)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"45a957f669e096b818a0b9b3d9e1c98a515a7a9d","unresolved":false,"context_lines":[{"line_number":11,"context_line":"containers to enable trust for that CA. This is especially useful when"},{"line_number":12,"context_line":"the CA is self signed, and would not be trusted by default."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Depends on: https://review.opendev.org/#/c/699312"},{"line_number":15,"context_line":"Partially-Implements: blueprint support-trusted-ca-certificate-file"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: I4368f8994147580460ebe7533850cf63a419d0b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"3fa7e38b_e4d6abc4","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":49},"updated":"2020-01-06 15:05:41.000000000","message":"You don\u0027t need this if the change is the parent commit (or further back in the history). Also, Zuul ignores case but probably requires the dash to be there: \"Depends-On\".","commit_id":"b3484325f328f23bdc7d29c4f5a1c456cda89176"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aa464f89204eb3c5ca7b7493d86ee95ab090341f","unresolved":false,"context_lines":[{"line_number":11,"context_line":"containers to enable trust for that CA. This is especially useful when"},{"line_number":12,"context_line":"the CA is self signed, and would not be trusted by default."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Partially-Implements: blueprint support-trusted-ca-certificate-file"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Change-Id: I4368f8994147580460ebe7533850cf63a419d0b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"3fa7e38b_875d32ed","line":14,"range":{"start_line":14,"start_character":22,"end_line":14,"end_character":67},"updated":"2020-01-10 14:52:46.000000000","message":"I think this should be https://blueprints.launchpad.net/kolla-ansible/+spec/custom-cacerts.","commit_id":"56df4e33ab856656de23bb3af3851db1bb3a6ce8"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":11,"context_line":"containers to enable trust for that CA. This is especially useful when"},{"line_number":12,"context_line":"the CA is self signed, and would not be trusted by default."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Partially-Implements: custom-cacerts"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Change-Id: I4368f8994147580460ebe7533850cf63a419d0b4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"3fa7e38b_ce949444","line":14,"range":{"start_line":14,"start_character":22,"end_line":14,"end_character":36},"updated":"2020-01-13 11:23:46.000000000","message":"blueprint custom-cacerts","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aba736f7e7427f0db69e91e7dccacc73b2879096","unresolved":false,"context_lines":[{"line_number":754,"context_line":"kolla_internal_fqdn_cert: \"{{ node_config }}/certificates/haproxy-internal.pem\""},{"line_number":755,"context_line":"kolla_external_fqdn_cacert: \"{{ node_config }}/certificates/haproxy-ca.crt\""},{"line_number":756,"context_line":"kolla_internal_fqdn_cacert: \"{{ node_config }}/certificates/haproxy-ca-internal.crt\""},{"line_number":757,"context_line":"kolla_copy_ca_into_containers: \"no\""},{"line_number":758,"context_line":""},{"line_number":759,"context_line":"####################"},{"line_number":760,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"3fa7e38b_79fc5a0b","line":757,"updated":"2020-01-10 15:11:26.000000000","message":"Please update etc/kolla/globals.yml to match.","commit_id":"b3484325f328f23bdc7d29c4f5a1c456cda89176"}],"ansible/roles/aodh/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aa464f89204eb3c5ca7b7493d86ee95ab090341f","unresolved":false,"context_lines":[{"line_number":50,"context_line":"  copy:"},{"line_number":51,"context_line":"    src: \"{{ node_config }}/certificates/ca/\""},{"line_number":52,"context_line":"    dest: \"{{ node_config_directory }}/{{ item.key }}/ca-certificates\""},{"line_number":53,"context_line":"    mode: \"0755\""},{"line_number":54,"context_line":"  when:"},{"line_number":55,"context_line":"    - item.value.enabled | bool"},{"line_number":56,"context_line":"    - inventory_hostname in groups[item.value.group]"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"3fa7e38b_a7b86ec6","line":53,"range":{"start_line":53,"start_character":11,"end_line":53,"end_character":15},"updated":"2020-01-10 14:52:46.000000000","message":"I think this should be 0660 for the cert