)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"28512200b7de2fe34d232bede42a3eeadf39ed70","unresolved":false,"context_lines":[{"line_number":10,"context_line":"- Refactor Berksfile to use groups so we can exclude integration testing"},{"line_number":11,"context_line":"  cookbooks"},{"line_number":12,"context_line":"- Update documentation"},{"line_number":13,"context_line":"- Properly configure credential and fernet keys per upstream"},{"line_number":14,"context_line":"  documentation [1]. Also fix the order to match the documentation."},{"line_number":15,"context_line":"- Enable sensitive resources for template[/etc/keystone/keystone.conf]"},{"line_number":16,"context_line":"  and execute[bootstrap_keystone] to improve security."},{"line_number":17,"context_line":"- Update delivery configuration to exclude integration cookbooks"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"df33271e_4391a499","line":14,"range":{"start_line":13,"start_character":0,"end_line":14,"end_character":67},"updated":"2020-03-23 09:12:57.000000000","message":"This is now dropped I guess?","commit_id":"11e2bab18918e7afd666cabda6d4909b53ac16e0"}],"metadata.rb":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"7f10852b6aa3691c595c54fc9d5a69f16f423cac","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"issues_url \u0027https://launchpad.net/openstack-chef\u0027"},{"line_number":17,"context_line":"source_url \u0027https://opendev.org/openstack/cookbook-openstack-identity\u0027"},{"line_number":18,"context_line":"chef_version \u0027\u003e\u003d 14.0\u0027"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"3fa7e38b_7651d1d4","line":18,"range":{"start_line":18,"start_character":17,"end_line":18,"end_character":19},"updated":"2020-02-14 13:06:24.000000000","message":"15","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"}],"recipes/_credential_tokens.rb":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"7f10852b6aa3691c595c54fc9d5a69f16f423cac","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"3fa7e38b_b629893a","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"updated":"2020-02-14 13:06:24.000000000","message":"Why do you want to run this? We create those credentials that are really needed in the location key_repository from databags above. If that location is equal to /etc/keystone/credential-keys , this command is redundant. If the location is different, this command will create a set of keys that isn\u0027t really used by keystone, because the configuration points elsewhere. So it will not be needed in either case and only confuse operators.","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"},{"author":{"_account_id":21961,"name":"Lance Albertson","email":"lance@osuosl.org","username":"ramereth"},"change_message_id":"7794e8be78b213d893184a8144c4efdcfbdaf414","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"1fa4df85_953e27b6","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"in_reply_to":"1fa4df85_1c2ee491","updated":"2020-03-19 17:40:19.000000000","message":"Ah that makes more sense. Let me adjust this and add some comments/documentation to explain this better.","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"3f7672c73a82c92db45bef223b9fa97385689769","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"1fa4df85_1c2ee491","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"in_reply_to":"1fa4df85_33ab8675","updated":"2020-03-19 15:19:32.000000000","message":"The upstream docs are for setting up a single controller node. If you want to have a HA setup with multiple controllers, you need to make sure that the keys are identical on all nodes, which is why we take them from data bags. This is mentioned in [0] but not very explicitly.\n\n[0] https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html#what-is-the-recommended-way-to-rotate-and-distribute-keys","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"28512200b7de2fe34d232bede42a3eeadf39ed70","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"df33271e_c3f2d406","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"in_reply_to":"1fa4df85_953e27b6","updated":"2020-03-23 09:12:57.000000000","message":"Do you still want to add a comment somewhere?","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"},{"author":{"_account_id":21961,"name":"Lance Albertson","email":"lance@osuosl.org","username":"ramereth"},"change_message_id":"62560087c14c0d1dd6e95d04fd5892fd3c43f464","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"1fa4df85_33ab8675","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"in_reply_to":"3fa7e38b_b629893a","updated":"2020-03-06 23:31:04.000000000","message":"This was mentioned in the upstream docs [1] (see step 4) as I was trying to align with that. If this is wrong, please let me know. I recall running into an issue without doing this but I can\u0027t replicate it right now.\n\n[1] https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html#install-and-configure-components","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"},{"author":{"_account_id":21961,"name":"Lance Albertson","email":"lance@osuosl.org","username":"ramereth"},"change_message_id":"fc1a509662e15c4a41865cffdaf103d0e865badc","unresolved":false,"context_lines":[{"line_number":47,"context_line":"  end"},{"line_number":48,"context_line":"end"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"execute \u0027keystone-manage credential_setup\u0027 do"},{"line_number":51,"context_line":"  command \"keystone-manage credential_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":52,"context_line":"  creates \u0027/etc/keystone/credential-keys\u0027"},{"line_number":53,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"df33271e_ccee7c87","line":53,"range":{"start_line":50,"start_character":0,"end_line":53,"end_character":3},"in_reply_to":"df33271e_c3f2d406","updated":"2020-03-23 16:52:48.000000000","message":"Oops, I forgot to do that! I\u0027ll do that.","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"}],"recipes/_fernet_tokens.rb":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"7f10852b6aa3691c595c54fc9d5a69f16f423cac","unresolved":false,"context_lines":[{"line_number":46,"context_line":"  end"},{"line_number":47,"context_line":"end"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"execute \u0027keystone-manage fernet_setup\u0027 do"},{"line_number":50,"context_line":"  command \"keystone-manage fernet_setup --keystone-user #{keystone_user} --keystone-group #{keystone_group}\""},{"line_number":51,"context_line":"  creates \u0027/etc/keystone/fernet-keys\u0027"},{"line_number":52,"context_line":"end"}],"source_content_type":"text/x-ruby","patch_set":4,"id":"3fa7e38b_5618551d","line":52,"range":{"start_line":49,"start_character":0,"end_line":52,"end_character":3},"updated":"2020-02-14 13:06:24.000000000","message":"Same comment as for credential-keys applies.","commit_id":"065a6b2fe433ea4d0c5de307df4d5741ed9fba7f"}]}