)]}'
{"ansible/group_vars/all.yml":[{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"291fe40ed5cd710c02551c6fec57bef864a71aa2","unresolved":false,"context_lines":[{"line_number":568,"context_line":"rabbitmq_version: \"rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin\""},{"line_number":569,"context_line":"outward_rabbitmq_user: \"openstack\""},{"line_number":570,"context_line":""},{"line_number":571,"context_line":"####################"},{"line_number":572,"context_line":"# Qdrouterd options"},{"line_number":573,"context_line":"####################"},{"line_number":574,"context_line":"qdrouterd_user: \"openstack\""}],"source_content_type":"text/x-yaml","patch_set":7,"id":"5f7c97a3_dd8d037d","line":571,"updated":"2018-07-16 17:31:47.000000000","message":"u","commit_id":"0dac1ea8e62c98385491dbebdf4a2c15dc186b67"},{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":83,"context_line":"####################"},{"line_number":84,"context_line":"# Database options"},{"line_number":85,"context_line":"####################"},{"line_number":86,"context_line":"database_address: \"{{ kolla_internal_vip_address }}\""},{"line_number":87,"context_line":"database_user: \"root\""},{"line_number":88,"context_line":"database_port: \"3306\""},{"line_number":89,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_7c678cb8","line":86,"updated":"2019-05-30 11:10:13.000000000","message":"When TLS is enabled, `kolla_internal_fqdn` is resolving to `kolla_external_vip_address`","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"},{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":280,"context_line":"keystone_public_listen_port: \"{{ keystone_public_port }}\""},{"line_number":281,"context_line":"keystone_admin_port: \"35357\""},{"line_number":282,"context_line":"keystone_admin_listen_port: \"{{ keystone_admin_port }}\""},{"line_number":283,"context_line":"keystone_ssh_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + network_interface][\u0027ipv4\u0027][\u0027address\u0027] }}\""},{"line_number":284,"context_line":"keystone_ssh_port: \"8023\""},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"kibana_server_port: \"5601\""}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_dc0d58e8","line":283,"updated":"2019-05-30 11:10:13.000000000","message":"When TLS is enabled, `api_interface_address` is resolving to `127.0.0.1`.","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"830e43a3d28c15d44a6b09f5e0e56953f7608eb7","unresolved":false,"context_lines":[{"line_number":65,"context_line":""},{"line_number":66,"context_line":"# By default, Kolla API services bind to the network address assigned"},{"line_number":67,"context_line":"# to the api_interface.  Allow the bind address to be an override."},{"line_number":68,"context_line":"api_interface_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + api_interface][\u0027ipv4\u0027][\u0027address\u0027] if kolla_insecure_internal_endpoints|bool else \u0027127.0.0.1\u0027 }}\""},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"# This is used to get the ip corresponding to the storage_interface."},{"line_number":71,"context_line":"storage_interface_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + storage_interface][\u0027ipv4\u0027][\u0027address\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":46,"id":"7faddb67_1dc24b86","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":165},"updated":"2019-08-16 07:55:04.000000000","message":"no way to set it to loopback atm, things outside OS APIs also use this as the internal endpoint, gonna break a lot","commit_id":"5f7c0858b8cdc99976ef70832bba6147c738de06"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"c6e9a6aa318c4923aae8f00683bedc2856f197ce","unresolved":false,"context_lines":[{"line_number":65,"context_line":""},{"line_number":66,"context_line":"# By default, Kolla API services bind to the network address assigned"},{"line_number":67,"context_line":"# to the api_interface.  Allow the bind address to be an override."},{"line_number":68,"context_line":"api_interface_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + api_interface][\u0027ipv4\u0027][\u0027address\u0027] if kolla_insecure_internal_endpoints|bool else \u0027127.0.0.1\u0027 }}\""},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"# This is used to get the ip corresponding to the storage_interface."