files.","commit_id":"56df4e33ab856656de23bb3af3851db1bb3a6ce8"}],"ansible/roles/qinling/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"aa464f89204eb3c5ca7b7493d86ee95ab090341f","unresolved":false,"context_lines":[{"line_number":110,"context_line":"    - item.value.enabled | bool"},{"line_number":111,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":112,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":113,"context_line":"  with_dict: \"{{ qinling_services }}\""}],"source_content_type":"text/x-yaml","patch_set":6,"id":"3fa7e38b_07f7028e","line":113,"updated":"2020-01-10 14:52:46.000000000","message":"Nit: ordering is different in this file - normally it is on L39.","commit_id":"56df4e33ab856656de23bb3af3851db1bb3a6ce8"}],"ansible/roles/zun/tasks/config.yml":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"5e5f742584418ad945870d5b5ba93e04a38d3cc2","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    mode: \"0644\""},{"line_number":40,"context_line":"  when:"},{"line_number":41,"context_line":"    - item.value.enabled | bool"},{"line_number":42,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":43,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":44,"context_line":"  with_dict: \"{{ zun_services }}\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_955ec076","line":42,"range":{"start_line":42,"start_character":4,"end_line":42,"end_character":52},"updated":"2020-01-29 07:52:13.000000000","message":"so. these are almost the same except for this line - I say we make them all work with this line present and refactor this task into a separate task snippet (could be a beginning of a role since we usually need to serve some config, json, policy etc.)","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"4bb7a915942c374c253bba3b661bf08f3f2103b4","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    mode: \"0644\""},{"line_number":40,"context_line":"  when:"},{"line_number":41,"context_line":"    - item.value.enabled | bool"},{"line_number":42,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":43,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":44,"context_line":"  with_dict: \"{{ zun_services }}\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_c29e40b6","line":42,"range":{"start_line":42,"start_character":4,"end_line":42,"end_character":52},"in_reply_to":"3fa7e38b_0270d8a6","updated":"2020-02-06 16:20:51.000000000","message":"I would be open to a merge and refactor approach.","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"df857ef899bbc0c012f57e39a3835443ff840f8a","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    mode: \"0644\""},{"line_number":40,"context_line":"  when:"},{"line_number":41,"context_line":"    - item.value.enabled | bool"},{"line_number":42,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":43,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":44,"context_line":"  with_dict: \"{{ zun_services }}\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_0270d8a6","line":42,"range":{"start_line":42,"start_character":4,"end_line":42,"end_character":52},"in_reply_to":"3fa7e38b_725f8f4c","updated":"2020-02-06 16:19:48.000000000","message":"There are definitely a lot of configuration steps that we could factor out into a different role. I don\u0027t think we necessarily need to \u0027fix\u0027 all our existing code now but these two seem like good candidates for a common role.\n\nThis could be a good time to use the filters in ansible/filter_plugins/services.py. In particular, select_services_enabled_and_mapped_to_host will give you a list of relevant services to iterate over, without skipping any. It also handles the group vs. host_in_groups messiness.","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"39611736327dc5d64c9f007704aa11a11a91c128","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    mode: \"0644\""},{"line_number":40,"context_line":"  when:"},{"line_number":41,"context_line":"    - item.value.enabled | bool"},{"line_number":42,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":43,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":44,"context_line":"  with_dict: \"{{ zun_services }}\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_b26e672a","line":42,"range":{"start_line":42,"start_character":4,"end_line":42,"end_character":52},"in_reply_to":"3fa7e38b_955ec076","updated":"2020-01-29 17:21:49.000000000","message":"So, to be clear, refactor just the \"Copying over extra CA certificates task\" into a separate role? This role is also where we would copy certs needed for HAProxy backend TLS. Do you envision other tasks in this role?","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"03b23aa938342612a6fbc15bb1ddf7068ece6543","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    mode: \"0644\""},{"line_number":40,"context_line":"  when:"},{"line_number":41,"context_line":"    - item.value.enabled | bool"},{"line_number":42,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":43,"context_line":"    - kolla_copy_ca_into_containers | bool"},{"line_number":44,"context_line":"  with_dict: \"{{ zun_services }}\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_725f8f4c","line":42,"range":{"start_line":42,"start_character":4,"end_line":42,"end_character":52},"in_reply_to":"3fa7e38b_b26e672a","updated":"2020-01-29 17:29:49.000000000","message":"need to ping mgoddard on that","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"}],"doc/source/admin/advanced-configuration.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":143,"context_line":"   export OS_CACERT\u003d/etc/pki/mykolla-cacert.crt"},{"line_number":144,"context_line":"   export OS_IDENTITY_API_VERSION\u003d3"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"Self-Signed Certificates"},{"line_number":147,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":".. note::"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3fa7e38b_ee9b9062","line":146,"range":{"start_line":146,"start_character":0,"end_line":146,"end_character":24},"updated":"2020-01-13 11:23:46.000000000","message":"This is not specific to self-signed certificates. Please add a new heading, e.g.  Adding CA certificates to images","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":165,"context_line":"The files haproxy.pem and haproxy-ca.pem will be generated and stored"},{"line_number":166,"context_line":"in the ``/etc/kolla/certificates/`` directory."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"The following configuration is also required:"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":".. code-block:: yaml"},{"line_number":171,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"3fa7e38b_8e8d3c2b","line":168,"range":{"start_line":168,"start_character":36,"end_line":168,"end_character":44},"updated":"2020-01-13 11:23:46.000000000","message":"it\u0027s only required if you want to copy CA files into containers.","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":172,"context_line":"   kolla_copy_ca_into_containers: \"yes\""},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"When ``kolla_copy_ca_into_containers`` is configured to \"yes\", the"},{"line_number":175,"context_line":"Certificate Authority file in /etc/kolla/certificates will be copied into"},{"line_number":176,"context_line":"service containers to enable trust for that CA."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":".. _service-config:"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3fa7e38b_aea598a2","line":175,"range":{"start_line":175,"start_character":30,"end_line":175,"end_character":53},"updated":"2020-01-13 11:23:46.000000000","message":"/etc/kolla/certificates/ca/","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":172,"context_line":"   kolla_copy_ca_into_containers: \"yes\""},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"When ``kolla_copy_ca_into_containers`` is configured to \"yes\", the"},{"line_number":175,"context_line":"Certificate Authority file in /etc/kolla/certificates will be copied into"},{"line_number":176,"context_line":"service containers to enable trust for that CA."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":".. _service-config:"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3fa7e38b_cea25498","line":175,"range":{"start_line":175,"start_character":22,"end_line":175,"end_character":26},"updated":"2020-01-13 11:23:46.000000000","message":"files","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"bc6dec20d059ff9d3d14dc20bf94c409fe8e9e2a","unresolved":false,"context_lines":[{"line_number":180,"context_line":"for any certificates that are either self-signed or signed by a private CA,"},{"line_number":181,"context_line":"and are not already present in the service image trust store."},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"All certificate file names will have the \"kolla-customca-\" prefix appended to"},{"line_number":184,"context_line":"it when it is copied into the containers. For example, if a certificate file is"},{"line_number":185,"context_line":"named \"internal.crt\", it will be named \"kolla-customca-internal.crt\" in the"},{"line_number":186,"context_line":"containers."}],"source_content_type":"text/x-rst","patch_set":23,"id":"3fa7e38b_9c82eea5","line":183,"range":{"start_line":183,"start_character":66,"end_line":183,"end_character":74},"updated":"2020-02-06 16:14:03.000000000","message":"prepended","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"7e1501f20c69c6ac5b889fbe7496f2b9272abdcc","unresolved":false,"context_lines":[{"line_number":189,"context_line":"the ``/usr/local/share/ca-certificates/`` directory."},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"For Centos and Red Hat Linux containers, the certificate files will be copied"},{"line_number":192,"context_line":"to the ``/etc/pki/ca-trust/source/anchors/`` directory."},{"line_number":193,"context_line":""},{"line_number":194,"context_line":".. _service-config:"},{"line_number":195,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"3fa7e38b_9897d79c","line":192,"updated":"2020-01-29 08:13:18.000000000","message":"need to mention openstack_cacert somewhere as promised in TLS CI change","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"}],"releasenotes/notes/copy-certificate-authority-into-containers-860cbda3384dd731.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    When \u0027kolla_copy_ca_into_containers\u0027 is configured to \"yes\", the"},{"line_number":5,"context_line":"    certificate authority files in the /etc/kolla/certificates directory will"},{"line_number":6,"context_line":"    be copied into service containers. This is required when the CAs are"},{"line_number":7,"context_line":"    self-signed, or else the CAs will not be trusted by services. Otherwise,"},{"line_number":8,"context_line":"    CA validation will need to be explicitly disabled in services."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3fa7e38b_2eabe871","line":5,"range":{"start_line":5,"start_character":39,"end_line":5,"end_character":62},"updated":"2020-01-13 11:23:46.000000000","message":"/etc/kolla/certificates/ca/","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    When \u0027kolla_copy_ca_into_containers\u0027 is configured to \"yes\", the"},{"line_number":5,"context_line":"    certificate authority files in the /etc/kolla/certificates directory will"},{"line_number":6,"context_line":"    be copied into service containers. This is required when the CAs are"},{"line_number":7,"context_line":"    self-signed, or else the CAs will not be trusted by services. Otherwise,"},{"line_number":8,"context_line":"    CA validation will need to be explicitly disabled in services."},{"line_number":9,"context_line":"issues:"},{"line_number":10,"context_line":"  - |"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3fa7e38b_4ee504db","line":7,"range":{"start_line":6,"start_character":39,"end_line":7,"end_character":15},"updated":"2020-01-13 11:23:46.000000000","message":"It\u0027s required for any certificates that are not already in the trust store in the images. This could be because they are self-signed, or signed by a local (private) CA. However, it\u0027s also possible to bake your certificates into your images, in which case you wouldn\u0027t need this.","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fc03014464c3facc82ddc0b0710908573c63adef","unresolved":false,"context_lines":[{"line_number":8,"context_line":"    CA validation will need to be explicitly disabled in services."},{"line_number":9,"context_line":"issues:"},{"line_number":10,"context_line":"  - |"},{"line_number":11,"context_line":"    The Python Requests library will not trust self-signed CAs, even if they"},{"line_number":12,"context_line":"    are added into the OS trusted CA folder and update-ca-trust is executed."},{"line_number":13,"context_line":"    Therefore, CA validation will still need to be explicitly disabled in some"},{"line_number":14,"context_line":"    services when deploying Openstack using self-signed certificates."