Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: data-plane-adoption, Security
Labels:
None

Story Points:
3
Epic Link:
As a cloud operator, i want to adopt a TLS everywhere deployment
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
Feature Link:
OSPRH-813 - Red Hat OpenStack 18.0 Data Plane Adoption
PM Approval:
?
QE Approval:
?
Regression:
None
Intelligence Requested:
Market:
Target Version:

rhos-18.0.0

Sprint:
DFG Security: UC Sprint 97, DFG Security: UC Sprint 98
Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The TLS-e section of the adoption docs contains the following:

"After the adoption procedure is finished, the cert-manager operator is responsible for issuing and refreshing new certificates when they expire. However, since Compute services are not restarted during adoption, you need to restart the data plane (Compute) nodes before the certificates expire. Check the expiration dates of all certificates and plan accordingly."

This shouldn't be necessary because the OpenStack services are started in new containers, and libvirt is de-containerized (it ran in container in 17.1 and it runs on the host in RHOSO data plane).

Note: There is a WIP bug about the 17 containers not getting properly cleaned up (~~OSPRH-7129~~) but these old containers aren't the ones that form the RHOSO data plane.

is related to

RHEL-16333 [RFE]Allow rotating TLS cert for VNC console

Release Pending

links to

Change the wording about restarts

Assignee:: Grzegorz Grasza

Reporter:: Jiri Stransky

Team:: rhos-dfg-security

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/05/29 1:22 PM

Updated:: 2024/08/27 6:10 PM

Resolved:: 2024/07/15 10:25 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

PagerDuty