)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"To securely support live migration between computenodes we should enable"},{"line_number":10,"context_line":"tls, with cert auth, instead of TCP with no auth support."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: I22ea6233933c840b853fdcc8e03400b2bf577271"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"3fce034c_f0835c55","line":11,"updated":"2019-04-12 09:06:40.000000000","message":"I have added a blueprint for this: https://blueprints.launchpad.net/kolla-ansible/+spec/libvirt-tls.\n\nPlease add:\n\nImplements: blueprint libvirt-tls","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"To securely support live migration between computenodes we should enable"},{"line_number":10,"context_line":"tls, with cert auth, instead of TCP with no auth support."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: I22ea6233933c840b853fdcc8e03400b2bf577271"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"3fce034c_a6083328","line":11,"in_reply_to":"3fce034c_f0835c55","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"}],"ansible/roles/nova/defaults/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8521a3a5176948f7afddc8c7cf3e60db3db3da9c","unresolved":false,"context_lines":[{"line_number":354,"context_line":"nova_enable_rolling_upgrade: \"yes\""},{"line_number":355,"context_line":"nova_safety_upgrade: \"no\""},{"line_number":356,"context_line":""},{"line_number":357,"context_line":"nova_libvirt_port: {% if libvirt_tls %} \"16514\" {% else %} \"16509\" {% endif %}"},{"line_number":358,"context_line":"nova_ssh_port: \"8022\""},{"line_number":359,"context_line":""},{"line_number":360,"context_line":"nova_services_require_nova_conf:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_88183476","line":357,"range":{"start_line":357,"start_character":39,"end_line":357,"end_character":40},"updated":"2019-04-08 09:43:32.000000000","message":"spaces might cause problems?","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":354,"context_line":"nova_enable_rolling_upgrade: \"yes\""},{"line_number":355,"context_line":"nova_safety_upgrade: \"no\""},{"line_number":356,"context_line":""},{"line_number":357,"context_line":"nova_libvirt_port: {% if libvirt_tls %} \"16514\" {% else %} \"16509\" {% endif %}"},{"line_number":358,"context_line":"nova_ssh_port: \"8022\""},{"line_number":359,"context_line":""},{"line_number":360,"context_line":"nova_services_require_nova_conf:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_20fb4b7b","line":357,"range":{"start_line":357,"start_character":39,"end_line":357,"end_character":40},"in_reply_to":"5fc1f717_88183476","updated":"2019-04-08 20:16:15.000000000","message":"Done","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8521a3a5176948f7afddc8c7cf3e60db3db3da9c","unresolved":false,"context_lines":[{"line_number":400,"context_line":"# responsible for making the TLS certs show up in the config directories"},{"line_number":401,"context_line":"# also means the deployer is responsible for restarting the nova_compute and"},{"line_number":402,"context_line":"# nova_libvirt containers when the key changes, as we can\u0027t know when to do that"},{"line_number":403,"context_line":"libvirt_tls_manage_certs: true"},{"line_number":404,"context_line":""},{"line_number":405,"context_line":"####################"},{"line_number":406,"context_line":"# Kolla"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_68894873","line":403,"range":{"start_line":403,"start_character":0,"end_line":403,"end_character":24},"updated":"2019-04-08 09:43:32.000000000","message":"We could use the find module with delegate_to: localhost to look for certs on localhost, then copy them if they exist.\n\nFor the API certs, we always expect them to exist on localhost. It\u0027s not always easy to know the best way to generate them. We could add libvirt cert support to the certificates role if that helps?","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":400,"context_line":"# responsible for making the TLS certs show up in the config directories"},{"line_number":401,"context_line":"# also means the deployer is responsible for restarting the nova_compute and"},{"line_number":402,"context_line":"# nova_libvirt containers when the key changes, as we can\u0027t know when to do that"},{"line_number":403,"context_line":"libvirt_tls_manage_certs: true"},{"line_number":404,"context_line":""},{"line_number":405,"context_line":"####################"},{"line_number":406,"context_line":"# Kolla"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_8099df1f","line":403,"range":{"start_line":403,"start_character":0,"end_line":403,"end_character":24},"in_reply_to":"5fc1f717_68894873","updated":"2019-04-08 20:16:15.000000000","message":"We have tooling/workflow already that puts client/server ssl certs on boxes generated from an internal CA.  