/environments/scenario010-multinode-containers.yaml b/ci/environments/scenario010-multinode-containers.yaml index 9f3393962c..55cf565ef3 100644 --- a/ci/environments/scenario010-multinode-containers.yaml +++ b/ci/environments/scenario010-multinode-containers.yaml @@ -112,7 +112,6 @@ parameter_defaults: NeutronEnableForceMetadata: true OctaviaManageNovaFlavor: true # For now, we hardcode it but soon it'll be generated in tripleo-common - OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key' OctaviaCaKeyPassphrase: 'upstreamci' OctaviaGenerateCerts: true # Remove ContainerCli once this scenario is tested on CentOS8 diff --git a/ci/environments/scenario010-standalone.yaml b/ci/environments/scenario010-standalone.yaml index 69c2cfd96e..2dec03a377 100644 --- a/ci/environments/scenario010-standalone.yaml +++ b/ci/environments/scenario010-standalone.yaml @@ -32,7 +32,6 @@ resource_registry: parameter_defaults: OctaviaAmphoraSshKeyFile: /home/zuul/.ssh/id_rsa.pub - OctaviaServerCertsKeyPassphrase: 'insecure-key-do-not-use-this-key' NodeDataLookup: AB4114B1-9C9D-409A-BEFB-D88C151BF2C3: {"foo": "bar"} 8CF1A7EA-7B4B-4433-AC83-17675514B1B8: {"foo2": "bar2"}