)]}'
{"ansible/certificates.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"664de85534dd485913024f2080c3dca1f8f2c7fb","unresolved":false,"context_lines":[{"line_number":2,"context_line":"- import_playbook: gather-facts.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Apply role certificates"},{"line_number":5,"context_line":"  hosts: control"},{"line_number":6,"context_line":"  roles:"},{"line_number":7,"context_line":"    - certificates"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7faddb67_bdc9d0ac","line":5,"range":{"start_line":5,"start_character":9,"end_line":5,"end_character":16},"updated":"2019-07-12 09:19:20.000000000","message":"Should still be localhost.","commit_id":"a5fe49b18a52170623526d714f85f922b3d4de41"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"b36d696bc306bbd316d6019d91bba042ad30ca9d","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- import_playbook: gather-facts.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Apply role certificates"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_8ce22b30","line":1,"updated":"2019-08-22 10:57:38.000000000","message":"This file shouldn\u0027t need to change.","commit_id":"e479a021b66ab7b482be797b8ac1f702cac7c04a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- import_playbook: gather-facts.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Apply role certificates"},{"line_number":5,"context_line":"  hosts: localhost"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_a88f76cb","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":35},"updated":"2019-08-28 12:29:12.000000000","message":"Do we need facts?","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"}],"ansible/roles/aodh/templates/aodh.conf.j2":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":26,"context_line":"auth_url \u003d {{ keystone_admin_url }}"},{"line_number":27,"context_line":"auth_type \u003d password"},{"line_number":28,"context_line":"insecure \u003d {{ not kolla_verify_tls | bool }}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"[oslo_middleware]"},{"line_number":32,"context_line":"enable_proxy_headers_parsing \u003d True"}],"source_content_type":"text/x-jinja2","patch_set":41,"id":"3fa7e38b_6f620fdb","line":29,"updated":"2019-10-04 07:15:06.000000000","message":"nit: extra empty line","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/barbican/tasks/register.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"664de85534dd485913024f2080c3dca1f8f2c7fb","unresolved":false,"context_lines":[{"line_number":13,"context_line":"      region_name: \"{{ openstack_region_name }}\""},{"line_number":14,"context_line":"      auth: \"{{ openstack_barbican_auth }}\""},{"line_number":15,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":16,"context_line":"      validate_certs: \"{{ kolla_verify_tls }}\""},{"line_number":17,"context_line":"  run_once: True"},{"line_number":18,"context_line":"  with_items:"},{"line_number":19,"context_line":"    - {\u0027interface\u0027: \u0027admin\u0027, \u0027url\u0027: \u0027{{ barbican_admin_endpoint }}\u0027}"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7faddb67_3dbde001","line":16,"range":{"start_line":16,"start_character":26,"end_line":16,"end_character":42},"updated":"2019-07-12 09:19:20.000000000","message":"Needs | bool","commit_id":"a5fe49b18a52170623526d714f85f922b3d4de41"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"8a53067d76825c5021542f839da199072785fa52","unresolved":false,"context_lines":[{"line_number":13,"context_line":"      region_name: \"{{ openstack_region_name }}\""},{"line_number":14,"context_line":"      auth: \"{{ openstack_barbican_auth }}\""},{"line_number":15,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":16,"context_line":"      validate_certs: \"{{ kolla_verify_tls }}\""},{"line_number":17,"context_line":"  run_once: True"},{"line_number":18,"context_line":"  with_items:"},{"line_number":19,"context_line":"    - {\u0027interface\u0027: \u0027admin\u0027, \u0027url\u0027: \u0027{{ barbican_admin_endpoint }}\u0027}"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_6c380f9f","line":16,"range":{"start_line":16,"start_character":26,"end_line":16,"end_character":42},"updated":"2019-08-22 10:58:55.000000000","message":"I expect these all need | bool","commit_id":"e479a021b66ab7b482be797b8ac1f702cac7c04a"}],"ansible/roles/barbican/templates/barbican.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"664de85534dd485913024f2080c3dca1f8f2c7fb","unresolved":false,"context_lines":[{"line_number":55,"context_line":"username \u003d {{ barbican_keystone_user }}"},{"line_number":56,"context_line":"password \u003d {{ barbican_keystone_password }}"},{"line_number":57,"context_line":"auth_url \u003d {{ keystone_admin_url }}"},{"line_number":58,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls|bool else \"True\" }}"},{"line_number":59,"context_line":"auth_type \u003d password"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"memcache_security_strategy \u003d ENCRYPT"}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"7faddb67_7dc7d897","line":58,"range":{"start_line":58,"start_character":14,"end_line":58,"end_character":58},"updated":"2019-07-12 09:19:20.000000000","message":"Does kolla_verify_tls|bool alone not work?","commit_id":"a5fe49b18a52170623526d714f85f922b3d4de41"}],"ansible/roles/ceilometer/tasks/register.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":18,"context_line":"      auth: \"{{ openstack_ceilometer_auth }}\""},{"line_number":19,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":20,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":21,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":22,"context_line":"  when: enable_swift | bool"},{"line_number":23,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_8f5f4b0d","line":21,"range":{"start_line":21,"start_character":48,"end_line":21,"end_character":49},"updated":"2019-10-04 07:15:06.000000000","message":"nit: lack of space","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/certificates/tasks/generate.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    dest: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":48,"context_line":"    mode: 0600"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"- name: Copy the external certificate crt to be the internal for testing purposes"},{"line_number":51,"context_line":"  copy:"},{"line_number":52,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":53,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.crt\""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_0806ca22","line":50,"updated":"2019-08-28 12:29:12.000000000","message":"I suppose this only works if internal \u003d\u003d external? Would it be much more difficult to support the general case?