So the reason why I have that here is specifically to work with our use case, that we will ensure the certs are already on the servers, and just need them to be integrated into the container so that they are used correctly.","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":404,"context_line":"# When using tls we are verfiying the hostname we are connected to matches the"},{"line_number":405,"context_line":"# libvirt cert we are presented.  As such we can\u0027t use IP\u0027s here, but keep the"},{"line_number":406,"context_line":"# ability for people to override the hostname to use."},{"line_number":407,"context_line":"migration_hostname: \"{{ inventory_hostname }}\""},{"line_number":408,"context_line":""},{"line_number":409,"context_line":"####################"},{"line_number":410,"context_line":"# Kolla"}],"source_content_type":"text/x-yaml","patch_set":16,"id":"7faddb67_9ba1ee49","line":407,"range":{"start_line":407,"start_character":24,"end_line":407,"end_character":42},"updated":"2019-08-08 09:04:42.000000000","message":"I don\u0027t think this is the right value to use - it might not match the hostname. We have 3 choices here - ansible_hostname, ansible_nodename or ansible_fqdn. I expect we\u0027d want a domain if present, so that rules out ansible_hostname. We use ansible_nodename to match what nova-compute uses as the \u0027host\u0027 field in registered services.","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"}],"ansible/roles/nova/tasks/config-libvirt-tls.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- name: Copying over libvirt ssl keys {{ file }}"},{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  copy:"},{"line_number":5,"context_line":"    src: \"{{ first_found }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_f0e83c17","line":2,"range":{"start_line":2,"start_character":29,"end_line":2,"end_character":32},"updated":"2019-04-12 09:06:40.000000000","message":"nit: TLS","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- name: Copying over libvirt ssl keys {{ file }}"},{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  copy:"},{"line_number":5,"context_line":"    src: \"{{ first_found }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_860f372d","line":2,"range":{"start_line":2,"start_character":29,"end_line":2,"end_character":32},"in_reply_to":"3fce034c_f0e83c17","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"}],"ansible/roles/nova/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":118,"context_line":"  notify:"},{"line_number":119,"context_line":"    - Restart nova-libvirt container"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"- name: Copying over libvirt ssl keys (nova-libvirt)"},{"line_number":122,"context_line":"  include_tasks: \"config-libvirt-tls.yml\""},{"line_number":123,"context_line":"  vars:"},{"line_number":124,"context_line":"    service: \"{{ nova_services[\u0027nova-libvirt\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_103ce891","line":121,"range":{"start_line":121,"start_character":29,"end_line":121,"end_character":32},"updated":"2019-04-12 09:06:40.000000000","message":"nit: TLS","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":118,"context_line":"  notify:"},{"line_number":119,"context_line":"    - Restart nova-libvirt container"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"- name: Copying over libvirt ssl keys (nova-libvirt)"},{"line_number":122,"context_line":"  include_tasks: \"config-libvirt-tls.yml\""},{"line_number":123,"context_line":"  vars:"},{"line_number":124,"context_line":"    service: \"{{ nova_services[\u0027nova-libvirt\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_261c4369","line":121,"range":{"start_line":121,"start_character":29,"end_line":121,"end_character":32},"in_reply_to":"3fce034c_103ce891","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":136,"context_line":"    - serverkey.pem"},{"line_number":137,"context_line":"    - clientcert.pem"},{"line_number":138,"context_line":"    - clientkey.pem"},{"line_number":139,"context_line":"  notify:"},{"line_number":140,"context_line":"    - Restart nova-libvirt container"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"- name: Copying over libvirt ssl keys (nova-compute)"},{"line_number":143,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_d0d0a053","line":140,"range":{"start_line":139,"start_character":0,"end_line":140,"end_character":36},"updated":"2019-04-12 09:06:40.000000000","message":"I think this needs to go in the included file, and use Restart {{ service_name }} container.","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":136,"context_line":"    - serverkey.pem"},{"line_number":137,"context_line":"    - clientcert.pem"},{"line_number":138,"context_line":"    - clientkey.pem"},{"line_number":139,"context_line":"  notify:"},{"line_number":140,"context_line":"    - Restart nova-libvirt container"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"- name: Copying over libvirt ssl keys (nova-compute)"},{"line_number":143,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_46194f77","line":140,"range":{"start_line":139,"start_character":0,"end_line":140,"end_character":36},"in_reply_to":"3fce034c_d0d0a053","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    - Restart nova-libvirt container"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"- name: Copying over libvirt ssl keys (nova-compute)"},{"line_number":143,"context_line":"  become: true"},{"line_number":144,"context_line":"  vars:"},{"line_number":145,"context_line":"    service: \"{{ nova_services[\u0027nova-compute\u0027] }}\""},{"line_number":146,"context_line":"    service_name: nova-compute"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_305484ca","line":143,"range":{"start_line":143,"start_character":2,"end_line":143,"end_character":14},"updated":"2019-04-12 09:06:40.000000000","message":"nit: don\u0027t need become for the include.","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    - Restart nova-libvirt container"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"- name: Copying over libvirt ssl keys (nova-compute)"},{"line_number":143,"context_line":"  become: true"},{"line_number":144,"context_line":"  vars:"},{"line_number":145,"context_line":"    service: \"{{ nova_services[\u0027nova-compute\u0027] }}\""},{"line_number":146,"context_line":"    service_name: nova-compute"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fce034c_062d8794","line":143,"range":{"start_line":143,"start_character":2,"end_line":143,"end_character":14},"in_reply_to":"3fce034c_305484ca","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":124,"context_line":"    service: \"{{ nova_services[\u0027nova-libvirt\u0027] }}\""},{"line_number":125,"context_line":"    service_name: nova-libvirt"},{"line_number":126,"context_line":"    file: \"{{ item }}\""},{"line_number":127,"context_line":"  register: nova_libvirt_tls"},{"line_number":128,"context_line":"  when:"},{"line_number":129,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":130,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":16,"id":"7faddb67_db4e8695","line":127,"range":{"start_line":127,"start_character":2,"end_line":127,"end_character":28},"updated":"2019-08-08 09:04:42.000000000","message":"Not required after \u0027simplify handlers\u0027 change.","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    service: \"{{ nova_services[\u0027nova-compute\u0027] }}\""},{"line_number":144,"context_line":"    service_name: nova-compute"},{"line_number":145,"context_line":"    file: \"{{ item }}\""},{"line_number":146,"context_line":"  register: nova_compute_tls"},{"line_number":147,"context_line":"  when:"},{"line_number":148,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":149,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":16,"id":"7faddb67_7b43d26d","line":146,"range":{"start_line":146,"start_character":2,"end_line":146,"end_character":28},"updated":"2019-08-08 09:04:42.000000000","message":"Not required after \u0027simplify handlers\u0027 change.","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"}],"ansible/roles/nova/templates/libvirt_clientcert.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3cb1bd49551f8620f61917c8c0fef537a52c704b","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{{ libvirt.client.cert }}"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_43dd4f12","line":1,"updated":"2019-04-08 10:43:28.000000000","message":"nit: You don\u0027t need a template to do this:\n\ncopy:\n  content: \"{{ libvirt.client.cert }}\"\n  dest: /path/to/file","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{{ libvirt.client.cert }}"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_20b34b9c","line":1,"in_reply_to":"5fc1f717_43dd4f12","updated":"2019-04-08 20:16:15.000000000","message":"Done, I was following the nova_ssh process, that used templates like this vs\u0027s copy with content.","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"}],"ansible/roles/nova/templates/libvirtd.