)]}'
{"ansible/roles/kolla-ansible/templates/globals.yml.j2":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"193d22be8390a287df5be885e242e5479582e476","unresolved":false,"context_lines":[{"line_number":182,"context_line":"{% if kolla_internal_tls_cert is not none and kolla_internal_tls_cert | length \u003e 0 %}"},{"line_number":183,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":184,"context_line":"{% endif %}"},{"line_number":185,"context_line":"kolla_external_fqdn_cacert: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":186,"context_line":"kolla_internal_fqdn_cacert: \"{{ kolla_internal_fqdn_cacert }}\""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"################"},{"line_number":189,"context_line":"# Region options"}],"source_content_type":"text/x-jinja2","patch_set":4,"id":"ff570b3c_197519fb","line":186,"range":{"start_line":185,"start_character":0,"end_line":186,"end_character":62},"updated":"2020-06-11 17:55:45.000000000","message":"Should we revert these to defaults as well unless a TLS configuration is provided?","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88ef41d4d7671d798c5096a6fbb19c1d721bf15a","unresolved":false,"context_lines":[{"line_number":182,"context_line":"{% if kolla_internal_tls_cert is not none and kolla_internal_tls_cert | length \u003e 0 %}"},{"line_number":183,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":184,"context_line":"{% endif %}"},{"line_number":185,"context_line":"kolla_external_fqdn_cacert: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":186,"context_line":"kolla_internal_fqdn_cacert: \"{{ kolla_internal_fqdn_cacert }}\""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"################"},{"line_number":189,"context_line":"# Region options"}],"source_content_type":"text/x-jinja2","patch_set":4,"id":"ff570b3c_1e3691b5","line":186,"range":{"start_line":185,"start_character":0,"end_line":186,"end_character":62},"in_reply_to":"ff570b3c_197519fb","updated":"2020-06-12 16:35:39.000000000","message":"Well we did that previously, but it was reverted in https://review.opendev.org/#/c/717314/2/ansible/roles/kolla-ansible/templates/globals.yml.j2 because it gives you the kolla defaults which only really work if you\u0027re using the certificates command.","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"570c3561e44611bedf989ad2205aeb9d1c17aa59","unresolved":false,"context_lines":[{"line_number":182,"context_line":"{% if kolla_internal_tls_cert is not none and kolla_internal_tls_cert | length \u003e 0 %}"},{"line_number":183,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":184,"context_line":"{% endif %}"},{"line_number":185,"context_line":"kolla_external_fqdn_cacert: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":186,"context_line":"kolla_internal_fqdn_cacert: \"{{ kolla_internal_fqdn_cacert }}\""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"################"},{"line_number":189,"context_line":"# Region options"}],"source_content_type":"text/x-jinja2","patch_set":4,"id":"bf51134e_c30f40df","line":186,"range":{"start_line":185,"start_character":0,"end_line":186,"end_character":62},"in_reply_to":"ff570b3c_1e3691b5","updated":"2020-06-17 16:31:45.000000000","message":"Of course, and that was my patch…","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"}],"doc/source/configuration/kolla-ansible.rst":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"c416b5e8d146f4ec4dd0fce3f26fcb984b00636f","unresolved":false,"context_lines":[{"line_number":336,"context_line":"       backend-cert.pem"},{"line_number":337,"context_line":"       backend-key.pem"},{"line_number":338,"context_line":""},{"line_number":339,"context_line":"See the Kolla Ansible documentation for how to provide service and/or"},{"line_number":340,"context_line":"host-specific certificates and keys."},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Custom Global Variables"},{"line_number":343,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_fbdd3241","line":340,"range":{"start_line":339,"start_character":0,"end_line":340,"end_character":36},"updated":"2020-06-04 15:00:17.000000000","message":"Is there a single page we can link to?","commit_id":"54afa93a042632346e029c03c9b33a5e6636eefc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e6d67f482be4485056fd21378cc573ad6ae4bf37","unresolved":false,"context_lines":[{"line_number":336,"context_line":"       backend-cert.pem"},{"line_number":337,"context_line":"       backend-key.pem"},{"line_number":338,"context_line":""},{"line_number":339,"context_line":"See the Kolla Ansible documentation for how to provide service and/or"},{"line_number":340,"context_line":"host-specific certificates and keys."