)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"12b29a00a1cc4b17c0c9a42b0728ab7b157fbafa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"665e5d11_ad92bb35","updated":"2026-04-17 17:20:18.000000000","message":"I think it was deliberately not using the kolla certificates directory since this is not a kolla deployed service. What issue was this fixing?","commit_id":"4e6cf42400c3364e652428f1d2272a55526e3734"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"207af6d6dae9f2a1195f9e9d193f6ecf7e2eec75","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"dfef2d61_621396a2","in_reply_to":"665e5d11_ad92bb35","updated":"2026-04-17 21:35:38.000000000","message":"1. we definitely historically use kolla-ansible certificates starting from: https://storyboard.openstack.org/#!/story/2007679\n2. even kolla-ansible tests in the kayobe use the correct path: https://github.com/openstack/kayobe/blob/master/ansible/roles/kolla-ansible/tests/test-globals-merge.yml#L68\n3. for dev we also create the certificates in the correct path: https://github.com/openstack/kayobe/blob/master/dev/functions#L464\n4. this fixes the issue with failed file lookups in deploy when kolla_libvirt_tls enabled and also the issue when compute_libvirt_enabled enabled.","commit_id":"4e6cf42400c3364e652428f1d2272a55526e3734"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"81bf25414055bf8b242176d71fdfdbc4e5ab9bd7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"f7f75e5e_e842a2c6","in_reply_to":"a7352a6d_8448a157","updated":"2026-04-30 15:14:45.000000000","message":"Sure, but:\n1. Variable ``certificates_libvirt_output_dir`` is the ``Directory into which to copy generated certificates and keys for libvirt TLS.`` as said in the https://opendev.org/openstack/kolla-ansible/src/branch/master/ansible/roles/certificates/defaults/main.yml#L10.\n2. The source form these files are copied is: ``certificates_libvirt_dir: \"{{ kolla_certificates_dir }}/private/libvirt\"``.\nSo the path was incorrectly provided in the I73fef63fb886a9d543d2f4231fb009523495edb3 and this change fixes the issue.","commit_id":"4e6cf42400c3364e652428f1d2272a55526e3734"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"1376252d314211fece622070b61055fa106555fd","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"a7352a6d_8448a157","in_reply_to":"dfef2d61_621396a2","updated":"2026-04-20 08:57:58.000000000","message":"The CI has always output the certificates to the libvirt directory. You change this here:\n\nhttps://review.opendev.org/c/openstack/kayobe/+/984911/2/playbooks/kayobe-overcloud-base/globals.yml.j2#25\n\nThis is used by the kolla-ansible certificates script here:\n\nhttps://opendev.org/openstack/kolla-ansible/src/branch/master/ansible/roles/certificates/tasks/generate-libvirt.yml#L48-L76\n\nSo were testing the documented location ...So this is a breaking change without release note or deprecation.\n\nPotentially you issue stems from not overriding kolla_enable_nova_libvirt_container:\n\nhttps://opendev.org/openstack/kayobe/src/branch/master/ansible/roles/kolla-openstack/tasks/config.yml#L52\n\nI don\u0027t see a strong argument to change this directory to kolla/certificates. Does a symlink not work if you want to use kolla/certificates?","commit_id":"4e6cf42400c3364e652428f1d2272a55526e3734"}]}