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8521a3a5176948f7afddc8c7cf3e60db3db3da9c","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% if libvirt_tls %}"},{"line_number":2,"context_line":"listen_tls \u003d 1"},{"line_number":3,"context_line":"listen_tcp \u003d 0"},{"line_number":4,"context_line":"tls_port \u003d \"{{ nova_libvirt_port }}\""}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_6d515a36","line":1,"range":{"start_line":1,"start_character":6,"end_line":1,"end_character":17},"updated":"2019-04-08 09:43:32.000000000","message":"| bool","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% if libvirt_tls %}"},{"line_number":2,"context_line":"listen_tls \u003d 1"},{"line_number":3,"context_line":"listen_tcp \u003d 0"},{"line_number":4,"context_line":"tls_port \u003d \"{{ nova_libvirt_port }}\""}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_c08a87ba","line":1,"range":{"start_line":1,"start_character":6,"end_line":1,"end_character":17},"in_reply_to":"5fc1f717_6d515a36","updated":"2019-04-08 20:16:15.000000000","message":"Done","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8521a3a5176948f7afddc8c7cf3e60db3db3da9c","unresolved":false,"context_lines":[{"line_number":3,"context_line":"listen_tcp \u003d 0"},{"line_number":4,"context_line":"tls_port \u003d \"{{ nova_libvirt_port }}\""},{"line_number":5,"context_line":"key_file \u003d /etc/pki/libvirt/private/serverkey.pem"},{"line_number":6,"context_line":"cert_file \u003d /etc/pki/libivrt/servercert.pem"},{"line_number":7,"context_line":"ca_file \u003d /etc/pki/CA/cacert.pem"},{"line_number":8,"context_line":"{% else %}"},{"line_number":9,"context_line":"listen_tcp \u003d 1"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_ed5c6a4c","line":6,"range":{"start_line":6,"start_character":21,"end_line":6,"end_character":28},"updated":"2019-04-08 09:43:32.000000000","message":"libvirt","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":3,"context_line":"listen_tcp \u003d 0"},{"line_number":4,"context_line":"tls_port \u003d \"{{ nova_libvirt_port }}\""},{"line_number":5,"context_line":"key_file \u003d /etc/pki/libvirt/private/serverkey.pem"},{"line_number":6,"context_line":"cert_file \u003d /etc/pki/libivrt/servercert.pem"},{"line_number":7,"context_line":"ca_file \u003d /etc/pki/CA/cacert.pem"},{"line_number":8,"context_line":"{% else %}"},{"line_number":9,"context_line":"listen_tcp \u003d 1"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"5fc1f717_a08dfbd4","line":6,"range":{"start_line":6,"start_character":21,"end_line":6,"end_character":28},"in_reply_to":"5fc1f717_ed5c6a4c","updated":"2019-04-08 20:16:15.000000000","message":"Done","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"}],"ansible/roles/nova/templates/nova-compute.json.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1df12e7e876d18c6f64eb60c5543e341a0d5350d","unresolved":false,"context_lines":[{"line_number":28,"context_line":"        {"},{"line_number":29,"context_line":"            \"source\": \"{{ container_config_directory }}/clientkey.pem\","},{"line_number":30,"context_line":"            \"dest\": \"/etc/pki/libvirt/private/clientkey.pem\","},{"line_number":31,"context_line":"            \"owner\": \"nova\","},{"line_number":32,"context_line":"            \"perm\": \"0600\""},{"line_number":33,"context_line":"        },"},{"line_number":34,"context_line":"        {"},{"line_number":35,"context_line":"            \"source\": \"{{ container_config_directory }}/clientcert.pem\","}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"3fce034c_f0d27c34","line":32,"range":{"start_line":31,"start_character":0,"end_line":32,"end_character":26},"updated":"2019-04-12 09:06:40.000000000","message":"Optional: I know we don\u0027t follow it elsewhere, but the security guide suggests using these perms for config files and sensitive data:\n\nowner: root:nova\nperm: 0640\n\nI know some people who would like to propose these changes soon, so it seems like a good time to start. WDYT?","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"fb048b48cbff8a9a1c3b7cc0e0104ebf00a7d4ce","unresolved":false,"context_lines":[{"line_number":28,"context_line":"        {"},{"line_number":29,"context_line":"            \"source\": \"{{ container_config_directory }}/clientkey.pem\","},{"line_number":30,"context_line":"            \"dest\": \"/etc/pki/libvirt/private/clientkey.pem\","},{"line_number":31,"context_line":"            \"owner\": \"nova\","},{"line_number":32,"context_line":"            \"perm\": \"0600\""},{"line_number":33,"context_line":"        },"},{"line_number":34,"context_line":"        {"},{"line_number":35,"context_line":"            \"source\": \"{{ container_config_directory }}/clientcert.pem\","}],"source_content_type":"text/x-jinja2","patch_set":10,"id":"3fce034c_c6269fb8","line":32,"range":{"start_line":31,"start_character":0,"end_line":32,"end_character":26},"in_reply_to":"3fce034c_f0d27c34","updated":"2019-04-12 19:59:54.000000000","message":"Done","commit_id":"606d2edb40c079abe5431e0ae6860ef5b7d1884f"}],"doc/source/contributor/CONTRIBUTING.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":130,"context_line":"  the database tables, and other initial run time config."},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"- ``Start``: Start the service(s)."},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"Adding a release note"},{"line_number":135,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"All new features should have a documented release note.  To add a release note"},{"line_number":138,"context_line":"run the following command:"},{"line_number":139,"context_line":""},{"line_number":140,"context_line":".. code-block:: console"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"   tox -e venv -- reno new \u003cfeature-being-added\u003e"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_dbdf660a","line":142,"range":{"start_line":133,"start_character":0,"end_line":142,"end_character":48},"updated":"2019-08-08 09:04:42.000000000","message":"We now have this in the documentation elsewhere.","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"}],"doc/source/reference/compute/libvirt-tls-guide.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":1,"context_line":".. libvirt-tls-guide:"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":"Libvirt TLS"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_bbc4ea0f","line":1,"updated":"2019-08-08 09:04:42.000000000","message":"Nice documentation, thanks.","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Libvirt TLS"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"The default configuration of kolla-ansible is to run libvirt over tcp, with"},{"line_number":8,"context_line":"auth disabled. As long as one takes steps to protect who can access the port"},{"line_number":9,"context_line":"this works well. However, in the case where you want live-migration to be"},{"line_number":10,"context_line":"allowed across hypervisors one may want to either add some level of"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_db08c692","line":7,"range":{"start_line":7,"start_character":66,"end_line":7,"end_character":69},"updated":"2019-08-08 09:04:42.000000000","message":"TCP","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":9,"context_line":"this works well. However, in the case where you want live-migration to be"},{"line_number":10,"context_line":"allowed across hypervisors one may want to either add some level of"},{"line_number":11,"context_line":"authentication to the connections or make sure VM data is passed between HV\u0027s"},{"line_number":12,"context_line":"in a secure manner. To do this we can enable tls for libvirt and make nova use"},{"line_number":13,"context_line":"it."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Use libvirt TLS"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_bb038a76","line":12,"range":{"start_line":12,"start_character":45,"end_line":12,"end_character":48},"updated":"2019-08-08 09:04:42.000000000","message":"TLS","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Use libvirt TLS"},{"line_number":16,"context_line":"~~~~~~~~~~~~~~~"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Libvirt TLS can be enabled in kolla-ansbile by setting the following option in"},{"line_number":19,"context_line":"``/etc/kolla/globals.yml``:"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_9b024e6f","line":18,"range":{"start_line":18,"start_character":30,"end_line":18,"end_character":43},"updated":"2019-08-08 09:04:42.000000000","message":"Kolla Ansible (spelling)","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":23,"context_line":"   libvirt_tls: \"yes\""},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Creation of the TLS certificates is currently out-of-scope for kolla-ansible."},{"line_number":26,"context_line":"So you will need either use an already existing Internal CA or you will need to"},{"line_number":27,"context_line":"generate your own offline CA. For the TLS communication to work correctly you"},{"line_number":28,"context_line":"will have to supply kolla-ansible the following pieces of information:"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_fbf02294","line":26,"updated":"2019-08-08 09:04:42.000000000","message":"to","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":37,"context_line":""},{"line_number":38,"context_line":"  - This is private key for the server, this is no different than the private"},{"line_number":39,"context_line":"    key of an ssl cert. It should be carefully protected, just like the"},{"line_number":40,"context_line":"    private key of an ssl cert."