Skip to content

Support and document persisting the Octavia CA #1988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MoteHue wants to merge 4 commits into
base: stackhpc/2025.1
Choose a base branch
from
Open

Support and document persisting the Octavia CA #1988

MoteHue wants to merge 4 commits into from
+193 −0

Conversation

@MoteHue
Copy link
Contributor

@MoteHue MoteHue commented Nov 18, 2025

No description provided.

@MoteHue MoteHue requested a review from a team as a code owner November 18, 2025 15:18
@MoteHue
Copy link
Contributor Author

MoteHue commented Nov 18, 2025

This would be good to backport too :)

gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 18, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces valuable documentation and scripts for managing Octavia TLS certificates. The documentation is comprehensive but could be improved with some corrections to numbering and formatting for better clarity. The accompanying shell scripts are functional but contain some issues, such as using non-standard exit codes and suppressing error outputs, which could hinder debugging. I have provided specific suggestions to address these points and enhance the overall quality and robustness of the changes.

@MoteHue MoteHue force-pushed the support-persisting-octavia-ca branch 2 times, most recently from be8e59e to 8aa76ba Compare November 18, 2025 15:49
@MoteHue MoteHue added documentation Improvements or additions to documentation enhancement New feature or request Caracal Targets the Caracal OpenStack release backport Backport needed labels Nov 18, 2025
@MoteHue MoteHue force-pushed the support-persisting-octavia-ca branch from 8aa76ba to 9958a80 Compare November 18, 2025 16:26
Alex-Welsh
Alex-Welsh requested changes Nov 18, 2025
View reviewed changes
@MoteHue MoteHue requested a review from Alex-Welsh November 19, 2025 15:59
@MoteHue MoteHue force-pushed the support-persisting-octavia-ca branch from d5406f8 to 43a0fd0 Compare November 19, 2025 16:01
@MoteHue MoteHue force-pushed the support-persisting-octavia-ca branch from 43a0fd0 to 8ad95f4 Compare December 1, 2025 14:53
@Alex-Welsh
Copy link
Member

Alex-Welsh commented Dec 9, 2025

/gemini review

@Alex-Welsh Alex-Welsh force-pushed the support-persisting-octavia-ca branch from 8ad95f4 to 37da884 Compare December 9, 2025 15:46
@Alex-Welsh
Copy link
Member

Alex-Welsh commented Dec 16, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces valuable documentation and tooling for managing Octavia TLS certificates, including backup, restore, and rotation procedures. The changes are well-structured and address an important operational need.

My review focuses on improving the security and robustness of the new shell scripts and enhancing the clarity and maintainability of the documentation. The key recommendations are:

  • Refactor the shell scripts to avoid using a helper script for vault passwords, which poses a security risk. Process substitution is suggested as a more secure alternative.
  • Improve error handling in the scripts by not suppressing stderr.
  • Use standard exit codes in shell scripts.
  • Refine the documentation to provide clearer, more secure examples and to remove duplicated content.

These changes will make the new tooling safer and the documentation easier to follow and maintain.

@Alex-Welsh
Copy link
Member

Alex-Welsh commented Dec 16, 2025

Get Gemini'd

@MoteHue @gemini-code-assist
Apply suggestions from code review
b51203a 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Alex-Welsh Alex-Welsh Awaiting requested review from Alex-Welsh

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

backport Backport needed Caracal Targets the Caracal OpenStack release documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MoteHue @Alex-Welsh