\n\nIf so, can we add a task to fail if we can\u0027t generate certs for the given config?","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":46,"context_line":"    src: \"{{ certificates_dir }}/private\""},{"line_number":47,"context_line":"    dest: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":48,"context_line":"    mode: 0600"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"- name: Copy the external certificate crt to be the internal for testing purposes"},{"line_number":51,"context_line":"  copy:"},{"line_number":52,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":53,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.crt\""},{"line_number":54,"context_line":"    remote_src: yes"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"- name: Copy the external certificate key to be the internal for testing purposes"},{"line_number":57,"context_line":"  copy:"},{"line_number":58,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.key\""},{"line_number":59,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.key\""},{"line_number":60,"context_line":"    remote_src: yes"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"- name: Copy the external certificate crt to be the internal for testing purposes"},{"line_number":63,"context_line":"  copy:"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_88315a0d","line":60,"range":{"start_line":49,"start_character":0,"end_line":60,"end_character":19},"updated":"2019-08-28 12:29:12.000000000","message":"nit: I don\u0027t think these are actually used by kolla - only the PEM and CA files.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":62,"context_line":"- name: Copy the external certificate crt to be the internal for testing purposes"},{"line_number":63,"context_line":"  copy:"},{"line_number":64,"context_line":"    src: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":65,"context_line":"    dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":66,"context_line":"    remote_src: yes"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- name: Fix permissions on certificates"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_483b62e9","line":65,"range":{"start_line":65,"start_character":14,"end_line":65,"end_character":38},"updated":"2019-08-28 12:29:12.000000000","message":"Also kolla_external_fqdn_cacert -\u003e kolla_internal_fqdn_cacert","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":66,"context_line":"    remote_src: yes"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"- name: Fix permissions on certificates"},{"line_number":69,"context_line":"  file:"},{"line_number":70,"context_line":"    path: \"{{ item }}\""},{"line_number":71,"context_line":"    mode: \"0660\""},{"line_number":72,"context_line":"  with_items:"},{"line_number":73,"context_line":"    - \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":74,"context_line":"    - \"{{ certificates_dir }}/private/haproxy-internal.crt\""},{"line_number":75,"context_line":"    - \"{{ certificates_dir }}/openssl-kolla.cnf\""},{"line_number":76,"context_line":"    - \"{{ certificates_dir }}/haproxy-ca.crt\""},{"line_number":77,"context_line":"    - \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":78,"context_line":"    - \"{{ kolla_external_fqdn_cert }}\""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_c878b2c2","line":78,"range":{"start_line":68,"start_character":0,"end_line":78,"end_character":38},"updated":"2019-08-28 12:29:12.000000000","message":"Why not just do this in each task?","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"- name: Creating external Server Certificate"},{"line_number":35,"context_line":"  command: creates\u003d\"{{ item }}\" openssl req -new -nodes -sha256 -x509 \\"},{"line_number":36,"context_line":"    -subj \"/C\u003dUS/ST\u003dNC/L\u003dRTP/O\u003dkolla/CN\u003d{{ kolla_external_fqdn }}\" \\"},{"line_number":37,"context_line":"    -config {{ certificates_dir }}/openssl-kolla.cnf \\"},{"line_number":38,"context_line":"    -days 3650 \\"},{"line_number":39,"context_line":"    -extensions v3_req \\"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_45eb0f12","line":36,"range":{"start_line":36,"start_character":4,"end_line":36,"end_character":68},"updated":"2019-09-13 09:20:57.000000000","message":"nit: I think this is provided by the config file.","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":50,"context_line":"    dest: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":51,"context_line":"    mode: \"0660\""},{"line_number":52,"context_line":"  when:"},{"line_number":53,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"- name: Creating external Server PEM File"},{"line_number":56,"context_line":"  assemble:"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_a55e830f","line":53,"range":{"start_line":52,"start_character":0,"end_line":53,"end_character":38},"updated":"2019-09-13 09:20:57.000000000","message":"Where you have a bunch of tasks with the same conditional, you could use a block: https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html.","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":61,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- name: Copy the external certificate crt to be the internal when internal + external are same network"},{"line_number":65,"context_line":"  copy:"},{"line_number":66,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":67,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.crt\""},{"line_number":68,"context_line":"    remote_src: yes"},{"line_number":69,"context_line":"    mode: \"0660\""},{"line_number":70,"context_line":"  when:"},{"line_number":71,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":72,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":73,"context_line":"    - kolla_same_external_internal_vip | bool"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"- name: Copy the external certificate key to be the internal when internal + external are same network"},{"line_number":76,"context_line":"  