)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"23cffca1c295455c1869bcabc4d16fe590c1914e","unresolved":false,"context_lines":[{"line_number":20,"context_line":"- support in \u0027certificates\u0027 command for generating initial cert"},{"line_number":21,"context_line":"  - How will this work? It needs to perhaps use \u0027standalone\u0027 mode"},{"line_number":22,"context_line":"    instead of \u0027webroot\u0027 mode, as it should be taking place before"},{"line_number":23,"context_line":"    HAProxy is stood up."},{"line_number":24,"context_line":"- support for HAProxy to automatically detect changes and re-copy LE"},{"line_number":25,"context_line":"  certs if they are updated."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9f560f44_59e7d647","line":23,"range":{"start_line":23,"start_character":21,"end_line":23,"end_character":23},"updated":"2020-08-12 00:56:12.000000000","message":"Does it make sense to have a different command for letsencrypt generated certs? One that first deploys the letsencrypt containers and then executes certbot.","commit_id":"1a3b3f189630c89f513c80e7d4adcbccd22c5e0c"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"6a89cf4da495459fb84725b97f3b3f2a20e9cef1","unresolved":false,"context_lines":[{"line_number":21,"context_line":"  - How will this work? It needs to perhaps use \u0027standalone\u0027 mode"},{"line_number":22,"context_line":"    instead of \u0027webroot\u0027 mode, as it should be taking place before"},{"line_number":23,"context_line":"    HAProxy is stood up."},{"line_number":24,"context_line":"- support for HAProxy to automatically detect changes and re-copy LE"},{"line_number":25,"context_line":"  certs if they are updated."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Implements: blueprint letsencrypt-https"},{"line_number":28,"context_line":"Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"bf51134e_e1d1eefc","line":25,"range":{"start_line":24,"start_character":2,"end_line":25,"end_character":28},"updated":"2020-07-16 06:58:47.000000000","message":"this is a real pain point - we should solve this in the general case and not force the container to restart each time","commit_id":"1a3b3f189630c89f513c80e7d4adcbccd22c5e0c"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c3043fb9a60dfd59a52b0e1bb0d0f4c2a9460c5d","unresolved":true,"context_lines":[{"line_number":17,"context_line":"Implements: blueprint letsencrypt-https"},{"line_number":18,"context_line":"Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106"},{"line_number":19,"context_line":"Depends-On: https://review.opendev.org/#/c/741339"},{"line_number":20,"context_line":"Co-Authored-By: James Kirsch \u003cgeneralfuzz@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":56,"id":"1bd5eae2_8878162c","line":20,"range":{"start_line":20,"start_character":16,"end_line":20,"end_character":52},"updated":"2021-03-25 17:28:36.000000000","message":"Now that you\u0027re the author, please add Jason here:\n\nJason Anderson \u003cjasonanderson@uchicago.edu\u003e","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":17,"context_line":"Implements: blueprint letsencrypt-https"},{"line_number":18,"context_line":"Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106"},{"line_number":19,"context_line":"Depends-On: https://review.opendev.org/#/c/741339"},{"line_number":20,"context_line":"Co-Authored-By: James Kirsch \u003cgeneralfuzz@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":56,"id":"48697699_f961448f","line":20,"range":{"start_line":20,"start_character":16,"end_line":20,"end_character":52},"in_reply_to":"1bd5eae2_8878162c","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"2c5d57ad347aed18abf976a24dce2427fe87a622","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":132,"id":"db521ded_bc7b898e","updated":"2022-02-22 17:18:45.000000000","message":"recheck","commit_id":"b1bf30b026386b9a208fb9b0303d24652c60a2b0"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":135,"id":"13f4d82f_6d2f3808","updated":"2022-02-23 10:17:14.000000000","message":"I think we need a rethink.\n\n* I don\u0027t think we can expose the HAProxy admin socket unauthenticated via TCP\n\n* openstack-ansible suggests they use separate certs for each load balancer. That would avoid the sync, and greatly simplify the design. We could also use a unix admin socket. See https://docs.openstack.org/openstack-ansible/latest/user/security/ssl-certificates.html#certbot-certificates and https://opendev.org/openstack/openstack-ansible-haproxy_server\n\n* we need to store the certs on disk, as well as dynamically updating HAProxy. This would be a lot easier if we only had to update the local HAproxy\n\n* the bootstrapping process seems clumsy, and it concerns me that a reconfigure doesn\u0027t work. A colleague suggested using certbot standalone mode to bootstrap when we don\u0027t have certificates.That could be fiddly, but either way, I\u0027d like to see a clean, documented way to bootstrap this (that ensures we don\u0027t overwrite the LE certs with our own self-signed ones). It might involve getting HAProxy running first to bootstrap LE, then running another deploy with everything else.