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"* servercert.pem"},{"line_number":43,"context_line":""}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_9b37ae4e","line":40,"range":{"start_line":40,"start_character":22,"end_line":40,"end_character":25},"updated":"2019-08-08 09:04:42.000000000","message":"TLS","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  - This is the client cert that nova-compute/libvirt will present when it is"},{"line_number":57,"context_line":"    connection to libvirt. Think of this as the public side of an ssh key."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Kolla_ansible will for these files for each compute node in the following"},{"line_number":60,"context_line":"locations and order:"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_1bee5eb4","line":59,"range":{"start_line":59,"start_character":0,"end_line":59,"end_character":13},"updated":"2019-08-08 09:04:42.000000000","message":"Kolla Ansible","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  - This is the client cert that nova-compute/libvirt will present when it is"},{"line_number":57,"context_line":"    connection to libvirt. Think of this as the public side of an ssh key."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Kolla_ansible will for these files for each compute node in the following"},{"line_number":60,"context_line":"locations and order:"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_bb286aee","line":59,"range":{"start_line":59,"start_character":18,"end_line":59,"end_character":19},"updated":"2019-08-08 09:04:42.000000000","message":"search?","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":57,"context_line":"    connection to libvirt. Think of this as the public side of an ssh key."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Kolla_ansible will for these files for each compute node in the following"},{"line_number":60,"context_line":"locations and order:"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":63,"context_line":"- ``/etc/kolla/libvirt-tls/``"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_3b6a3a1b","line":60,"updated":"2019-08-08 09:04:42.000000000","message":"Can we just clarify that this is on the host where kolla-ansible is executed?","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":63,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"In most cases you will want to have a unique set of server and client certs and"},{"line_number":66,"context_line":"keys per HV and with a common CA cert. In this case you would place each of"},{"line_number":67,"context_line":"the server/client cert and key pem files under"},{"line_number":68,"context_line":"``/etc/kolla/libvirt-tls/\u003chostname\u003e/`` and the CA cert under"},{"line_number":69,"context_line":"``/etc/kolla/libvirt-tls``."}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_db1686a8","line":66,"range":{"start_line":66,"start_character":9,"end_line":66,"end_character":11},"updated":"2019-08-08 09:04:42.000000000","message":"hypervisor","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":70,"context_line":""},{"line_number":71,"context_line":"However, it is possible to make use of wildcard server cert and a single client"},{"line_number":72,"context_line":"certificate that is shared by all servers. This will allow you to generate a"},{"line_number":73,"context_line":"single client cert and a single server cert that is shared across every HV. In"},{"line_number":74,"context_line":"this case you would store everything under ``/etc/kolla/libvirt-tls/``."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"On more option for deployers who already have automation to get TLS certs onto"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7faddb67_5b229603","line":73,"range":{"start_line":73,"start_character":72,"end_line":73,"end_character":74},"updated":"2019-08-08 09:04:42.000000000","message":"hypervisor","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"398be5fea110f094334d36d73ccadbdcb4e950a6","unresolved":false,"context_lines":[{"line_number":61,"context_line":"Kolla Ansible will search for these files for each compute node in the"},{"line_number":62,"context_line":"following locations and order on the host where Kolla Ansible is executed:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":65,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"In most cases you will want to have a unique set of server