Open Stack

Hi Andrey,

 

As we discussed on IRC, the listeners in LBaaS v2 allow you to update the barbican container IDs.  This will start the certificate update process on the load balancers with the new content from barbican.

 

The neutron client, as you noted, does not appear to have this capability, but the API supports this as the primary means to update certificate content for LBaaS.  This will be included in the octavia OpenStack client.

 

Michael

 

From: Andrey Grebennikov [mailto:agrebennikov at mirantis.com] 
Sent: Monday, April 3, 2017 12:14 PM
To: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [barbican] How to update cert in the secret

 

Hey Barbican folks, I have a question regarding the functionality of the secrets containers please.

 

If I got my secret created is there a way to update it down the road with another cert?

The usecase is pretty common - using barbican with neutron lbaas.

When the load balance from the lbaas backend gets the cert from barbican there is no way to update the neutron load balancer with the new secret seems so.

The only way to update the cert within the balancer is to update the barbican secret and trigger the balancer to re-request the cert (while adding the pool member for example).

 

Any help is greatly appreciated!

 

-- 

Andrey Grebennikov

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170404/86dfa5f8/attachment.html>