copy:"},{"line_number":77,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.key\""},{"line_number":78,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.key\""},{"line_number":79,"context_line":"    remote_src: yes"},{"line_number":80,"context_line":"    mode: \"0660\""},{"line_number":81,"context_line":"  when:"},{"line_number":82,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":83,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":84,"context_line":"    - kolla_same_external_internal_vip | bool"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"- name: Copy the external certificate crt to be the internal when internal + external are same network"},{"line_number":87,"context_line":"  copy:"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_8548275c","line":84,"range":{"start_line":64,"start_character":0,"end_line":84,"end_character":45},"updated":"2019-09-13 09:20:57.000000000","message":"I *think* only kolla_external_fqdn_cert and kolla_external_fqdn_cacert (not yet copied) are required - the others are just intermediate steps to generate those. I guess it doesn\u0027t hurt to have them.","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":94,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":95,"context_line":"    - kolla_same_external_internal_vip | bool"},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"- name: Creating external SSL configuration file"},{"line_number":98,"context_line":"  template:"},{"line_number":99,"context_line":"    src: \"{{ item }}.j2\""},{"line_number":100,"context_line":"    dest: \"{{ certificates_dir }}/{{ item }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_85b6e73d","line":97,"range":{"start_line":97,"start_character":17,"end_line":97,"end_character":25},"updated":"2019-09-13 09:20:57.000000000","message":"internal","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":50,"context_line":"  when:"},{"line_number":51,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- name: Copy the external certificate crt to be the internal when internal + external are same network"},{"line_number":54,"context_line":"  copy:"},{"line_number":55,"context_line":"    src: \"{{ certificates_dir }}/private/haproxy.crt\""},{"line_number":56,"context_line":"    dest: \"{{ certificates_dir }}/private/haproxy-internal.crt\""},{"line_number":57,"context_line":"    remote_src: yes"},{"line_number":58,"context_line":"    mode: \"0660\""},{"line_number":59,"context_line":"  when:"},{"line_number":60,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":61,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":62,"context_line":"    - kolla_same_external_internal_vip | bool"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- block:"},{"line_number":65,"context_line":"    - name: Copy the external certificate key to be the internal when internal + external are same network"}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_f0881720","line":62,"range":{"start_line":53,"start_character":0,"end_line":62,"end_character":45},"updated":"2019-09-19 10:04:02.000000000","message":"Could go in the next block?","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":74,"context_line":"        src: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":75,"context_line":"        dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":76,"context_line":"        remote_src: yes"},{"line_number":77,"context_line":"        mode: \"0660\""},{"line_number":78,"context_line":"  when:"},{"line_number":79,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":80,"context_line":"    - kolla_enable_tls_internal | bool"}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_907d231e","line":77,"updated":"2019-09-19 10:04:02.000000000","message":"Still need to copy cacert here.","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":98,"context_line":"      file:"},{"line_number":99,"context_line":"        path: \"{{ certificates_dir }}/private/haproxy-internal.key\""},{"line_number":100,"context_line":"        mode: \"0660\""},{"line_number":101,"context_line":"        state: file"},{"line_number":102,"context_line":"    - name: Creating internal Server Certificate"},{"line_number":103,"context_line":"      command: creates\u003d\"{{ item }}\" openssl req -new -nodes -sha256 -x509 \\"},{"line_number":104,"context_line":"        -config {{ certificates_dir }}/openssl-kolla-internal.cnf \\"}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_30946f37","line":101,"updated":"2019-09-19 10:04:02.000000000","message":"nit: no blank line","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":98,"context_line":"      file:"},{"line_number":99,"context_line":"        path: \"{{ certificates_dir }}/private/haproxy-internal.key\""},{"line_number":100,"context_line":"        mode: \"0660\""},{"line_number":101,"context_line":"        state: file"},{"line_number":102,"context_line":"    - name: Creating internal Server Certificate"},{"line_number":103,"context_line":"      command: creates\u003d\"{{ item }}\" openssl req -new -nodes -sha256 -x509 \\"},{"line_number":104,"context_line":"        -config {{ certificates_dir }}/openssl-kolla-internal.cnf \\"}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_644d3871","line":101,"in_reply_to":"3fa7e38b_30946f37","updated":"2019-09-20 09:35:14.000000000","message":"What I meant is that there is no blank line here but there is everywhere else. Oh well, at least it\u0027s consistent in this file.","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":107,"context_line":"        -key {{ certificates_dir }}/private/haproxy-internal.key \\"},{"line_number":108,"context_line":"        -out {{ item }}"},{"line_number":109,"context_line":"      with_items:"},{"line_number":110,"context_line":"        - \"{{ certificates_dir }}/private/haproxy-internal.crt\""},{"line_number":111,"context_line":"    - name: Creating internal CA Certificate File"},{"line_number":112,"context_line":"      copy:"},{"line_number":113,"context_line":"        src: \"{{ certificates_dir }}/private/haproxy-internal.crt\""}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_b07a9f21","line":110,"updated":"2019-09-19 10:04:02.000000000","message":"nit: no blank line","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"}],"ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"b36d696bc306bbd316d6019d91bba042ad30ca9d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"7faddb67_0cc87ba6","updated":"2019-08-22 10:57:38.000000000","message":"I don\u0027t think this file is being used. It should be added in the certificates and CI test patch.","commit_id":"e479a021b66ab7b482be797b8ac1f702cac7c04a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":1,"context_line":"[req]"},{"line_number":2,"context_line":"distinguished_name \u003d req_distinguished_name"},{"line_number":3,"context_line":"req_extensions \u003d v3_req"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"7faddb67_2843866e","line":1,"updated":"2019-08-28 12:29:12.000000000","message":"I don\u0027t think this file is being used.