and client"}],"source_content_type":"text/x-rst","patch_set":17,"id":"3fa7e38b_75e3b934","line":64,"range":{"start_line":64,"start_character":15,"end_line":64,"end_character":26},"updated":"2019-09-19 08:50:57.000000000","message":"Why can\u0027t they live in libvirt?","commit_id":"b60a95b38b0465922d6785de9829d1dfff13d3b2"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"07ef839b87fbe15b80b8b2b3f4749226a732a30c","unresolved":false,"context_lines":[{"line_number":61,"context_line":"Kolla Ansible will search for these files for each compute node in the"},{"line_number":62,"context_line":"following locations and order on the host where Kolla Ansible is executed:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":65,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"In most cases you will want to have a unique set of server and client"}],"source_content_type":"text/x-rst","patch_set":17,"id":"3fa7e38b_eb0d8c37","line":64,"range":{"start_line":64,"start_character":15,"end_line":64,"end_character":26},"in_reply_to":"3fa7e38b_3036af05","updated":"2019-09-19 10:18:36.000000000","message":"+1 - the \u0027config\u0027 is there in code, though the rest of the path needs adaptation","commit_id":"b60a95b38b0465922d6785de9829d1dfff13d3b2"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"2e398047f21d5a29f0701eef31b91f579297cbf0","unresolved":false,"context_lines":[{"line_number":61,"context_line":"Kolla Ansible will search for these files for each compute node in the"},{"line_number":62,"context_line":"following locations and order on the host where Kolla Ansible is executed:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":65,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"In most cases you will want to have a unique set of server and client"}],"source_content_type":"text/x-rst","patch_set":17,"id":"3fa7e38b_3036af05","line":64,"range":{"start_line":64,"start_character":15,"end_line":64,"end_character":26},"in_reply_to":"3fa7e38b_55e47dac","updated":"2019-09-19 10:13:24.000000000","message":"Normally files for nova live under /etc/kolla/config/nova/. I think more importantly, I just realised we missed config/.\n\nHow about /etc/kolla/config/nova/libvirt/?","commit_id":"b60a95b38b0465922d6785de9829d1dfff13d3b2"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"fc6c4930b6e353f23c9a7bfaa0e2774bbf0e31bc","unresolved":false,"context_lines":[{"line_number":61,"context_line":"Kolla Ansible will search for these files for each compute node in the"},{"line_number":62,"context_line":"following locations and order on the host where Kolla Ansible is executed:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":65,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"In most cases you will want to have a unique set of server and client"}],"source_content_type":"text/x-rst","patch_set":17,"id":"3fa7e38b_55e47dac","line":64,"range":{"start_line":64,"start_character":15,"end_line":64,"end_character":26},"in_reply_to":"3fa7e38b_75e3b934","updated":"2019-09-19 09:22:10.000000000","message":"nova-libvirt * actually","commit_id":"b60a95b38b0465922d6785de9829d1dfff13d3b2"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"c2bd50c43c0b51fc963a2851519df2cfabe1c731","unresolved":false,"context_lines":[{"line_number":61,"context_line":"Kolla Ansible will search for these files for each compute node in the"},{"line_number":62,"context_line":"following locations and order on the host where Kolla Ansible is executed:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- ``/etc/kolla/libvirt-tls/\u003chostname\u003e/``"},{"line_number":65,"context_line":"- ``/etc/kolla/libvirt-tls/``"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"In most cases you will want to have a unique set of server and client"}],"source_content_type":"text/x-rst","patch_set":17,"id":"3fa7e38b_2b8f242b","line":64,"range":{"start_line":64,"start_character":15,"end_line":64,"end_character":26},"in_reply_to":"3fa7e38b_eb0d8c37","updated":"2019-09-19 10:51:24.000000000","message":"Actually it should be nova/nova-libvirt to follow the rest of k-a code.","commit_id":"b60a95b38b0465922d6785de9829d1dfff13d3b2"}],"etc/kolla/passwords.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8521a3a5176948f7afddc8c7cf3e60db3db3da9c","unresolved":false,"context_lines":[{"line_number":215,"context_line":"  private_key:"},{"line_number":216,"context_line":"  public_key:"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"libvirt:"},{"line_number":219,"context_line":"  server:"},{"line_number":220,"context_line":"    private_key:"},{"line_number":221,"context_line":"    cert:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_48ffac00","line":218,"range":{"start_line":218,"start_character":0,"end_line":218,"end_character":7},"updated":"2019-04-08 09:43:32.000000000","message":"It will be a bit cleaner to at least split into server, client and CA variables.","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"e371c88ea94a58a30500a91ecb55b6d04c3b3534","unresolved":false,"context_lines":[{"line_number":215,"context_line":"  private_key:"},{"line_number":216,"context_line":"  public_key:"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"libvirt:"},{"line_number":219,"context_line":"  server:"},{"line_number":220,"context_line":"    private_key:"},{"line_number":221,"context_line":"    cert:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_60bdd366","line":218,"range":{"start_line":218,"start_character":0,"end_line":218,"end_character":7},"in_reply_to":"5fc1f717_48ffac00","updated":"2019-04-08 20:16:15.000000000","message":"Done","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"4b4f53784a8f8144c07ecc7f01f2b2ebd41b169a","unresolved":false,"context_lines":[{"line_number":217,"context_line":""},{"line_number":218,"context_line":"libvirt:"},{"line_number":219,"context_line":"  server:"},{"line_number":220,"context_line":"    private_key:"},{"line_number":221,"context_line":"    cert:"},{"line_number":222,"context_line":"  client:"},{"line_number":223,"context_line":"    private_key:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5fc1f717_34d2c3d2","line":220,"range":{"start_line":220,"start_character":4,"end_line":220,"end_character":15},"updated":"2019-04-08 07:30:20.000000000","message":"should support create this with genpasswd","commit_id":"600a3287d93dbc094fba232b0ad2732e75455536"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"089c7ef9367178bc288df7858552c976aed41bac","unresolved":false,"context_lines":[{"line_number":215,"context_line":"  private_key:"},{"line_number":216,"context_line":"  public_key:"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"libvirt_server:"},{"line_number":219,"context_line":"  private_key:"},{"line_number":220,"context_line":"  cert:"},{"line_number":221,"context_line":""},{"line_number":222,"context_line":"libvirt_client:"},{"line_number":223,"context_line":"  private_key:"},{"line_number":224,"context_line":"  cert:"},{"line_number":225,"context_line":""},{"line_number":226,"context_line":"libvirt_ca:"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"####################"},{"line_number":229,"context_line":"# Gnocchi options"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"5fc1f717_9b22a4a2","line":226,"range":{"start_line":218,"start_character":0,"end_line":226,"end_character":11},"updated":"2019-04-09 11:39:21.000000000","message":"It\u0027s not clear to me how kolla-genpwd will generate these certificates. For the API cert we just provide a path to the cert file and expect the user to manage its creation.\n\nhttps://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration.html#tls-configuration","commit_id":"c8a630e523d412a94b986b84e5321f93ee845291"}],"releasenotes/notes/libvirt-tls-support-4ab81fbdbf5519d3.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds support for configuring libvirt with tls support.  This allows for"},{"line_number":5,"context_line":"    secure communication between nova-compute and libvirt as well as between"},{"line_number":6,"context_line":"    libvirt on different Hypervisors, during live-migration.  The default"},{"line_number":7,"context_line":"    kolla-ansible configuration passes data in plain text, over tcp, without"}],"source_content_type":"text/x-yaml","patch_set":16,"id":"7faddb67_fb4ca2c9","line":4,"range":{"start_line":4,"start_character":46,"end_line":4,"end_character":49},"updated":"2019-08-08 09:04:42.000000000","message":"TLS","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4a3f5416a14b010cdbd5d07db104808e33edeb73","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    Adds support for configuring libvirt with tls support.  This allows for"},{"line_number":5,"context_line":"    secure communication between nova-compute and libvirt as well as between"},{"line_number":6,"context_line":"    libvirt on different Hypervisors, during live-migration.  The default"},{"line_number":7,"context_line":"    kolla-ansible configuration passes data in plain text, over tcp, without"},{"line_number":8,"context_line":"    auth."}],"source_content_type":"text/x-yaml","patch_set":16,"id":"7faddb67_9bd32ed6","line":7,"range":{"start_line":7,"start_character":64,"end_line":7,"end_character":67},"updated":"2019-08-08 09:04:42.000000000","message":"TCP","commit_id":"a77943a39af9c637bd0b4db0ee49763a1839ef2a"}]}