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3fa7e38b_0ec70c40","line":12,"range":{"start_line":11,"start_character":4,"end_line":12,"end_character":76},"updated":"2020-01-13 11:23:46.000000000","message":"Although you can explicitly state the path to the CA cert, like we do with openstack_cacert.","commit_id":"4b050abb4fe685ff3d39c00e4fbcb5939d4e832a"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"68dc487307ca34777421349c67ac54e3d79ce63a","unresolved":false,"context_lines":[{"line_number":13,"context_line":"  - |"},{"line_number":14,"context_line":"    The Python Requests library will not trust self-signed or privately signed"},{"line_number":15,"context_line":"    CAs even if they are added into the OS trusted CA folder and"},{"line_number":16,"context_line":"    update-ca-trust is executed. For services that rely on the Python Requests"},{"line_number":17,"context_line":"    library either CA validation will need to be explicitly disabled or the"},{"line_number":18,"context_line":"    path to the CA certificate must be configured."}],"source_content_type":"text/x-yaml","patch_set":18,"id":"3fa7e38b_c885a4af","line":18,"range":{"start_line":16,"start_character":33,"end_line":18,"end_character":50},"updated":"2020-01-27 12:15:52.000000000","message":"This probably needs to be a bit more explicit about what to do. Can they just set openstack_cacert?","commit_id":"33361b9cfcbba54514f60b728bb14b37922e6361"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"5e5f742584418ad945870d5b5ba93e04a38d3cc2","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"issues:"},{"line_number":14,"context_line":"  - |"},{"line_number":15,"context_line":"    Python \u003c\u003d 2.7.9 will not trust self-signed or privately signed CAs even"},{"line_number":16,"context_line":"    if they are added into the OS trusted CA folder and update-ca-trust is"},{"line_number":17,"context_line":"    executed. This is also true for the Python Requests library, regardless of"},{"line_number":18,"context_line":"    Python version. For services that run Python \u003c\u003d 2.7.9 or rely on the"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_3564ac4c","line":15,"updated":"2020-01-29 07:52:13.000000000","message":"no longer relevant - no support for py2 in ussuri, assume py3.6+","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"03b23aa938342612a6fbc15bb1ddf7068ece6543","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"issues:"},{"line_number":14,"context_line":"  - |"},{"line_number":15,"context_line":"    Python \u003c\u003d 2.7.9 will not trust self-signed or privately signed CAs even"},{"line_number":16,"context_line":"    if they are added into the OS trusted CA folder and update-ca-trust is"},{"line_number":17,"context_line":"    executed. This is also true for the Python Requests library, regardless of"},{"line_number":18,"context_line":"    Python version. For services that run Python \u003c\u003d 2.7.9 or rely on the"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_d29e83f8","line":15,"in_reply_to":"3fa7e38b_3254b755","updated":"2020-01-29 17:29:49.000000000","message":"we won\u0027t, too much going on :-)","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"39611736327dc5d64c9f007704aa11a11a91c128","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"issues:"},{"line_number":14,"context_line":"  - |"},{"line_number":15,"context_line":"    Python \u003c\u003d 2.7.9 will not trust self-signed or privately signed CAs even"},{"line_number":16,"context_line":"    if they are added into the OS trusted CA folder and update-ca-trust is"},{"line_number":17,"context_line":"    executed. This is also true for the Python Requests library, regardless of"},{"line_number":18,"context_line":"    Python version. For services that run Python \u003c\u003d 2.7.9 or rely on the"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_3254b755","line":15,"in_reply_to":"3fa7e38b_3564ac4c","updated":"2020-01-29 17:21:49.000000000","message":"seems worth noting, in the case we ever backport. I can remove if you still feel its not necessary.","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"bc6dec20d059ff9d3d14dc20bf94c409fe8e9e2a","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"issues:"},{"line_number":14,"context_line":"  - |"},{"line_number":15,"context_line":"    Python \u003c\u003d 2.7.9 will not trust self-signed or privately signed CAs even"},{"line_number":16,"context_line":"    if they are added into the OS trusted CA folder and update-ca-trust is"},{"line_number":17,"context_line":"    executed. This is also true for the Python Requests library, regardless of"},{"line_number":18,"context_line":"    Python version. For services that run Python \u003c\u003d 2.7.9 or rely on the"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_1c46fe7f","line":15,"in_reply_to":"3fa7e38b_d29e83f8","updated":"2020-02-06 16:14:03.000000000","message":"Requests bit is still relevant.","commit_id":"511ba9f6a2ff09c0f3b55a700696fca2004a9072"}]}