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"[alt_names]"},{"line_number":16,"context_line":"IP.1 \u003d {{ kolla_internal_vip_address }}"},{"line_number":17,"context_line":"{% for host in groups[\u0027control\u0027] %}"},{"line_number":18,"context_line":"IP.{{ loop.index + 2 }} \u003d {{ hostvars[host][\u0027ansible_\u0027 ~ hostvars[host][\u0027api_interface\u0027]][\u0027ipv4\u0027][\u0027address\u0027] }}"},{"line_number":19,"context_line":"{% endfor %}"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"7faddb67_32fd3408","line":19,"range":{"start_line":17,"start_character":0,"end_line":19,"end_character":12},"updated":"2019-08-28 12:29:12.000000000","message":"I suppose this will be necessary for the backend support.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"}],"ansible/roles/cinder/templates/cinder.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"795f37c3acf162a4dcd52f47033a8d14cc2831d5","unresolved":false,"context_lines":[{"line_number":205,"context_line":"{% if enable_barbican | bool %}"},{"line_number":206,"context_line":"[barbican]"},{"line_number":207,"context_line":"auth_endpoint \u003d {{ keystone_internal_url }}"},{"line_number":208,"context_line":"verify_ssl \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":209,"context_line":"{% endif %}"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"[coordination]"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_3475c764","line":208,"updated":"2019-09-26 09:09:09.000000000","message":"This logic should be inverted.","commit_id":"f5d48213db763f0e39c03950d0bfa443b8a1b812"}],"ansible/roles/designate/templates/designate.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":30,"context_line":"password \u003d {{ designate_keystone_password }}"},{"line_number":31,"context_line":"http_connect_timeout \u003d 60"},{"line_number":32,"context_line":"service_token_roles_required \u003d True"},{"line_number":33,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"memcache_security_strategy \u003d ENCRYPT"},{"line_number":36,"context_line":"memcache_secret_key \u003d {{ memcache_secret_key }}"}],"source_content_type":"text/x-jinja2","patch_set":17,"id":"3fa7e38b_d0e63be9","line":33,"updated":"2019-09-19 10:04:02.000000000","message":"Added twice","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"}],"ansible/roles/haproxy-config/templates/haproxy_single_service_listen.cfg.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        {% if service_mode \u003d\u003d \u0027http\u0027 %}"},{"line_number":47,"context_line":"            {% set tls_option \u003d internal_tls_bind_info %}"},{"line_number":48,"context_line":"    {# Replace the XFP header for internal https requests #}"},{"line_number":49,"context_line":"    http-request set-header X-Forwarded-Proto https if { ssl_fc }"},{"line_number":50,"context_line":"        {% endif %}"},{"line_number":51,"context_line":"    {% endif %}"},{"line_number":52,"context_line":"    {{ \"bind %s:%s %s\"|e|format(vip_address, service_port, tls_option)|trim() }}"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"7faddb67_b5926e57","line":49,"updated":"2019-08-28 12:29:12.000000000","message":"Should this be in the previous patch?","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"ecdf24650aad9dce3e33caf21f38686b861750c4","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        {% if service_mode \u003d\u003d \u0027http\u0027 %}"},{"line_number":47,"context_line":"            {% set tls_option \u003d internal_tls_bind_info %}"},{"line_number":48,"context_line":"    {# Replace the XFP header for internal https requests #}"},{"line_number":49,"context_line":"    http-request set-header X-Forwarded-Proto https if { ssl_fc }"},{"line_number":50,"context_line":"        {% endif %}"},{"line_number":51,"context_line":"    {% endif %}"},{"line_number":52,"context_line":"    {{ \"bind %s:%s %s\"|e|format(vip_address, service_port, tls_option)|trim() }}"}],"source_content_type":"text/x-jinja2","patch_set":43,"id":"3fa7e38b_fdcfa7b0","line":49,"updated":"2019-10-21 10:17:40.000000000","message":"Is this also a bugfix?","commit_id":"957297e6cdd741ecfb729108f845fec2d45c3b37"}],"ansible/roles/heat/tasks/bootstrap_service.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":12,"context_line":"      OS_AUTH_URL: \"{{ openstack_auth.auth_url }}\""},{"line_number":13,"context_line":"      OS_IDENTITY_API_VERSION: \"3\""},{"line_number":14,"context_line":"      OS_INTERFACE: \"internal\""},{"line_number":15,"context_line":"      OS_CACERT: \"{{ \u0027/etc/heat/internal.pem\u0027 if kolla_enable_tls_internal | bool else omit }}\""},{"line_number":16,"context_line":"      OS_USERNAME: \"{{ openstack_auth.username }}\""},{"line_number":17,"context_line":"      OS_PASSWORD: \"{{ openstack_auth.password }}\""},{"line_number":18,"context_line":"      OS_PROJECT_NAME: \"{{ openstack_auth.project_name }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_a5e1a32c","line":15,"range":{"start_line":15,"start_character":87,"end_line":15,"end_character":91},"updated":"2019-09-13 09:20:57.000000000","message":"I\u0027m not certain what omit will do here, but might be safer to just pass an empty string.\n\nAlso, should we use the new openstack_cacert variable added by Scott?