\n\n* the internal API support doesn\u0027t seem that useful to me, and if we\u0027re going to iterate the design then it might be easier to remove it\n\nOverall, I\u0027d like to see a written plan for the approach, that a few people can agree on - we should have enough context at this point to agree on a design.","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"b68e54cb5e0afd070a519004917a527f0d23ea82","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":143,"id":"c2a2b823_b290725f","updated":"2022-04-29 22:01:18.000000000","message":"LGTM, but need to add task to check existence of the kolla_internal_fqdn and kolla_external_fqdn because role can be enabled but FQDNs didn\u0027t useв - in this case we should notify user and fail.","commit_id":"021a517a3145165c7b89b9ed12ae51cb4621cbf9"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"72c8b3c3b401ef809833900f08211f3f48976396","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":145,"id":"a7935381_e2080d3d","updated":"2022-05-03 22:32:06.000000000","message":"recheck","commit_id":"071629b36cfe1a59e134040a90bc32b75a137cfb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":145,"id":"b3abf681_4f62e8c3","in_reply_to":"a7935381_e2080d3d","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"071629b36cfe1a59e134040a90bc32b75a137cfb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"958d73a787804bb58a7e793d421a0fe404009d70","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":150,"id":"9e2bca15_087bd02b","updated":"2022-05-05 17:37:45.000000000","message":"recheck","commit_id":"4179840e354623eb75293324bccb25d9348a2cc7"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":150,"id":"74a9c806_9238b099","in_reply_to":"9e2bca15_087bd02b","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"4179840e354623eb75293324bccb25d9348a2cc7"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"272b19d7ef7a9f1c3781faa71c346c02057eaa1b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":152,"id":"2bcfc133_8528f5ad","updated":"2022-05-18 09:38:58.000000000","message":"I fixed the merge conflict.\n\nMy review is pending but I already have one comment to share - letsencrypt-acme should be renamed everywhere to something like letsencrypt-webserver as this is a webserver for letenscrypt functionality and not an ACME server. The current wording is confusing.","commit_id":"24bfe61b542489153ba888b2959a3670dbbf056e"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"138245333214c5a1c82767de45b569ad1304fbcb","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":152,"id":"ecfa0f71_2a715419","in_reply_to":"2bcfc133_8528f5ad","updated":"2022-05-18 11:38:39.000000000","message":"(this is open)","commit_id":"24bfe61b542489153ba888b2959a3670dbbf056e"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":152,"id":"b564016d_0c146893","in_reply_to":"ecfa0f71_2a715419","updated":"2023-07-17 11:53:45.000000000","message":"Check again, now solved.","commit_id":"24bfe61b542489153ba888b2959a3670dbbf056e"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"f7b8653d0600f6993120d6b1b69bbbc328404532","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":153,"id":"b1fc9314_3d760b22","updated":"2022-05-28 17:31:48.000000000","message":"What we need is to rewire haproxy so that it uses a volume dedicated to containing the letsencrypt key(s) and certificate(s). If letsencrypt is used (true), then the haproxy container should start with this volume and copy the fallback key and cert from /etc if the volume is empty. This way we ensure that we always have the fallback code, do not overwrite the new key and can update it independently.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"8166a636851b36aaa2190a37f9359b70b9c5193c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":153,"id":"e0f576e4_4c6153e7","updated":"2022-05-18 11:37:20.000000000","message":"comment holds; I fixed the patch not to rely on removed functionality (\"check\" action)","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":153,"id":"5d250ad4_5a001936","in_reply_to":"b1fc9314_3d760b22","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e6d756074fc17a728d5447f47e488df978911d67","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":155,"id":"7aa7b64a_dedb87cb","updated":"2022-06-01 14:52:43.000000000","message":"recheck","commit_id":"e1ed39c3f7d193a765c3f02307ce31fc3a43ca5b"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"127ae99baa9d27823965bdb605f863728426bdfc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":157,"id":"b4677717_443488ee","updated":"2022-06-01 18:53:23.000000000","message":"I fixed image refs to follow the new scheme","commit_id":"f3fbb769c57800c1f16cd45b4d6081a3427e1130"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":158,"id":"1d91dc33_ab73bc0f","updated":"2022-06-08 16:11:12.000000000","message":"Still seems to be lacking quite a few things discussed previously.