Hi Michael, Thanks for that, it is right that it is supposed to be Neutron's responsibility. Moreover, I just found out that I can actually use Neutron CLI for the update too - I just have to specify "--default-tls-container_ref" option with the new container (it looks kind of weird but it didn't complaint), and it makes the magic.
I really appreciate your help, thank you! On Tue, Apr 4, 2017 at 3:10 PM, Michael Johnson <johnso...@gmail.com> wrote: > Hi Andrey, > > > > As we discussed on IRC, the listeners in LBaaS v2 allow you to update the > barbican container IDs. This will start the certificate update process on > the load balancers with the new content from barbican. > > > > The neutron client, as you noted, does not appear to have this capability, > but the API supports this as the primary means to update certificate > content for LBaaS. This will be included in the octavia OpenStack client. > > > > Michael > > > > *From:* Andrey Grebennikov [mailto:agrebenni...@mirantis.com] > *Sent:* Monday, April 3, 2017 12:14 PM > *To:* OpenStack Development Mailing List (not for usage questions) < > openstack-dev@lists.openstack.org> > *Subject:* [openstack-dev] [barbican] How to update cert in the secret > > > > Hey Barbican folks, I have a question regarding the functionality of the > secrets containers please. > > > > If I got my secret created is there a way to update it down the road with > another cert? > > The usecase is pretty common - using barbican with neutron lbaas. > > When the load balance from the lbaas backend gets the cert from barbican > there is no way to update the neutron load balancer with the new secret > seems so. > > The only way to update the cert within the balancer is to update the > barbican secret and trigger the balancer to re-request the cert (while > adding the pool member for example). > > > > Any help is greatly appreciated! > > > > -- > > Andrey Grebennikov > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Andrey Grebennikov Principal Deployment Engineer Mirantis Inc, Austin TX
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev