Description:
As a part of https://bugs.launchpad.net/tripleo/+bug/1833942 we now validate that Octavia certificate passphrase length is exactly 32. The deployment procedure was also updated to generate such passphrase.
But, it looks like the upgrade procedure wasn't updated. As a result upgrade of previously delpoyed opentsack fails because the passhprase was generated with 25 length before the fix.
Step to reproduce:
Run "openstack overcloud update prepare" command:
```
openstack overcloud update prepare --templates \
-e ~/vxrdo/templates/node-info.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/disable-telemetry.yaml \
-n ~/vxrdo/templates/network_data.yaml \
-e ~/vxrdo/templates/network-isolation.yaml \
-e ~/vxrdo/templates/scheduler_hints_env.yaml \
-e ~/vxrdo/templates/network-environment.yaml \
-e ~/vxrdo/templates/ips-from-pool-all.yaml \
-e ~/vxrdo/templates/ceph-ansible.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/docker-ha.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \
-e ~/vxrdo/templates/firstboot/firstboot.yaml \
--ntp-server 10.35.10.2 \
-e ~/vxrdo/templates/init-repo.yaml \
-e ~/vxrdo/templates/containers-prepare-parameter.yaml \
2>&1 | tee prepare.log
```
Expected result:
The "update prepare" command finishes succesfully.
Actual result:
```
ERROR: InvalidSchemaError: : resources.ControllerServiceChain<https://10.35.5.2:13808/v1/A
UTH_0d06a24bb33c4b9ebf922cb7c3bcf118/overcloud/common/services/controller-role.yaml>.resources.ServiceChain<nested_stack>.resources.118<https://10.35.5.2:13808/v1/AUTH_0d06a24bb33c4b9ebf922cb7c3bcf118/overcloud/deployment/octavia/octavia-health-manager-container-puppet.yaml>.resources.OctaviaBase<https://10.35.5.2:13808/v1/AUTH_0d06a24bb33c4b9ebf922cb7c3bcf118/overcloud/deployment/octavia/octavia-base.yaml>: : Parameter 'OctaviaServerCertsKeyPassphrase' is invalid: Invalid default dDaWz3eP15hzRVjtk4r8xrPnw (length (25) is out of range (min: 32, max: 32))
```
The full log is attached.
Environment:
```
[stack@undercloud vxrdo]$ rpm -qa|grep tripleo
openstack-tripleo-image-elements-10.4.2-0.20190911230353.1ebd7af.el7.noarch
python2-tripleoclient-heat-installer-11.5.2-0.20190913025826.00fe507.el7.noarch
python2-tripleo-repos-0.0.1-0.20190724014728.1cf6e0b.el7.noarch
puppet-tripleo-10.5.2-0.20190916101755.2784518.el7.noarch
ansible-tripleo-ipsec-9.1.1-0.20190513182453.ffe104c.el7.noarch
openstack-tripleo-common-10.8.2-0.20190916095827.337dda3.el7.noarch
python2-tripleoclient-11.5.2-0.20190913025826.00fe507.el7.noarch
openstack-tripleo-validations-10.5.2-0.20190911232331.8ad7db7.el7.noarch
ansible-role-tripleo-modify-image-1.1.1-0.20190913191844.92f4052.el7.noarch
python2-tripleo-common-10.8.2-0.20190916095827.337dda3.el7.noarch
openstack-tripleo-common-containers-10.8.2-0.20190916095827.337dda3.el7.noarch
openstack-tripleo-puppet-elements-10.3.2-0.20190911230046.5453b89.el7.noarch
openstack-tripleo-heat-templates-10.6.2-0.20190916165638.7db107a.el7.noarch
```
What is the proper course of action in this case? Was this a production octavia enabled system or an update/upgrade test environment? The shorter passphrase was actually invalid so in a production system, remediation would've been twofold: guide the user through establishing a passphrase of proper length and distributing through the system so Octavia functions properly; and require minor updates to include the fixed packages.