},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Custom Global Variables"},{"line_number":343,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_1b8106c4","line":340,"range":{"start_line":339,"start_character":0,"end_line":340,"end_character":36},"in_reply_to":"ff570b3c_fbdd3241","updated":"2020-06-04 15:09:03.000000000","message":"Added a link.","commit_id":"54afa93a042632346e029c03c9b33a5e6636eefc"}],"releasenotes/notes/custom-certificates-5f2c1fff6503b77a.yaml":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"e0f0983cc8a72c945a57d2b01e7ce60897458a59","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    \u003chttps://storyboard.openstack.org/#!/story/2007679\u003e`__ for details."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    Reverts to use the Kolla Ansible default value for"},{"line_number":10,"context_line":"    ``kolla_external_fqdn_cert`` and ``kolla_internal_fqdn_cert`` when"},{"line_number":11,"context_line":"    ``kolla_external_tls_cert`` and ``kolla_internal_tls_cert`` are"},{"line_number":12,"context_line":"    respectively not set. This allows for the standard Kolla Ansible"},{"line_number":13,"context_line":"    configuration approach of dropping these certificates into the"},{"line_number":14,"context_line":"    ``$KAYOBE_CONFIG_PATH/kolla/certificates`` directory, rather than defining"},{"line_number":15,"context_line":"    them as variables. This can be useful if using the ``kolla-ansible"},{"line_number":16,"context_line":"    certificates`` command to generate certificates for testing."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ff570b3c_3c35cff7","line":16,"range":{"start_line":9,"start_character":0,"end_line":16,"end_character":64},"updated":"2020-06-05 14:10:14.000000000","message":"This part isn\u0027t really clear. If you run ``kolla-ansible certificates`` without custom config, it will try to generate them into ``$KOLLA_CONFIG_PATH/certificates`` rather than ``$KAYOBE_CONFIG_PATH/kolla/certificates``.\n\nIn my experience this fails unless ``kolla_external_fqdn_cacert`` is also set.","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"570c3561e44611bedf989ad2205aeb9d1c17aa59","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    \u003chttps://storyboard.openstack.org/#!/story/2007679\u003e`__ for details."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    Reverts to use the Kolla Ansible default value for"},{"line_number":10,"context_line":"    ``kolla_external_fqdn_cert`` and ``kolla_internal_fqdn_cert`` when"},{"line_number":11,"context_line":"    ``kolla_external_tls_cert`` and ``kolla_internal_tls_cert`` are"},{"line_number":12,"context_line":"    respectively not set. This allows for the standard Kolla Ansible"},{"line_number":13,"context_line":"    configuration approach of dropping these certificates into the"},{"line_number":14,"context_line":"    ``$KAYOBE_CONFIG_PATH/kolla/certificates`` directory, rather than defining"},{"line_number":15,"context_line":"    them as variables. This can be useful if using the ``kolla-ansible"},{"line_number":16,"context_line":"    certificates`` command to generate certificates for testing."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf51134e_c341000e","line":16,"range":{"start_line":9,"start_character":0,"end_line":16,"end_character":64},"in_reply_to":"ff570b3c_2b9c4669","updated":"2020-06-17 16:31:45.000000000","message":"I was thinking exactly about instructions for generating certificates in the right place through Kayobe. This will do for now and we can improve in another patch.","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"dd626c998c7cd458ce90cd0149d815b04144f020","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    \u003chttps://storyboard.openstack.org/#!/story/2007679\u003e`__ for details."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    Reverts to use the Kolla Ansible default value for"},{"line_number":10,"context_line":"    ``kolla_external_fqdn_cert`` and ``kolla_internal_fqdn_cert`` when"},{"line_number":11,"context_line":"    ``kolla_external_tls_cert`` and ``kolla_internal_tls_cert`` are"},{"line_number":12,"context_line":"    respectively not set. This allows for the standard Kolla Ansible"},{"line_number":13,"context_line":"    configuration approach of dropping these certificates into the"},{"line_number":14,"context_line":"    ``$KAYOBE_CONFIG_PATH/kolla/certificates`` directory, rather than defining"},{"line_number":15,"context_line":"    them as variables. This can be useful if using the ``kolla-ansible"},{"line_number":16,"context_line":"    certificates`` command to generate certificates for testing."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ff570b3c_2b9c4669","line":16,"range":{"start_line":9,"start_character":0,"end_line":16,"end_character":64},"in_reply_to":"ff570b3c_3c35cff7","updated":"2020-06-08 18:26:15.000000000","message":"It\u0027s necessary but not sufficient :) I got it working by running \u0027kolla-ansible certificates -e kolla_certificates_dir\u003d$KAYOBE_CONFIG_PATH/kolla/certificates\u0027, and setting kolla_external_fqdn_cacert. It would be nice if it was a bit smoother, and it needs documenting.\n\nWhat do you think we should say here?","commit_id":"1d12ca545e33511b7584662d57639ee6a10aa7cc"}]}