This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1462670 - Octavia TripleO support: Generate certificates using TLS everywhere
Octavia TripleO support: Generate certificates using TLS everywhere
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo (Show other bugs)
12.0 (Pike)
Unspecified Unspecified
high Severity high
: ---
: 12.0 (Pike)
Assigned To: Brent Eagles
Arik Chernetsky
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2017-06-19 04:49 EDT by Nir Magnezi
Modified: 2017-07-14 16:16 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 447496 None None None 2017-06-19 04:49 EDT

  None (edit)
Description Nir Magnezi 2017-06-19 04:49:53 EDT
Description of problem:
Octavia provides a script for generating certificates, as mentioned here[1], but I'm not sure this is what we expect our customers to do.
Moreover, we currently exclude[2] this script from our packaging, so we don't even currently ship it.

The end result we aim to achieve here is to have a tripleO doc (which is WIP[3]) that guides the operator on how exactly he/she should deploy Octavia. As currently some steps are executed manually.

The certificates part is currently expected to be executed before[3] the deployment even starts, yet it is not clear how/what we expect the operator to do and what is the best practice for secure certificate configuration.

To the best of my knowledge, we have two alternatives here:
1. Use the solution mentioned in
2. Use and ship the Octavia certificates creation script:


Note You need to log in before you can comment on or make changes to this bug.