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"db3c31dbf631766f973f1b8fa541a298e3277d58","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":160,"id":"91bd6e3c_0f2d4eaf","updated":"2022-07-29 08:56:34.000000000","message":"Not a full review, but this is looking better AFAICT.","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"ebcc55af7c45e5c292412e394bc0e64b95bdad25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":165,"id":"41a76367_4549690c","updated":"2022-09-07 08:02:56.000000000","message":"Thanks for answers.","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"95514b27db393a76799bd69e38949b5615b836df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":170,"id":"024019b5_4cbedcb0","updated":"2023-01-23 23:06:31.000000000","message":"Someone said this would be a good thing to land once zed is cut? Is that anytime soon? ","commit_id":"873b86ddc7fad3a6b1dfe7b6aef2519f1f2b8ed6"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1b20bf2a68961c7b4b212aec9a742015e4143305","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":178,"id":"31186f5c_ec59243f","updated":"2023-06-29 06:36:19.000000000","message":"recheck rocky letsencryot","commit_id":"279ec25387a3b83eda47389e8f0ff2ef4f2e5938"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f44a8a952b945c36905074b5ee46e36be8334901","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":196,"id":"10dcba11_61da40fd","updated":"2023-07-14 00:30:33.000000000","message":"recheck new dependency","commit_id":"2387716b86f14d937c79cda71e6335d4dbbe27e2"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"354929248f767c4a065aab59335630d2a3c8026c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":209,"id":"9ef3e30a_03e847cf","updated":"2023-07-16 17:06:50.000000000","message":"recheck new images","commit_id":"4e7873dc5362e6fe6797f801927682d8e60762b1"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"58dce23110daa2470b236a6e7f8b3efc9b87548e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":222,"id":"03d1b554_69bb0f97","updated":"2023-08-04 14:10:33.000000000","message":"I also agree with most of Maksims comments, good findings!","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"87c5b0b39c34a98a5a45e565a80b4d32087eb0da","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":222,"id":"d0f34e8b_79a8c3e7","updated":"2023-08-09 11:26:30.000000000","message":"address other comments","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e034ab271ec2d6e95ec5324118f1973c07520401","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":222,"id":"8467041b_c1736179","updated":"2023-07-27 06:18:55.000000000","message":"recheck non-related nova build failed","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"3d6f4c822facd8317f2ad330200a6bc062ef35d7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":227,"id":"5950ac0b_f8d2101c","updated":"2023-08-16 08:00:24.000000000","message":"I don\u0027t see /var/log/kolla/letsencrypt/letsencrypt-lego.log being picked up by fluentd","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4cec99195b3540bce00c2daca0c08bc709e67be6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":227,"id":"ec428a8b_745e87ed","updated":"2023-08-30 12:38:51.000000000","message":"agree with maksims and Michals comments, those should be fixed first, good findings!","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"61643f80dce87d1ae2a7e6a7e3edad2e5338674f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":227,"id":"73dceb48_1da7e902","updated":"2023-09-17 15:30:33.000000000","message":"did anyone","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bfd24bd3872d2cbfb1bb45b8788ec9faca882d14","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":227,"id":"4c3029dc_6f849f98","updated":"2023-09-17 15:31:07.000000000","message":"recheck new letsencrypt images","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ac9f8fcd907576429a6c1c66ad944c9883437c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":227,"id":"7ff95438_8b27f1e3","in_reply_to":"5950ac0b_f8d2101c","updated":"2023-11-01 20:16:20.000000000","message":"Done in followup.