\n\nI can\u0027t find how to pass the --insecure argument via an environment variable :(","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"}],"ansible/roles/heat/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0fd74dee8573b0807fc911fb6028a100e86837b","unresolved":false,"context_lines":[{"line_number":101,"context_line":"  become: true"},{"line_number":102,"context_line":"  when:"},{"line_number":103,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":104,"context_line":"  with_dict: \"{{ heat_services }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_65dacb4c","line":104,"range":{"start_line":104,"start_character":3,"end_line":104,"end_character":34},"updated":"2019-09-13 09:20:57.000000000","message":"I guess only heat API requires this for the bootstrap?","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"7035bf5912db2a5d22daa1f21a49ff1185bbad8e","unresolved":false,"context_lines":[{"line_number":101,"context_line":"  become: true"},{"line_number":102,"context_line":"  when:"},{"line_number":103,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":104,"context_line":"  with_dict: \"{{ heat_services }}\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"5faad753_9bb5da34","line":104,"range":{"start_line":104,"start_character":3,"end_line":104,"end_character":34},"in_reply_to":"5faad753_65dacb4c","updated":"2019-10-06 14:24:29.000000000","message":"So far in with my local testing","commit_id":"38e6494832989e86dc7bdc171e32d703842ddc3d"}],"ansible/roles/ironic/templates/ironic.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c5fd5d01675b53246ee5a04d02cca4f26924426b","unresolved":false,"context_lines":[{"line_number":92,"context_line":"project_name \u003d service"},{"line_number":93,"context_line":"username \u003d {{ ironic_keystone_user }}"},{"line_number":94,"context_line":"password \u003d {{ ironic_keystone_password }}"},{"line_number":95,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":96,"context_line":"{% endif %}"},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"{% if enable_neutron | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":34,"id":"3fa7e38b_1b0caceb","line":95,"range":{"start_line":95,"start_character":0,"end_line":95,"end_character":63},"updated":"2019-09-24 09:06:58.000000000","message":"duplicated","commit_id":"6f46f1d549fde247856fe1a0918563d24353d310"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c5fd5d01675b53246ee5a04d02cca4f26924426b","unresolved":false,"context_lines":[{"line_number":122,"context_line":"{% else %}"},{"line_number":123,"context_line":"auth_type\u003dnone"},{"line_number":124,"context_line":"{% endif %}"},{"line_number":125,"context_line":"endpoint_override \u003d {{ ironic_inspector_internal_endpoint }}"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"[agent]"},{"line_number":128,"context_line":"deploy_logs_local_path \u003d /var/log/kolla/ironic"}],"source_content_type":"text/x-jinja2","patch_set":34,"id":"3fa7e38b_7bfa80bd","line":125,"updated":"2019-09-24 09:06:58.000000000","message":"insecure","commit_id":"6f46f1d549fde247856fe1a0918563d24353d310"}],"ansible/roles/keystone/tasks/register.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":25,"context_line":"      auth: \"{{ openstack_keystone_auth }}\""},{"line_number":26,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":27,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":28,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":29,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_0f827b50","line":28,"range":{"start_line":28,"start_character":49,"end_line":28,"end_character":50},"updated":"2019-10-04 07:15:06.000000000","message":"nit: spacing","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"795f37c3acf162a4dcd52f47033a8d14cc2831d5","unresolved":false,"context_lines":[{"line_number":9,"context_line":"  project_name: {{ monasca_control_plane_project }}"},{"line_number":10,"context_line":"  project_domain_id: {{ default_project_domain_id }}"},{"line_number":11,"context_line":"  project_domain_name: {{ default_project_domain_name }}"},{"line_number":12,"context_line":"  insecure: False"},{"line_number":13,"context_line":"  ca_file: /var/lib/kolla/venv/lib/python2.7/site-packages/certifi/cacert.pem"},{"line_number":14,"context_line":"  max_measurement_buffer_size: {{ monasca_agent_max_buffer_size }}"},{"line_number":15,"context_line":"  backlog_send_rate: {{ monasca_agent_backlog_send_rate }}"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_f4ff2fa8","line":12,"updated":"2019-09-26 09:09:09.000000000","message":"Already have it here","commit_id":"f5d48213db763f0e39c03950d0bfa443b8a1b812"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"795f37c3acf162a4dcd52f47033a8d14cc2831d5","unresolved":false,"context_lines":[{"line_number":14,"context_line":"  max_measurement_buffer_size: {{ monasca_agent_max_buffer_size }}"},{"line_number":15,"context_line":"  backlog_send_rate: {{ monasca_agent_backlog_send_rate }}"},{"line_number":16,"context_line":"  max_batch_size: {{ monasca_agent_max_batch_size }}"},{"line_number":17,"context_line":"  insecure: {{ kolla_verify_tls | bool }}"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Main:"},{"line_number":20,"context_line":"  hostname: {{ ansible_hostname }}"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_54f723d4","line":17,"updated":"2019-09-26 09:09:09.000000000","message":"logic inverted","commit_id":"f5d48213db763f0e39c03950d0bfa443b8a1b812"}],"ansible/roles/murano/templates/murano.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":41,"context_line":"user_domain_name \u003d {{ default_user_domain_name }}"},{"line_number":42,"context_line":"project_name \u003d service"},{"line_number":43,"context_line":"username \u003d {{ murano_keystone_user }}"},{"line_number":44,"context_line":"password \u003d {{ murano_keystone_password }}"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"[murano]"},{"line_number":47,"context_line":"url \u003d {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_24574005","line":44,"updated":"2019-09-20 09:35:14.000000000","message":"I don\u0027t fully understand this config, but I guess if you put the insecure here it applies to all the clients. Currently it\u0027s just glance, and missing heat, neutron and mistral.","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":28,"context_line":"password \u003d {{ placement_keystone_password }}"},{"line_number":29,"context_line":"project_domain_name \u003d {{ default_project_domain_name }}"},{"line_number":30,"context_line":"user_domain_name \u003d {{ default_user_domain_name }}"},{"line_number":31,"context_line":"os_region_name \u003d {{ openstack_region_name }}"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"[glance]"},{"line_number":34,"context_line":"api_servers \u003d {{ internal_protocol }}://{{ glance_internal_fqdn }}:{{ glance_api_port }}"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_e4404838","line":31,"updated":"2019-09-20 09:35:14.000000000","message":"insecure","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":57,"context_line":"username \u003d {{ neutron_keystone_user }}"},{"line_number":58,"context_line":"password \u003d {{ neutron_keystone_password }}"},{"line_number":59,"context_line":"auth_url \u003d {{ keystone_admin_url }}/v3"},{"line_number":60,"context_line":"auth_type \u003d v3password"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"[oslo_messaging_notifications]"},{"line_number":63,"context_line":"transport_url \u003d {{ notify_transport_url }}"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_043c84bd","line":60,"updated":"2019-09-20 09:35:14.000000000","message":"insecure","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"ansible/roles/nova/templates/nova.