},{"line_number":71,"context_line":"storage_interface_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + storage_interface][\u0027ipv4\u0027][\u0027address\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":46,"id":"7faddb67_5d5a03f2","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":165},"in_reply_to":"7faddb67_1dc24b86","updated":"2019-08-16 07:59:39.000000000","message":"also, in some places (especially referencing multiple hosts at once) \u0027address\u0027 is used directly instead of this var","commit_id":"5f7c0858b8cdc99976ef70832bba6147c738de06"}],"ansible/roles/haproxy-config/templates/haproxy_single_service_listen.cfg.j2":[{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":45,"context_line":"    {% endif %}"},{"line_number":46,"context_line":"    {{ \"bind %s:%s %s\"|e|format(vip_address, service_port, tls_option)|trim() }}"},{"line_number":47,"context_line":"    {% if not kolla_insecure_internal_endpoints|bool and service_mode !\u003d \u0027tcp\u0027 %}"},{"line_number":48,"context_line":"    {{ \"bind %s:%s %s\"|e|format(hostvars[inventory_hostname][\u0027ansible_\u0027 + kolla_external_vip_interface][\u0027ipv4\u0027][\u0027address\u0027], service_port, tls_option)|trim() }}"},{"line_number":49,"context_line":"    {% endif %}"},{"line_number":50,"context_line":"    {# Redirect mode sets a redirect scheme instead of members #}"},{"line_number":51,"context_line":"    {% if service_mode \u003d\u003d \u0027redirect\u0027 %}"}],"source_content_type":"text/x-jinja2","patch_set":31,"id":"bfb3d3c7_7ce0ec26","line":48,"updated":"2019-05-30 11:10:13.000000000","message":"When internal TLS is enabled, it\u0027s assumed that if local backend is unavailable, connection will be forwarded to remote HAProxy - for that to work all HAProxy must listen on some interface.\n\nFor now I\u0027m listening on the external interface, to not clash with backends that are already listening on the same port, but the internal interface - not sure if that\u0027s the best approach.\n\nAlso, we\u0027re doing that only for HTTP services - that lets us keep existing configuration for TCP services (rabbit, mariadb and and memcached).","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"},{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"742b63cf4ffb96da5a79659d8df6b22ebb07840b","unresolved":false,"context_lines":[{"line_number":65,"context_line":"                {% elif not kolla_insecure_internal_endpoints|bool and service_mode !\u003d \u0027tcp\u0027 %}"},{"line_number":66,"context_line":"                    {% set host_ip \u003d hostvars[host][\u0027ansible_\u0027 + kolla_external_vip_interface][\u0027ipv4\u0027][\u0027address\u0027] %}"},{"line_number":67,"context_line":"                    {% if kolla_verify_tls %}"},{"line_number":68,"context_line":"                        {% set extra_server_args \u003d \"backup ssl verify required ca-file %s verifyhost %s\"|format(haproxy_ca_certs_bundle, kolla_external_vip_address) %}"},{"line_number":69,"context_line":"                    {% endif %}"},{"line_number":70,"context_line":"                        {% set extra_server_args \u003d \"backup ssl verify none\" %}"},{"line_number":71,"context_line":"                {% else %}"}],"source_content_type":"text/x-jinja2","patch_set":31,"id":"bfb3d3c7_9c8040f7","line":68,"updated":"2019-05-30 11:18:20.000000000","message":"P.S. `backup` means that we\u0027re not doing loadbalancing between backends which is probably not what we want","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"},{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":67,"context_line":"                    {% if kolla_verify_tls %}"},{"line_number":68,"context_line":"                        {% set extra_server_args \u003d \"backup ssl verify required ca-file %s verifyhost %s\"|format(haproxy_ca_certs_bundle, kolla_external_vip_address) %}"},{"line_number":69,"context_line":"                    {% endif %}"},{"line_number":70,"context_line":"                        {% set extra_server_args \u003d \"backup ssl verify none\" %}"},{"line_number":71,"context_line":"                {% else %}"},{"line_number":72,"context_line":"                    {% set host_ip \u003d hostvars[host][api_interface][\u0027ipv4\u0027][\u0027address\u0027] %}"},{"line_number":73,"context_line":"                {% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":31,"id":"bfb3d3c7_9cc840a6","line":70,"updated":"2019-05-30 11:10:13.000000000","message":"If `kolla_verify_tls` is true, then skip certificate verification on remote haproxies.","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"}],"ansible/roles/haproxy/defaults/main.yml":[{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":62,"context_line":""},{"line_number":63,"context_line":"# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options"},{"line_number":64,"context_line":"haproxy_defaults_balance: \"roundrobin\""},{"line_number":65,"context_line":"haproxy_ca_certs_bundle: \"{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_3ca114f9","line":65,"updated":"2019-05-30 11:10:13.000000000","message":"Solves difference in the bundle name between Debian and RHEL families (not sure about SuSE)","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"}],"ansible/roles/keystone/tasks/register.yml":[{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":22,"context_line":"      region_name: \"{{ openstack_region_name }}\""},{"line_number":23,"context_line":"      auth: \"{{ openstack_keystone_auth }}\""},{"line_number":24,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":25,"context_line":"      validate_certs: \"{{ kolla_verify_tls|bool }}\""},{"line_number":26,"context_line":"  run_once: True"},{"line_number":27,"context_line":"  with_items:"},{"line_number":28,"context_line":"    - { interface: admin, url: \"{{ keystone_admin_url }}\" }"}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_1c9e90b8","line":25,"updated":"2019-05-30 11:10:13.000000000","message":"This lets us communicate with keystone API when using untrusted SSL certificate -has to be done for all roles.","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"}],"ansible/roles/mariadb/defaults/main.yml":[{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":50,"context_line":"internal_haproxy_members: \"{% for host in groups[\u0027mariadb\u0027] %}server {{ hostvars[host][\u0027ansible_hostname\u0027] }} {{ hostvars[host][\u0027ansible_\u0027 + hostvars[host][\u0027api_interface\u0027]][\u0027ipv4\u0027][\u0027address\u0027] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}\""},{"line_number":51,"context_line":"external_haproxy_members: \"{% for host in groups[\u0027mariadb\u0027] %}server {{ host }} {{ host }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}\""},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"mariadb_interface_address: \"{{ hostvars[inventory_hostname][\u0027ansible_\u0027 + network_interface][\u0027ipv4\u0027][\u0027address\u0027] }}\""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"####################"},{"line_number":56,"context_line":"# Docker"}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_bc6744e9","line":53,"updated":"2019-05-30 11:10:13.000000000","message":"Once TLS is enabled `api_interface_address` evaluates to `127.0.0.1` and that\u0027s not what we want for mariadb","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"}],"ansible/roles/mariadb/tasks/register.yml":[{"author":{"_account_id":16036,"name":"Krzysztof Klimonda","email":"kklimonda@syntaxhighlighted.com","username":"kklimonda"},"change_message_id":"31539e5f6c44892ff8e58538957b6a0e5a6d03f8","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    module_name: mysql_user"},{"line_number":5,"context_line":"    module_args:"},{"line_number":6,"context_line":"      login_host: \"{{ mariadb_interface_address }}\""},{"line_number":7,"context_line":"      login_port: \"{{ database_port }}\""},{"line_number":8,"context_line":"      login_user: \"{{ database_user }}\""},{"line_number":9,"context_line":"      login_password: \"{{ database_password }}\""},{"line_number":10,"context_line":"      name: \"haproxy\""}],"source_content_type":"text/x-yaml","patch_set":31,"id":"bfb3d3c7_5c3408de","line":7,"range":{"start_line":7,"start_character":18,"end_line":7,"end_character":21},"updated":"2019-05-30 11:10:13.000000000","message":"Probably not needed (my own change) - is there a practical difference between `database_port` and `mariadb_port`? I\u0027ll probably revert that in the next patch set","commit_id":"a3523155031e0ab6166858ac13cd19a8a932fd87"}]}