)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7cc7b21157dd2cc921e12e14c6ff942abb54294d","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Stop tokens being invalid due to frenet rotation"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Fixes-Bug: 1809469"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Right now every controller rotates frenet keys. This is nice because"},{"line_number":12,"context_line":"should any controller die, we know the remaining ones will rotate the"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"dfbec78f_81360ee6","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":18},"updated":"2019-05-09 11:07:18.000000000","message":"Closes-Bug: #1809469","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"c223eaa2efd0cee0374e8012b4a5a0af8d5f635e","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Stop tokens being invalid due to frenet rotation"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Fixes-Bug: 1809469"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Right now every controller rotates frenet keys. This is nice because"},{"line_number":12,"context_line":"should any controller die, we know the remaining ones will rotate the"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"dfbec78f_e1c10a82","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":18},"in_reply_to":"dfbec78f_81360ee6","updated":"2019-05-09 11:08:39.000000000","message":"dang, I always get that wrong, I am showing my age.","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7cc7b21157dd2cc921e12e14c6ff942abb54294d","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Fixes-Bug: 1809469"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Right now every controller rotates frenet keys. This is nice because"},{"line_number":12,"context_line":"should any controller die, we know the remaining ones will rotate the"},{"line_number":13,"context_line":"keys. However, this does mean we are currently over-rotating the keys."},{"line_number":14,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"dfbec78f_414ed66f","line":11,"range":{"start_line":11,"start_character":35,"end_line":11,"end_character":41},"updated":"2019-05-09 11:07:18.000000000","message":"nit: fernet","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7cc7b21157dd2cc921e12e14c6ff942abb54294d","unresolved":false,"context_lines":[{"line_number":29,"context_line":"ssh ctrl3 sudo cat /etc/kolla/keystone-fernet/crontab"},{"line_number":30,"context_line":"0 16 * * * /usr/bin/fernet-rotate.sh"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"Currently we three controllers we have this in keystone.conf:"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"[token]"},{"line_number":35,"context_line":"expiration \u003d 86400 (default is 3600)"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"dfbec78f_0158de2f","line":32,"range":{"start_line":32,"start_character":10,"end_line":32,"end_character":12},"updated":"2019-05-09 11:07:18.000000000","message":"with?","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3c7e873f5c002a160930e3d1520c3c247dfdf0f","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     John Garbutt \u003cjohn@johngarbutt.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2019-05-09 12:32:34 +0100"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Stop tokens being invalid due to frenet rotation"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Closes-Bug: #1809469"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"dfbec78f_8a71e746","line":7,"range":{"start_line":7,"start_character":33,"end_line":7,"end_character":39},"updated":"2019-05-16 08:45:57.000000000","message":"nit: fernet","commit_id":"6d614de53bcb05401cf8a9f31eb86a31e3b3b885"}],"ansible/roles/keystone/templates/keystone.conf.j2":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"6400fedfd7cf186113755cf1f3dbecfda5b9ed67","unresolved":false,"context_lines":[{"line_number":34,"context_line":"expiration \u003d {{ fernet_token_expiry }}"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"[fernet_tokens]"},{"line_number":37,"context_line":"max_active_keys \u003d {{ (groups[\u0027keystone\u0027] | length) * 3 + 2 }}"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"[cache]"},{"line_number":40,"context_line":"backend \u003d oslo_cache.memcache_pool"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"dfbec78f_a18d527c","line":37,"updated":"2019-05-09 11:07:29.000000000","message":"This matches here:\nhttps://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html#i-rotated-keys-and-now-tokens-are-invalidating-early-what-did-i-do","commit_id":"2ba911102c77cdd940be113844e39785d29b6ca8"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7cc7b21157dd2cc921e12e14c6ff942abb54294d","unresolved":false,"context_lines":[{"line_number":33,"context_line":"provider \u003d {{ keystone_token_provider }}"},{"line_number":34,"context_line":"expiration \u003d {{ fernet_token_expiry }}"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"[fernet_tokens]"},{"line_number":37,"context_line":"max_active_keys \u003d {{ (groups[\u0027keystone\u0027] | length) * 3 + 2 }}"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"[cache]"}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"dfbec78f_814b6e57","line":36,"updated":"2019-05-09 11:07:18.000000000","message":"Could use a comment explaining the reasoning here.","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7cc7b21157dd2cc921e12e14c6ff942abb54294d","unresolved":false,"context_lines":[{"line_number":34,"context_line":"expiration \u003d {{ fernet_token_expiry }}"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"[fernet_tokens]"},{"line_number":37,"context_line":"max_active_keys \u003d {{ (groups[\u0027keystone\u0027] | length) * 3 + 2 }}"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"[cache]"},{"line_number":40,"context_line":"backend \u003d oslo_cache.memcache_pool"}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"dfbec78f_a1b47236","line":37,"range":{"start_line":37,"start_character":22,"end_line":37,"end_character":49},"updated":"2019-05-09 11:07:18.000000000","message":"So this:\n\nmax active keys \u003d R * (Texpiry + Tallowed) + 2\n\nWhere\n\nR \u003d rate per day (number of hosts)\nTexpiry \u003d Token expiry in days\nTallowed \u003d Token allow expired window in days\n\nMay need to convert between seconds and days.","commit_id":"ab2d06a39129dca37ae7ff65e7a0907985b4dcf1"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9f77b70de26b563cdd9f7553185491228d87e2d4","unresolved":false,"context_lines":[{"line_number":32,"context_line":"revoke_by_id \u003d False"},{"line_number":33,"context_line":"provider \u003d {{ keystone_token_provider }}"},{"line_number":34,"context_line":"expiration \u003d {{ fernet_token_expiry }}"},{"line_number":35,"context_line":"allow_expired_window \u003d {{ fernet_token_expiry * 3 }}"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"[fernet_tokens]"},{"line_number":38,"context_line":"# Keystone docs note:"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"dfbec78f_e1d6eac3","line":35,"range":{"start_line":35,"start_character":48,"end_line":35,"end_character":49},"updated":"2019-05-09 11:33:31.000000000","message":"This was a bad typo!","commit_id":"1141a76a20df7e923e7ece391d869c2e335cabb7"}]}