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":130,"context_line":"{% if enable_cinder | bool %}"},{"line_number":131,"context_line":"[cinder]"},{"line_number":132,"context_line":"catalog_info \u003d volumev3:cinderv3:internalURL"},{"line_number":133,"context_line":"os_region_name \u003d {{ openstack_region_name }}"},{"line_number":134,"context_line":"{% endif %}"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"[neutron]"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_046564e1","line":133,"updated":"2019-09-20 09:35:14.000000000","message":"insecure?","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":224,"context_line":"[privsep_entrypoint]"},{"line_number":225,"context_line":"helper_command\u003dsudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"[glance]"},{"line_number":228,"context_line":"debug \u003d {{ nova_logging_debug }}"},{"line_number":229,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"[guestfs]"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_647698a7","line":228,"range":{"start_line":227,"start_character":0,"end_line":228,"end_character":32},"updated":"2019-09-20 09:35:14.000000000","message":"hmm, we have the glance section twice.","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c5fd5d01675b53246ee5a04d02cca4f26924426b","unresolved":false,"context_lines":[{"line_number":126,"context_line":"api_servers \u003d {{ internal_protocol }}://{{ glance_internal_fqdn }}:{{ glance_api_port }}"},{"line_number":127,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":128,"context_line":"num_retries \u003d {{ groups[\u0027glance-api\u0027] | length }}"},{"line_number":129,"context_line":"debug \u003d {{ nova_logging_debug }}"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"{% if enable_cinder | bool %}"},{"line_number":132,"context_line":"[cinder]"}],"source_content_type":"text/x-jinja2","patch_set":34,"id":"3fa7e38b_fbd43022","line":129,"range":{"start_line":129,"start_character":0,"end_line":129,"end_character":32},"updated":"2019-09-24 09:06:58.000000000","message":"Did you mean to add this?","commit_id":"6f46f1d549fde247856fe1a0918563d24353d310"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"6d82f0230369416b3abb6be67dbf713728ad5355","unresolved":false,"context_lines":[{"line_number":221,"context_line":"[privsep_entrypoint]"},{"line_number":222,"context_line":"helper_command\u003dsudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"[glance]"},{"line_number":225,"context_line":"debug \u003d {{ nova_logging_debug }}"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"[guestfs]"},{"line_number":228,"context_line":"debug \u003d {{ nova_logging_debug }}"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_91104daa","side":"PARENT","line":225,"range":{"start_line":224,"start_character":0,"end_line":225,"end_character":32},"updated":"2019-09-26 08:32:39.000000000","message":"Add the debug in the other glance section","commit_id":"1982c9809fa56c8e23194cd54c2885538c9773b1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"795f37c3acf162a4dcd52f47033a8d14cc2831d5","unresolved":false,"context_lines":[{"line_number":221,"context_line":"[privsep_entrypoint]"},{"line_number":222,"context_line":"helper_command\u003dsudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"[glance]"},{"line_number":225,"context_line":"debug \u003d {{ nova_logging_debug }}"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"[guestfs]"},{"line_number":228,"context_line":"debug \u003d {{ nova_logging_debug }}"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_942a7b29","side":"PARENT","line":225,"range":{"start_line":224,"start_character":0,"end_line":225,"end_character":32},"in_reply_to":"3fa7e38b_91104daa","updated":"2019-09-26 09:09:09.000000000","message":"Oh, I see what happened now. Yes, needs to be added back - sorry.","commit_id":"1982c9809fa56c8e23194cd54c2885538c9773b1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"795f37c3acf162a4dcd52f47033a8d14cc2831d5","unresolved":false,"context_lines":[{"line_number":279,"context_line":"{% if enable_barbican | bool %}"},{"line_number":280,"context_line":"[barbican]"},{"line_number":281,"context_line":"auth_endpoint \u003d {{ keystone_internal_url }}"},{"line_number":282,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":283,"context_line":"{% endif %}"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"{% if nova_compute_virt_type \u003d\u003d \"xenapi\" %}"}],"source_content_type":"text/x-jinja2","patch_set":35,"id":"3fa7e38b_f49baf6f","line":282,"range":{"start_line":282,"start_character":0,"end_line":282,"end_character":8},"updated":"2019-09-26 09:09:09.000000000","message":"should be verify_ssl and inverted","commit_id":"f5d48213db763f0e39c03950d0bfa443b8a1b812"}],"ansible/roles/octavia/tasks/register.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":18,"context_line":"      auth: \"{{ openstack_octavia_auth }}\""},{"line_number":19,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":20,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":21,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":22,"context_line":"  run_once: True"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- name: Adding octavia related roles"}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_6f90cf96","line":21,"range":{"start_line":21,"start_character":49,"end_line":21,"end_character":50},"updated":"2019-10-04 07:15:06.000000000","message":"nit: spacing","commit_id":"00679177bc42f930c842f48a81340db2be083162"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":30,"context_line":"      auth: \"{{ openstack_octavia_auth }}\""},{"line_number":31,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":32,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":33,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":34,"context_line":"  run_once: True"},{"line_number":35,"context_line":"  with_items: \"{{ octavia_required_roles }}\""}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_8f8d0b7d","line":33,"range":{"start_line":33,"start_character":48,"end_line":33,"end_character":50},"updated":"2019-10-04 07:15:06.000000000","message":"ditto","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/octavia/templates/octavia.