Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-22381

ZDPR Support for IronicNeutronAgent Controller

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • ironic-operator
    • None
    • Important

      Implement Zero Downtime Password Rotation (ZDPR) support for IronicNeutronAgent using Keystone Application Credentials

      Description:

      Implement Application Credential authentication support for the IronicNeutronAgent service to enable Zero Downtime Password Rotation (ZDPR).

      Acceptance Criteria:
      • IronicNeutronAgent controller watches the AppCred Secret (ac-ironic-secret)
      • Configuration templates render auth_type=v3applicationcredential with AC_ID and AC_SECRET when AppCred Secret is available
      • All auth sections in IronicNeutronAgent config support AppCred - sections:
        • [keystone_authtoken]
        • [service_catalog]
        • [ironic]
      • IronicNeutronAgent deployment triggers a rolling update when the AppCred Secret changes
      • Falls back cleanly to password authentication (auth_type=password) when AppCred Secret is missing or incomplete
      • All configuration changes are backwards compatible with password-based auth
      • Redeployment with new credentials during the grace period works without service disruption
      Technical Context:
      • Controller: controllers/ironicneutronagent_controller.go
      • Config template: templates/ironicneutronagent/config/01-ironic_neutron_agent.conf
      • Current auth method: password-based

              Unassigned Unassigned
              rhn-gps-hjensas Harald Jensas
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: