)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"11ff4ed137bfc97b87e5e191e64c8b67897f3671","unresolved":false,"context_lines":[{"line_number":10,"context_line":"self-signed certificates. The internal and external"},{"line_number":11,"context_line":"facing certificates are then generated using the root CA."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Updated openstack_cacert to use root certificate by default."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: I6c2adff7d0128146cf086103ff6060b0dcefa37b"},{"line_number":16,"context_line":"Partially-Implements: blueprint add-ssl-internal-network"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":19,"id":"ff570b3c_7fc9ae58","line":13,"range":{"start_line":13,"start_character":32,"end_line":13,"end_character":36},"updated":"2020-06-10 16:59:23.000000000","message":"system CA trust store in CI tests","commit_id":"775839ab6261b593550676373ccd04c10fedddbe"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":762,"context_line":"kolla_certificates_dir: \"{{ node_config }}/certificates\""},{"line_number":763,"context_line":"kolla_external_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy.pem\""},{"line_number":764,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy-internal.pem\""},{"line_number":765,"context_line":"kolla_external_fqdn_cacert: \"{{ kolla_certificates_dir }}/ca/haproxy.crt\""},{"line_number":766,"context_line":"kolla_internal_fqdn_cacert: \"{{ kolla_certificates_dir }}/ca/haproxy-internal.crt\""},{"line_number":767,"context_line":"kolla_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":768,"context_line":"kolla_copy_ca_into_containers: \"no\""},{"line_number":769,"context_line":"kolla_verify_tls_backend: \"yes\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_d977083a","line":766,"range":{"start_line":765,"start_character":0,"end_line":766,"end_character":82},"updated":"2020-05-28 18:35:56.000000000","message":"Now these two are not really used.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":760,"context_line":"kolla_enable_tls_internal: \"no\""},{"line_number":761,"context_line":"kolla_enable_tls_external: \"{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else \u0027no\u0027 }}\""},{"line_number":762,"context_line":"kolla_certificates_dir: \"{{ node_config }}/certificates\""},{"line_number":763,"context_line":"kolla_external_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy.pem\""},{"line_number":764,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy-internal.pem\""},{"line_number":765,"context_line":"kolla_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":766,"context_line":"kolla_copy_ca_into_containers: \"no\""},{"line_number":767,"context_line":"kolla_verify_tls_backend: \"yes\""},{"line_number":768,"context_line":"haproxy_backend_cacert: \"{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_789224f8","line":765,"range":{"start_line":763,"start_character":0,"end_line":765,"end_character":56},"updated":"2020-05-29 17:15:26.000000000","message":"I think a change in how the CACERT is configured should be a separate commit. We don\u0027t need three variables to do this one thing.\n\nGiven that we\u0027re changing this, I think we should stop setting a default value. It might not be necessary if certs are installed in the system trust store, and there isn\u0027t really a sensible value we could choose. We can set the above value in the CI globals.yml config, and document how to use it with the certificates command.","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":769,"context_line":"haproxy_backend_cacert_dir: \"/etc/ssl/certs\""},{"line_number":770,"context_line":"kolla_enable_tls_backend: \"no\""},{"line_number":771,"context_line":"kolla_tls_backend_cert: \"{{ kolla_certificates_dir }}/private/backend/backend-cert.pem\""},{"line_number":772,"context_line":"kolla_tls_backend_key: \"{{ kolla_certificates_dir }}/private/backend/backend-key.pem\""},{"line_number":773,"context_line":""},{"line_number":774,"context_line":"####################"},{"line_number":775,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_b8bddc69","line":772,"updated":"2020-05-29 17:15:26.000000000","message":"Let\u0027s not design the defaults around the certificates command which is for testing. The previous defaults were sensible. If we need to shuffle files around that can be done in the certificates role.","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fce5466d94954d6d1f4d1a3952670416a29c5f76","unresolved":false,"context_lines":[{"line_number":762,"context_line":"kolla_certificates_dir: \"{{ node_config }}/certificates\""},{"line_number":763,"context_line":"kolla_external_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy.pem\""},{"line_number":764,"context_line":"kolla_internal_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy-internal.pem\""},{"line_number":765,"context_line":"kolla_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":766,"context_line":"kolla_copy_ca_into_containers: \"no\""},{"line_number":767,"context_line":"kolla_verify_tls_backend: \"yes\""},{"line_number":768,"context_line":"haproxy_backend_cacert: \"{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":9,"id":"ff570b3c_40c26986","line":765,"updated":"2020-06-04 14:12:30.000000000","message":"this","commit_id":"943f5e53c79c1e55e3f9c7fe2a067d658bdfc2f5"}],"ansible/roles/certificates/tasks/generate-backend.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":2,"context_line":"- block:"},{"line_number":3,"context_line":"    - name: Ensuring private backend directory exist"},{"line_number":4,"context_line":"      file:"},{"line_number":5,"context_line":"        path: \"{{ kolla_certificates_dir }}/private/backend\""},{"line_number":6,"context_line":"        state: \"directory\""},{"line_number":7,"context_line":"        recurse: yes"},{"line_number":8,"context_line":"        mode: \"0770\""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_187168df","line":5,"range":{"start_line":5,"start_character":15,"end_line":5,"end_character":59},"updated":"2020-05-29 17:15:26.000000000","message":"backend_dir","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":4,"context_line":"      file:"},{"line_number":5,"context_line":"        path: \"{{ kolla_certificates_dir }}/private/backend\""},{"line_number":6,"context_line":"        state: \"directory\""},{"line_number":7,"context_line":"        recurse: yes"},{"line_number":8,"context_line":"        mode: \"0770\""},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"    - name: Creating backend SSL configuration file"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_4a5dc313","line":7,"range":{"start_line":7,"start_character":8,"end_line":7,"end_character":20},"updated":"2020-05-29 17:15:26.000000000","message":"No recurse","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        path: \"{{ kolla_tls_backend_key }}\""},{"line_number":53,"context_line":"        mode: \"0660\""},{"line_number":54,"context_line":"        state: file"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"    - name: Creating backend Certificate file to be included in container trusted ca-certificates"},{"line_number":57,"context_line":"      copy:"},{"line_number":58,"context_line":"        src: \"{{ kolla_tls_backend_cert }}\""},{"line_number":59,"context_line":"        dest: \"{{ kolla_certificates_dir }}/ca/backend-cert.crt\""},{"line_number":60,"context_line":"        mode: \"0660\""},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - kolla_enable_tls_backend | bool"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_2a6a0fb2","line":60,"range":{"start_line":55,"start_character":0,"end_line":60,"end_character":20},"updated":"2020-05-29 17:15:26.000000000","message":"Not required","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":59,"context_line":"        dest: \"{{ kolla_certificates_dir }}/ca/backend-cert.crt\""},{"line_number":60,"context_line":"        mode: \"0660\""},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - kolla_enable_tls_backend | bool"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_587be0bc","line":62,"range":{"start_line":62,"start_character":6,"end_line":62,"end_character":37},"updated":"2020-05-29 17:15:26.000000000","message":"This can be applied to the include.","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"}],"ansible/roles/certificates/tasks/generate-root.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  file:"},{"line_number":4,"context_line":"    path: \"{{ kolla_certificates_dir }}/ca\""},{"line_number":5,"context_line":"    state: \"directory\""},{"line_number":6,"context_line":"    recurse: yes"},{"line_number":7,"context_line":"    mode: \"0770\""},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"- name: Ensuring private root directory exist"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_aa9bbfc6","line":6,"updated":"2020-05-29 17:15:26.000000000","message":"no recurse","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":10,"context_line":"  file:"},{"line_number":11,"context_line":"    path: \"{{ root_dir }}\""},{"line_number":12,"context_line":"    state: \"directory\""},{"line_number":13,"context_line":"    recurse: yes"},{"line_number":14,"context_line":"    mode: \"0770\""},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- name: Creating root Certificate key"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_8aa07bf6","line":13,"updated":"2020-05-29 17:15:26.000000000","message":"ditto","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"}],"ansible/roles/certificates/tasks/generate.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    recurse: yes"},{"line_number":40,"context_line":"    mode: \"0770\""},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"- name: Creating root Certificate key"},{"line_number":43,"context_line":"  vars:"},{"line_number":44,"context_line":"    root_dir: \"{{ kolla_certificates_dir }}/private/root\""},{"line_number":45,"context_line":"  command: openssl genrsa \\"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_74452115","line":42,"updated":"2020-05-28 18:35:56.000000000","message":"I thought I saw these in a separate task file previously. That would be tidier.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"- name: Creating root Certificate key"},{"line_number":43,"context_line":"  vars:"},{"line_number":44,"context_line":"    root_dir: \"{{ kolla_certificates_dir }}/private/root\""},{"line_number":45,"context_line":"  command: openssl genrsa \\"},{"line_number":46,"context_line":"    -out \"{{ root_dir }}/root.key\" \\"},{"line_number":47,"context_line":"    4096"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_144dc571","line":44,"range":{"start_line":44,"start_character":4,"end_line":44,"end_character":12},"updated":"2020-05-28 18:35:56.000000000","message":"a role default or var would keep this DRY.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":51,"context_line":"- name: Creating and sign root Certificate"},{"line_number":52,"context_line":"  vars:"},{"line_number":53,"context_line":"    root_dir: \"{{ kolla_certificates_dir }}/private/root\""},{"line_number":54,"context_line":"  command: openssl req \\"},{"line_number":55,"context_line":"    -x509 \\"},{"line_number":56,"context_line":"    -new -nodes \\"},{"line_number":57,"context_line":"    -key \"{{ root_dir }}/root.key\" \\"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_94cb9551","line":54,"updated":"2020-05-28 18:35:56.000000000","message":"If you use YAML folded scalar you can omit the backslashes:\n\ncommand: \u003e\n  line1\n  line2","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":58,"context_line":"    -sha256"},{"line_number":59,"context_line":"    -days 1024"},{"line_number":60,"context_line":"    -out \"{{ root_dir }}/root.crt\" \\"},{"line_number":61,"context_line":"    -subj \"/CN\u003dSelfSignedCARoot/\""},{"line_number":62,"context_line":"  args:"},{"line_number":63,"context_line":"    creates: \"{{ root_dir }}/root.crt\""},{"line_number":64,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_5470dda5","line":61,"range":{"start_line":61,"start_character":15,"end_line":61,"end_character":31},"updated":"2020-05-28 18:35:56.000000000","message":"Let\u0027s put test in the name to discourage people using in prod. KollaTestCA?","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":78,"context_line":"    dest: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":79,"context_line":"    mode: \"0660\""},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"- block:"},{"line_number":82,"context_line":"    - name: Creating external SSL configuration file"},{"line_number":83,"context_line":"      template:"},{"line_number":84,"context_line":"        src: \"{{ item }}.j2\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_943ef526","line":81,"updated":"2020-05-28 18:35:56.000000000","message":"The lack of blank lines hurts my eyes here :)","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        - \"openssl-kolla.cnf\""},{"line_number":89,"context_line":"    - name: Creating external Server Certificate key"},{"line_number":90,"context_line":"      vars:"},{"line_number":91,"context_line":"        external_dir: \"{{ kolla_certificates_dir }}/private/external\""},{"line_number":92,"context_line":"      command: openssl genrsa \\"},{"line_number":93,"context_line":"        -out \"{{ external_dir }}/external.key\" 2048"},{"line_number":94,"context_line":"      args:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_946c3537","line":91,"range":{"start_line":91,"start_character":8,"end_line":91,"end_character":20},"updated":"2020-05-28 18:35:56.000000000","message":"ditto role default or var.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":115,"context_line":"        -CAkey \"{{ root_dir }}/root.key\" \\"},{"line_number":116,"context_line":"        -CAcreateserial \\"},{"line_number":117,"context_line":"        -out \"{{ external_dir }}/external.crt\" \\"},{"line_number":118,"context_line":"        -days 500 \\"},{"line_number":119,"context_line":"        -sha256"},{"line_number":120,"context_line":"      args:"},{"line_number":121,"context_line":"        creates: \"{{ external_dir }}/external.crt\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_f464914b","line":118,"range":{"start_line":118,"start_character":14,"end_line":118,"end_character":17},"updated":"2020-05-28 18:35:56.000000000","message":"365?","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":126,"context_line":"        path: \"{{ external_dir }}/external.key\""},{"line_number":127,"context_line":"        mode: \"0660\""},{"line_number":128,"context_line":"        state: file"},{"line_number":129,"context_line":"    - name: Creating external CA Certificate File"},{"line_number":130,"context_line":"      copy:"},{"line_number":131,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external/external.crt\""},{"line_number":132,"context_line":"        dest: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":133,"context_line":"        mode: \"0660\""},{"line_number":134,"context_line":"    - name: Creating external Server PEM File"},{"line_number":135,"context_line":"      assemble:"},{"line_number":136,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_d4c50d3e","line":133,"range":{"start_line":129,"start_character":0,"end_line":133,"end_character":20},"updated":"2020-05-28 18:35:56.000000000","message":"No longer used","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":133,"context_line":"        mode: \"0660\""},{"line_number":134,"context_line":"    - name: Creating external Server PEM File"},{"line_number":135,"context_line":"      assemble:"},{"line_number":136,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external\""},{"line_number":137,"context_line":"        dest: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":138,"context_line":"        mode: \"0660\""},{"line_number":139,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_14f02567","line":136,"range":{"start_line":136,"start_character":51,"end_line":136,"end_character":59},"updated":"2020-05-28 18:35:56.000000000","message":"This now contains the CSR, and possibly the serial? Better to use a regex.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":140,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"- block:"},{"line_number":143,"context_line":"    - name: Copy the external certificate crt to be the internal when internal + external are same network"},{"line_number":144,"context_line":"      copy:"},{"line_number":145,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external/external.crt\""},{"line_number":146,"context_line":"        dest: \"{{ kolla_certificates_dir }}/private/internal/internal.crt\""},{"line_number":147,"context_line":"        remote_src: yes"},{"line_number":148,"context_line":"        mode: \"0660\""},{"line_number":149,"context_line":"    - name: Copy the external certificate key to be the internal when internal + external are same network"},{"line_number":150,"context_line":"      copy:"},{"line_number":151,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external/external.key\""},{"line_number":152,"context_line":"        dest: \"{{ kolla_certificates_dir }}/private/internal/internal.key\""},{"line_number":153,"context_line":"        remote_src: yes"},{"line_number":154,"context_line":"        mode: \"0660\""},{"line_number":155,"context_line":"    - name: Copy the external certificate signing request to be the internal when internal + external are same network"},{"line_number":156,"context_line":"      copy:"},{"line_number":157,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external/external.csr\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_d4fd0d3b","line":154,"range":{"start_line":143,"start_character":0,"end_line":154,"end_character":20},"updated":"2020-05-28 18:35:56.000000000","message":"I don\u0027t think these were ever required.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        dest: \"{{ kolla_certificates_dir }}/private/internal/internal.key\""},{"line_number":153,"context_line":"        remote_src: yes"},{"line_number":154,"context_line":"        mode: \"0660\""},{"line_number":155,"context_line":"    - name: Copy the external certificate signing request to be the internal when internal + external are same network"},{"line_number":156,"context_line":"      copy:"},{"line_number":157,"context_line":"        src: \"{{ kolla_certificates_dir }}/private/external/external.csr\""},{"line_number":158,"context_line":"        dest: \"{{ kolla_certificates_dir }}/private/internal/internal.csr\""},{"line_number":159,"context_line":"        remote_src: yes"},{"line_number":160,"context_line":"        mode: \"0660\""},{"line_number":161,"context_line":"    - name: Copy the external PEM file to be the internal when internal + external are same network"},{"line_number":162,"context_line":"      copy:"},{"line_number":163,"context_line":"        src: \"{{ kolla_external_fqdn_cert }}\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_34ed698b","line":160,"range":{"start_line":155,"start_character":0,"end_line":160,"end_character":20},"updated":"2020-05-28 18:35:56.000000000","message":"Not required","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":164,"context_line":"        dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":165,"context_line":"        remote_src: yes"},{"line_number":166,"context_line":"        mode: \"0660\""},{"line_number":167,"context_line":"    - name: Copy the external CA Certificate file to be the internal when internal + external are same network"},{"line_number":168,"context_line":"      copy:"},{"line_number":169,"context_line":"        src: \"{{ kolla_external_fqdn_cacert }}\""},{"line_number":170,"context_line":"        dest: \"{{ kolla_internal_fqdn_cacert }}\""},{"line_number":171,"context_line":"        remote_src: yes"},{"line_number":172,"context_line":"        mode: \"0660\""},{"line_number":173,"context_line":"  when:"},{"line_number":174,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":175,"context_line":"    - kolla_enable_tls_internal | bool"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_b4f85949","line":172,"range":{"start_line":167,"start_character":0,"end_line":172,"end_character":20},"updated":"2020-05-28 18:35:56.000000000","message":"We can get rid of these separate cacerts.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":237,"context_line":"    - kolla_enable_tls_internal | bool"},{"line_number":238,"context_line":"    - not kolla_same_external_internal_vip | bool"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"- block:"},{"line_number":241,"context_line":"    - name: Creating backend SSL configuration file"},{"line_number":242,"context_line":"      template:"},{"line_number":243,"context_line":"        src: \"{{ item }}.j2\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_8cfd49b3","line":240,"updated":"2020-05-28 18:35:56.000000000","message":"Should use the same pattern for the backend.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- name: Ensuring ca directory exist"},{"line_number":3,"context_line":"  file:"},{"line_number":4,"context_line":"    path: \"{{ kolla_certificates_dir }}/ca\""},{"line_number":5,"context_line":"    state: \"directory\""},{"line_number":6,"context_line":"    recurse: yes"},{"line_number":7,"context_line":"    mode: \"0770\""},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"- name: Ensuring private internal directory exist"},{"line_number":10,"context_line":"  file:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_4ab2e34a","line":7,"range":{"start_line":2,"start_character":0,"end_line":7,"end_character":16},"updated":"2020-05-29 17:15:26.000000000","message":"I think it\u0027s done in generate-root.yml","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":10,"context_line":"  file:"},{"line_number":11,"context_line":"    path: \"{{ internal_dir }}\""},{"line_number":12,"context_line":"    state: \"directory\""},{"line_number":13,"context_line":"    recurse: yes"},{"line_number":14,"context_line":"    mode: \"0770\""},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- name: Ensuring private external directory exist"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_ea7ad774","line":13,"range":{"start_line":13,"start_character":4,"end_line":13,"end_character":11},"updated":"2020-05-29 17:15:26.000000000","message":"no recurse","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":17,"context_line":"  file:"},{"line_number":18,"context_line":"    path: \"{{ external_dir }}\""},{"line_number":19,"context_line":"    state: \"directory\""},{"line_number":20,"context_line":"    recurse: yes"},{"line_number":21,"context_line":"    mode: \"0770\""},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- name: Ensuring backend certificate and key directories exist"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_4a8b0367","line":20,"range":{"start_line":20,"start_character":4,"end_line":20,"end_character":11},"updated":"2020-05-29 17:15:26.000000000","message":"ditto","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":20,"context_line":"    recurse: yes"},{"line_number":21,"context_line":"    mode: \"0770\""},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- name: Ensuring backend certificate and key directories exist"},{"line_number":24,"context_line":"  file:"},{"line_number":25,"context_line":"    path: \"{{ item | dirname }}\""},{"line_number":26,"context_line":"    state: \"directory\""},{"line_number":27,"context_line":"    recurse: yes"},{"line_number":28,"context_line":"    mode: \"0770\""},{"line_number":29,"context_line":"  when:"},{"line_number":30,"context_line":"    - kolla_enable_tls_backend | bool"},{"line_number":31,"context_line":"  with_items:"},{"line_number":32,"context_line":"    - \"{{ kolla_tls_backend_cert }}\""},{"line_number":33,"context_line":"    - \"{{ kolla_tls_backend_key }}\""},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"- block:"},{"line_number":36,"context_line":"    - name: Creating external SSL configuration file"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_0adaab76","line":33,"range":{"start_line":23,"start_character":0,"end_line":33,"end_character":35},"updated":"2020-05-29 17:15:26.000000000","message":"Should be in generate-backend.yml","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":89,"context_line":"    - kolla_enable_tls_external | bool"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"- block:"},{"line_number":92,"context_line":"    - name: Copy the external certificate crt to be the internal when internal + external are same network"},{"line_number":93,"context_line":"      copy:"},{"line_number":94,"context_line":"        src: \"{{ external_dir }}/external.crt\""},{"line_number":95,"context_line":"        dest: \"{{ internal_dir }}/internal.crt\""},{"line_number":96,"context_line":"        remote_src: yes"},{"line_number":97,"context_line":"        mode: \"0660\""},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"    - name: Copy the external PEM file to be the internal when internal + external are same network"},{"line_number":100,"context_line":"      copy:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"ff570b3c_aad29f5a","line":97,"range":{"start_line":92,"start_character":0,"end_line":97,"end_character":20},"updated":"2020-05-29 17:15:26.000000000","message":"Not required","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"}],"ansible/roles/certificates/templates/openssl-kolla-backend.cnf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":7,"context_line":"countryName \u003d US"},{"line_number":8,"context_line":"stateOrProvinceName \u003d NC"},{"line_number":9,"context_line":"localityName \u003d RTP"},{"line_number":10,"context_line":"organizationalUnitName \u003d kolla-backend"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"[v3_req]"},{"line_number":13,"context_line":"subjectAltName \u003d @alt_names"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"ff570b3c_19dd0014","line":10,"updated":"2020-05-28 18:35:56.000000000","message":"This wasn\u0027t necessary in the end.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"}],"ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":7,"context_line":"countryName \u003d US"},{"line_number":8,"context_line":"stateOrProvinceName \u003d NC"},{"line_number":9,"context_line":"localityName \u003d RTP"},{"line_number":10,"context_line":"organizationalUnitName \u003d kolla-internal"},{"line_number":11,"context_line":"commonName \u003d {{ kolla_internal_fqdn }}"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"[v3_req]"}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"ff570b3c_59e778e5","line":10,"updated":"2020-05-28 18:35:56.000000000","message":"ditto","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"}],"ansible/roles/common/templates/admin-openrc.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"02871fc176f96732b47012fde8ae819b7413b22a","unresolved":false,"context_lines":[{"line_number":18,"context_line":"export OS_IDENTITY_API_VERSION\u003d3"},{"line_number":19,"context_line":"export OS_REGION_NAME\u003d{{ openstack_region_name }}"},{"line_number":20,"context_line":"export OS_AUTH_PLUGIN\u003dpassword"},{"line_number":21,"context_line":"export OS_CACERT\u003d{{ kolla_cacert }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"ff570b3c_58548021","line":21,"updated":"2020-05-29 17:15:26.000000000","message":"Wrap with\n\n{% if kolla_cacert is not none and kolla_cacert | length \u003e 0 %}","commit_id":"9a882d9f9d5359f0ac1d328aa3148f82c0aaa8f7"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"e314c3c3a6907edc176e2bd247632c44e90585e6","unresolved":false,"context_lines":[{"line_number":18,"context_line":"export OS_IDENTITY_API_VERSION\u003d3"},{"line_number":19,"context_line":"export OS_REGION_NAME\u003d{{ openstack_region_name }}"},{"line_number":20,"context_line":"export OS_AUTH_PLUGIN\u003dpassword"},{"line_number":21,"context_line":"{% if openstack_cacert is not none and openstack_cacert | length \u003e 0 %}"},{"line_number":22,"context_line":"export OS_CACERT\u003d{{ openstack_cacert }}"},{"line_number":23,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"ff570b3c_51dd736e","line":21,"range":{"start_line":21,"start_character":6,"end_line":21,"end_character":22},"updated":"2020-05-30 14:51:07.000000000","message":"I thought it was kolla_cacert? or are there 2 of these?","commit_id":"543fcd55f6463a59f1caa15cda7d77e7110bd3e0"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"03f66d9ba231fbfecac6c71e8367631dbceb60ac","unresolved":false,"context_lines":[{"line_number":18,"context_line":"export