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":85,"context_line":"[glance]"},{"line_number":86,"context_line":"region_name \u003d {{ openstack_region_name }}"},{"line_number":87,"context_line":"endpoint_type \u003d internal"},{"line_number":88,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"[neutron]"},{"line_number":91,"context_line":"region_name \u003d {{ openstack_region_name }}"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_24a50005","line":88,"updated":"2019-09-20 09:35:14.000000000","message":"Probably need in neutron and nova too, or not at all.","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"ansible/roles/service-ks-register/tasks/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aeefa60d16026d73440b47a8b5c91972f0d1fcdb","unresolved":false,"context_lines":[{"line_number":11,"context_line":"      auth: \"{{ service_ks_register_auth }}\""},{"line_number":12,"context_line":"      interface: \"{{ service_ks_register_interface }}\""},{"line_number":13,"context_line":"      cacert: \"{{ service_ks_cacert }}\""},{"line_number":14,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool }}\""},{"line_number":15,"context_line":"  run_once: True"},{"line_number":16,"context_line":"  loop: \"{{ service_ks_register_services }}\""},{"line_number":17,"context_line":"  delegate_to: \"{{ service_ks_register_delegate_host }}\""}],"source_content_type":"text/x-yaml","patch_set":17,"id":"3fa7e38b_3019cfd6","line":14,"range":{"start_line":14,"start_character":26,"end_line":14,"end_character":49},"updated":"2019-09-19 10:04:02.000000000","message":"nit: could you make this a role default variable like the others, with a default of kolla_verify_tls? (keep the bool filter here).","commit_id":"852521d953d90e5ba6c3ac4f91c5c8c5e4e13a02"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":11,"context_line":"      auth: \"{{ service_ks_register_auth }}\""},{"line_number":12,"context_line":"      interface: \"{{ service_ks_register_interface }}\""},{"line_number":13,"context_line":"      cacert: \"{{ service_ks_cacert }}\""},{"line_number":14,"context_line":"      validate_certs: \"{{ service_ks_validate_certs }}\""},{"line_number":15,"context_line":"  run_once: True"},{"line_number":16,"context_line":"  loop: \"{{ service_ks_register_services }}\""},{"line_number":17,"context_line":"  delegate_to: \"{{ service_ks_register_delegate_host }}\""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_a4b8102a","line":14,"updated":"2019-09-20 09:35:14.000000000","message":"I think you need the | bool here instead of in defaults?","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"ansible/roles/swift/tasks/register.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":17,"context_line":"      auth: \"{{ openstack_swift_auth }}\""},{"line_number":18,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":19,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":20,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":21,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_4fedd323","line":20,"updated":"2019-10-04 07:15:06.000000000","message":"nit: spacing","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/trove/templates/trove.conf.j2":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"3cdca837b3169a79449a9daa05ff8c06dc357404","unresolved":false,"context_lines":[{"line_number":39,"context_line":"password \u003d {{ trove_keystone_password }}"},{"line_number":40,"context_line":"auth_url \u003d {{ keystone_admin_url }}"},{"line_number":41,"context_line":"auth_type \u003d password"},{"line_number":42,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"[oslo_messaging_notifications]"},{"line_number":45,"context_line":"transport_url \u003d {{ notify_transport_url }}"}],"source_content_type":"text/x-jinja2","patch_set":39,"id":"3fa7e38b_f9ca5418","line":42,"range":{"start_line":42,"start_character":11,"end_line":42,"end_character":63},"updated":"2019-10-03 17:35:33.000000000","message":"this is throughout this code, better to use:\n{{ not kolla_verify_tls|bool }}\nit is even used in some places\nI would prefer simplicity and consistency","commit_id":"9dcadf8e03e1a19a95b900dd2d9def900687f702"}],"ansible/roles/vitrage/tasks/register.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"58828623cecad1f5bb10e962217bff6c8f6e1bdb","unresolved":false,"context_lines":[{"line_number":18,"context_line":"      auth: \"{{ openstack_vitrage_auth }}\""},{"line_number":19,"context_line":"      endpoint_type: \"{{ openstack_interface }}\""},{"line_number":20,"context_line":"      cacert: \"{{ openstack_cacert }}\""},{"line_number":21,"context_line":"      validate_certs: \"{{ kolla_verify_tls | bool}}\""},{"line_number":22,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":41,"id":"3fa7e38b_0ff7dbf7","line":21,"updated":"2019-10-04 07:15:06.000000000","message":"nit: spacing","commit_id":"00679177bc42f930c842f48a81340db2be083162"}],"ansible/roles/zun/templates/zun.conf.j2":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"3cdca837b3169a79449a9daa05ff8c06dc357404","unresolved":false,"context_lines":[{"line_number":88,"context_line":"endpoint_type \u003d internalURL"},{"line_number":89,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"[placement_client]"},{"line_number":92,"context_line":"region_name \u003d {{ openstack_region_name }}"},{"line_number":93,"context_line":"endpoint_type \u003d internalURL"},{"line_number":94,"context_line":"insecure \u003d {{ \"False\" if kolla_verify_tls | bool else \"True\" }}"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"{% if enable_osprofiler | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":39,"id":"3fa7e38b_194e50c1","line":93,"range":{"start_line":91,"start_character":0,"end_line":93,"end_character":27},"updated":"2019-10-03 17:35:33.000000000","message":"thanks :-)","commit_id":"9dcadf8e03e1a19a95b900dd2d9def900687f702"}],"doc/source/admin/advanced-configuration.rst":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"56c82e1969af1ee3845ed74b75c2740504d339c1","unresolved":false,"context_lines":[{"line_number":170,"context_line":"has not been added to the trust store in your container images, you will need"},{"line_number":171,"context_line":"to disable TLS certificate verification in ``globals.yml``:"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":".. code-block:: console"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"   kolla_verify_tls: no"},{"line_number":176,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"3fa7e38b_0adb6d7d","line":173,"range":{"start_line":173,"start_character":16,"end_line":173,"end_character":23},"updated":"2019-10-02 12:09:54.000000000","message":"yaml?","commit_id":"84b9f2ce6d9c1ee4cc2cf59cc988ac1dcb20ee61"}],"tests/run.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":208,"context_line":"          environment:"},{"line_number":209,"context_line":"            ACTION: \"{{ scenario }}\""},{"line_number":210,"context_line":"            INSECURE: \"{{ kolla_verify_tls | bool }}\""},{"line_number":211,"context_line":"            DASHBOARD_URL: \"{{ internal_protocol }}://{{ kolla_internal_vip_address }}\""},{"line_number":212,"context_line":"          when: scenario not in [\u0027ironic\u0027, \u0027scenario_nfv\u0027]"},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"        - name: Run test-zun.sh script"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_44811c4a","line":211,"range":{"start_line":211,"start_character":31,"end_line":211,"end_character":48},"updated":"2019-09-20 09:35:14.000000000","message":"We don\u0027t have access to kolla variables here - it\u0027s a zuul playbook. Could try this:\n\n{{ \u0027https\u0027 if scenario \u003d\u003d \u0027tls\u0027 else \u0027http\u0027 }}","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"tests/templates/globals-default.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":89,"context_line":"{% endif %}"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"{% if scenario \u003d\u003d \"tls\" %}"},{"line_number":92,"context_line":"kolla_enable_tls_external: \"yes\""},{"line_number":93,"context_line":"kolla_enable_tls_internal: \"yes\""},{"line_number":94,"context_line":"kolla_insecure_internal_endpoints: \"no\""},{"line_number":95,"context_line":"kolla_verify_tls: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"7faddb67_95709242","line":92,"range":{"start_line":92,"start_character":0,"end_line":92,"end_character":32},"updated":"2019-08-28 12:29:12.000000000","message":"nit: should not be necessary, since there is only one network in CI.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":91,"context_line":"{% if scenario \u003d\u003d \"tls\" %}"},{"line_number":92,"context_line":"kolla_enable_tls_external: \"yes\""},{"line_number":93,"context_line":"kolla_enable_tls_internal: \"yes\""},{"line_number":94,"context_line":"kolla_insecure_internal_endpoints: \"no\""},{"line_number":95,"context_line":"kolla_verify_tls: \"no\""},{"line_number":96,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"7faddb67_358d1e2a","line":94,"range":{"start_line":94,"start_character":0,"end_line":94,"end_character":39},"updated":"2019-08-28 12:29:12.000000000","message":"This variable was part of the old implementation.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":92,"context_line":"kolla_enable_tls_external: \"yes\""},{"line_number":93,"context_line":"kolla_enable_tls_internal: \"yes\""},{"line_number":94,"context_line":"kolla_verify_tls: \"no\""},{"line_number":95,"context_line":"internal_protocol: \"https\""},{"line_number":96,"context_line":"{% else %}"},{"line_number":97,"context_line":"kolla_enable_tls_external: \"no\""},{"line_number":98,"context_line":"kolla_enable_tls_internal: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_a491f09b","line":95,"range":{"start_line":95,"start_character":0,"end_line":95,"end_character":26},"updated":"2019-09-20 09:35:14.000000000","message":"Shouldn\u0027t be necessary, it\u0027s set automatically.","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3858379be1ba20843cc399d304a7c7101dfbe5cf","unresolved":false,"context_lines":[{"line_number":93,"context_line":"kolla_enable_tls_internal: \"yes\""},{"line_number":94,"context_line":"kolla_verify_tls: \"no\""},{"line_number":95,"context_line":"internal_protocol: \"https\""},{"line_number":96,"context_line":"{% else %}"},{"line_number":97,"context_line":"kolla_enable_tls_external: \"no\""},{"line_number":98,"context_line":"kolla_enable_tls_internal: \"no\""},{"line_number":99,"context_line":"internal_protocol: \"http\""},{"line_number":100,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"3fa7e38b_64e9b818","line":99,"range":{"start_line":96,"start_character":0,"end_line":99,"end_character":25},"updated":"2019-09-20 09:35:14.000000000","message":"Shouldn\u0027t be necessary - these are defaults.","commit_id":"beb218b3eaa38ce7ce8a4771f9bda28cef8baa50"}],"zuul.d/jobs.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c7d47720e88f25459671839d8e2f1f3013f94230","unresolved":false,"context_lines":[{"line_number":159,"context_line":"      install_type: source"},{"line_number":160,"context_line":"      scenario: zun"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"- job:"},{"line_number":163,"context_line":"    name: kolla-ansible-ubuntu-source-scenario-tls"},{"line_number":164,"context_line":"    parent: kolla-ansible-base"},{"line_number":165,"context_line":"    nodeset: kolla-ansible-bionic"},{"line_number":166,"context_line":"    voting: false"},{"line_number":167,"context_line":"    vars:"},{"line_number":168,"context_line":"      base_distro: ubuntu"},{"line_number":169,"context_line":"      install_type: source"},{"line_number":170,"context_line":"      scenario: tls"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"- job:"},{"line_number":173,"context_line":"    name: kolla-ansible-centos-source-scenario-nfv"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_f5fd466e","line":170,"range":{"start_line":162,"start_character":0,"end_line":170,"end_character":19},"updated":"2019-08-28 12:29:12.000000000","message":"I\u0027m tempted to say we enable TLS for one of our existing jobs - either kolla-ansible-*-source or kolla-ansible-*-source-ceph. I added it as a short discussion item for today\u0027s meeting.\n\nContinue down this path for now - it should be easy enough to switch later.","commit_id":"8baa646f2b6fbe35512109d29263370450a59f35"}]}