[openstack-dev] [barbican] How to update cert in the secret
Andrey Grebennikov
agrebennikov at mirantis.com
Tue Apr 4 21:58:54 UTC 2017
Hi Michael,
Thanks for that, it is right that it is supposed to be Neutron's
responsibility. Moreover, I just found out that I can actually use Neutron
CLI for the update too - I just have to specify
"--default-tls-container_ref" option with the new container (it looks kind
of weird but it didn't complaint), and it makes the magic.
I really appreciate your help, thank you!
On Tue, Apr 4, 2017 at 3:10 PM, Michael Johnson <johnsomor at gmail.com> wrote:
> Hi Andrey,
>
>
>
> As we discussed on IRC, the listeners in LBaaS v2 allow you to update the
> barbican container IDs. This will start the certificate update process on
> the load balancers with the new content from barbican.
>
>
>
> The neutron client, as you noted, does not appear to have this capability,
> but the API supports this as the primary means to update certificate
> content for LBaaS. This will be included in the octavia OpenStack client.
>
>
>
> Michael
>
>
>
> *From:* Andrey Grebennikov [mailto:agrebennikov at mirantis.com]
> *Sent:* Monday, April 3, 2017 12:14 PM
> *To:* OpenStack Development Mailing List (not for usage questions) <
> openstack-dev at lists.openstack.org>
> *Subject:* [openstack-dev] [barbican] How to update cert in the secret
>
>
>
> Hey Barbican folks, I have a question regarding the functionality of the
> secrets containers please.
>
>
>
> If I got my secret created is there a way to update it down the road with
> another cert?
>
> The usecase is pretty common - using barbican with neutron lbaas.
>
> When the load balance from the lbaas backend gets the cert from barbican
> there is no way to update the neutron load balancer with the new secret
> seems so.
>
> The only way to update the cert within the balancer is to update the
> barbican secret and trigger the balancer to re-request the cert (while
> adding the pool member for example).
>
>
>
> Any help is greatly appreciated!
>
>
>
> --
>
> Andrey Grebennikov
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Andrey Grebennikov
Principal Deployment Engineer
Mirantis Inc, Austin TX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170404/7e35808a/attachment.html>
More information about the OpenStack-dev
mailing list