OS_IDENTITY_API_VERSION\u003d3"},{"line_number":19,"context_line":"export OS_REGION_NAME\u003d{{ openstack_region_name }}"},{"line_number":20,"context_line":"export OS_AUTH_PLUGIN\u003dpassword"},{"line_number":21,"context_line":"{% if openstack_cacert is not none and openstack_cacert | length \u003e 0 %}"},{"line_number":22,"context_line":"export OS_CACERT\u003d{{ openstack_cacert }}"},{"line_number":23,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"ff570b3c_7153573a","line":21,"range":{"start_line":21,"start_character":6,"end_line":21,"end_character":22},"in_reply_to":"ff570b3c_51dd736e","updated":"2020-05-30 17:53:56.000000000","message":"this still needs a little sorting out and retinkering:\n\nkolla_cacert is location on the anisble controller node of the certificate generated from the root CA. \n\nopenstack_cacert is the certificate location of that root certificate on the docker containers (so that services themselves can leverage it)","commit_id":"543fcd55f6463a59f1caa15cda7d77e7110bd3e0"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fce5466d94954d6d1f4d1a3952670416a29c5f76","unresolved":false,"context_lines":[{"line_number":18,"context_line":"export OS_IDENTITY_API_VERSION\u003d3"},{"line_number":19,"context_line":"export OS_REGION_NAME\u003d{{ openstack_region_name }}"},{"line_number":20,"context_line":"export OS_AUTH_PLUGIN\u003dpassword"},{"line_number":21,"context_line":"{% if kolla_cacert is not none and kolla_cacert | length \u003e 0 %}"},{"line_number":22,"context_line":"export OS_CACERT\u003d{{ kolla_cacert }}"},{"line_number":23,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":9,"id":"ff570b3c_c03b1999","line":23,"range":{"start_line":21,"start_character":0,"end_line":23,"end_character":11},"updated":"2020-06-04 14:12:30.000000000","message":"this","commit_id":"943f5e53c79c1e55e3f9c7fe2a067d658bdfc2f5"}],"etc/kolla/globals.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fce5466d94954d6d1f4d1a3952670416a29c5f76","unresolved":false,"context_lines":[{"line_number":189,"context_line":"#kolla_certificates_dir: \"{{ node_config }}/certificates\""},{"line_number":190,"context_line":"#kolla_external_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy.pem\""},{"line_number":191,"context_line":"#kolla_internal_fqdn_cert: \"{{ kolla_certificates_dir }}/haproxy-internal.pem\""},{"line_number":192,"context_line":"#kolla_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":193,"context_line":"#kolla_copy_ca_into_containers: \"no\""},{"line_number":194,"context_line":"#kolla_verify_tls_backend: \"yes\""},{"line_number":195,"context_line":"#haproxy_backend_cacert: \"{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":9,"id":"ff570b3c_203f7587","line":192,"range":{"start_line":192,"start_character":0,"end_line":192,"end_character":57},"updated":"2020-06-04 14:12:30.000000000","message":"this","commit_id":"943f5e53c79c1e55e3f9c7fe2a067d658bdfc2f5"}],"releasenotes/notes/generate-self-signed-root-ca-bc523acab7290cfe.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    for the certificates. The internal and external facing certificates are"},{"line_number":6,"context_line":"    then generated using the root CA."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Updated openstack_cacert to use root certificate by default."},{"line_number":9,"context_line":"upgrade:"},{"line_number":10,"context_line":"  - |"},{"line_number":11,"context_line":"    Added field ``kolla_cacert`` to reference the root CA certificate. Updated"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff570b3c_993e3027","line":8,"range":{"start_line":8,"start_character":12,"end_line":8,"end_character":28},"updated":"2020-05-28 18:35:56.000000000","message":"This is different - it\u0027s the CA cert in the containers.","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fce5466d94954d6d1f4d1a3952670416a29c5f76","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Update the self-signed TLS certificate generation task to create a root CA"},{"line_number":5,"context_line":"    for the certificates. The internal and external facing certificates are"},{"line_number":6,"context_line":"    then generated using the root CA."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    Added field ``kolla_cacert`` to reference the root CA certificate. Updated"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"ff570b3c_e061fdaa","line":6,"range":{"start_line":4,"start_character":0,"end_line":6,"end_character":37},"updated":"2020-06-04 14:12:30.000000000","message":"This needs to reference the kolla-ansible certificates command, to be clear it does not affect production use. Also mention the backend cert.","commit_id":"943f5e53c79c1e55e3f9c7fe2a067d658bdfc2f5"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"fce5466d94954d6d1f4d1a3952670416a29c5f76","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    then generated using the root CA."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    Added field ``kolla_cacert`` to reference the root CA certificate. Updated"},{"line_number":10,"context_line":"    OS_CACERT to be ``kolla_cacert`` instead of referencing the internal or"},{"line_number":11,"context_line":"    external facing certificate."}],"source_content_type":"text/x-yaml","patch_set":9,"id":"ff570b3c_a05265dc","line":11,"range":{"start_line":9,"start_character":0,"end_line":11,"end_character":32},"updated":"2020-06-04 14:12:30.000000000","message":"this","commit_id":"943f5e53c79c1e55e3f9c7fe2a067d658bdfc2f5"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"11ff4ed137bfc97b87e5e191e64c8b67897f3671","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Self-signed TLS certificates can be used to test TLS in a"},{"line_number":5,"context_line":"    development OpenStack environment. The ``kolla-ansible certificates`` role"},{"line_number":6,"context_line":"    will generate the required self-signed TLS certificates. This role has been"},{"line_number":7,"context_line":"    updated to first create a self-signed root certificate authority. The"},{"line_number":8,"context_line":"    role then generates the internal and external facing certificates and"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"ff570b3c_3f33b664","line":5,"range":{"start_line":5,"start_character":74,"end_line":5,"end_character":78},"updated":"2020-06-10 16:59:23.000000000","message":"command","commit_id":"775839ab6261b593550676373ccd04c10fedddbe"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"11ff4ed137bfc97b87e5e191e64c8b67897f3671","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Self-signed TLS certificates can be used to test TLS in a"},{"line_number":5,"context_line":"    development OpenStack environment. The ``kolla-ansible certificates`` role"},{"line_number":6,"context_line":"    will generate the required self-signed TLS certificates. This role has been"},{"line_number":7,"context_line":"    updated to first create a self-signed root certificate authority. The"},{"line_number":8,"context_line":"    role then generates the internal and external facing certificates and"},{"line_number":9,"context_line":"    signs them using the root CA. If backend TLS is enabled, the role will"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"ff570b3c_bf46a6bf","line":6,"range":{"start_line":6,"start_character":66,"end_line":6,"end_character":70},"updated":"2020-06-10 16:59:23.000000000","message":"command","commit_id":"775839ab6261b593550676373ccd04c10fedddbe"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"11ff4ed137bfc97b87e5e191e64c8b67897f3671","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    development OpenStack environment. The ``kolla-ansible certificates`` role"},{"line_number":6,"context_line":"    will generate the required self-signed TLS certificates. This role has been"},{"line_number":7,"context_line":"    updated to first create a self-signed root certificate authority. The"},{"line_number":8,"context_line":"    role then generates the internal and external facing certificates and"},{"line_number":9,"context_line":"    signs them using the root CA. If backend TLS is enabled, the role will"},{"line_number":10,"context_line":"    generate the backend certificate and sign it with the root CA."}],"source_content_type":"text/x-yaml","patch_set":19,"id":"ff570b3c_9f43e2af","line":8,"range":{"start_line":8,"start_character":4,"end_line":8,"end_character":8},"updated":"2020-06-10 16:59:23.000000000","message":"command","commit_id":"775839ab6261b593550676373ccd04c10fedddbe"}],"tests/templates/globals-default.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d83d59b63ab20e06e552c669acd35e9737f74e04","unresolved":false,"context_lines":[{"line_number":125,"context_line":"openstack_cacert: \"/usr/local/share/ca-certificates/kolla-customca-root.crt\""},{"line_number":126,"context_line":"{% endif %}"},{"line_number":127,"context_line":"{% if base_distro \u003d\u003d \"centos\" %}"},{"line_number":128,"context_line":"openstack_cacert: \"/etc/pki/ca-trust/source/anchors/kolla-customca-root.crt\""},{"line_number":129,"context_line":"{% endif %}"},{"line_number":130,"context_line":"{% endif %}"},{"line_number":131,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":3,"id":"ff570b3c_995f5040","line":128,"updated":"2020-05-28 18:35:56.000000000","message":"This should point to the main system trust store. \n\nCentOS: /etc/pki/tls/certs/ca-bundle.crt\nUbuntu: /etc/ssl/certs/ca-certificates.crt (?)","commit_id":"82a615c4d699129eb753421266ace6ff09b9fcab"}]}