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5e1a7ceac0015a0af5a8544d2336c19c91e9b49a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":228,"id":"5d493dd6_467d5eee","updated":"2023-09-22 08:24:57.000000000","message":"LGTM besides some docs nitpics :) almost there!","commit_id":"dcc6ea93de76aaeb68ca3aee4b17f258b0ac8317"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d5395935d1bd0a9c93cf27a49849cfe878a6e291","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":230,"id":"e7a80a97_547e0063","updated":"2023-10-23 15:35:24.000000000","message":"the rest of the comments should be addressed, there is still some minor polish missing.\n\notherwise LGTM","commit_id":"e3931adfb096b1fa6c9ab492d5dc73cf570a8fb4"},{"author":{"_account_id":23084,"name":"Bartosz Bezak","email":"bartosz@stackhpc.com","username":"b.bezak"},"change_message_id":"d40773a3dc9e3eaa344cfe42ba083a070fe14357","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":231,"id":"e197b292_af7609f0","updated":"2023-10-27 08:05:40.000000000","message":"recheck - fresh CI run","commit_id":"380b0335ec0cd9519189c1908430e0ae12250f8c"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"fece1c1b6faab0563f098982ee0e8141e5d69900","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":232,"id":"9591afe3_27c6c66f","updated":"2023-10-30 14:38:13.000000000","message":"need to verify","commit_id":"6bc828413022b5fb5453df2b8a83104ee7e6f329"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"91641f218e4a4cc26f410273c3c766b576afc652","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":232,"id":"92447bbf_ca7d68ba","updated":"2023-11-01 19:28:22.000000000","message":"recheck images merged","commit_id":"6bc828413022b5fb5453df2b8a83104ee7e6f329"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"d946172c2abfb491ea312ed15c72b38e49d778f1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":248,"id":"e0c00994_0295fb07","updated":"2023-11-06 12:51:04.000000000","message":"recheck (letsencrypt images repo marked as public now)","commit_id":"b5b9422428ea2928e9b25385687e261c0c1fa0c3"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"821a56c9c92bcba05e339bcdf5b2a5643eb15b0c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":249,"id":"ac57ca68_71b391ff","updated":"2023-11-07 10:04:10.000000000","message":"Can we merge this finally ? All comments are resolved. What we are waiting for ?","commit_id":"5581a282539b406977dcc6d1577ac2a51d46e4cf"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"f021db46892ae5ded391c4382378b7dfa2511076","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":249,"id":"50418c03_fabf0bf0","updated":"2023-11-07 10:15:00.000000000","message":"now it can be merged","commit_id":"5581a282539b406977dcc6d1577ac2a51d46e4cf"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":576,"context_line":"# with things that the clients are not aware of is generally wrong"},{"line_number":577,"context_line":"enable_haproxy_memcached: \"no\""},{"line_number":578,"context_line":""},{"line_number":579,"context_line":"enable_letsencrypt: no"},{"line_number":580,"context_line":""},{"line_number":581,"context_line":"# Additional optional OpenStack features and services are specified here"},{"line_number":582,"context_line":"enable_aodh: \"no\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"f5d1d85b_2ded59b1","line":579,"updated":"2021-01-27 17:22:00.000000000","message":"Can you move it into the list below?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":576,"context_line":"# with things that the clients are not aware of is generally wrong"},{"line_number":577,"context_line":"enable_haproxy_memcached: \"no\""},{"line_number":578,"context_line":""},{"line_number":579,"context_line":"enable_letsencrypt: no"},{"line_number":580,"context_line":""},{"line_number":581,"context_line":"# Additional optional OpenStack features and services are specified here"},{"line_number":582,"context_line":"enable_aodh: \"no\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"9e8b3cf2_78f7d630","line":579,"in_reply_to":"f5d1d85b_2ded59b1","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":809,"context_line":"#####################"},{"line_number":810,"context_line":"# ACME client options"},{"line_number":811,"context_line":"#####################"},{"line_number":812,"context_line":"acme_client_servers: [\"{% if enable_letsencrypt | bool %}server {{ kolla_external_fqdn }} {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}{% endif %}\"]"},{"line_number":813,"context_line":""},{"line_number":814,"context_line":"####################"},{"line_number":815,"context_line":"# LetsEncrypt options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"45a395c1_1871e141","line":812,"updated":"2021-02-15 15:27:10.000000000","message":"If letsencrypt is disabled this will be a list of one empty string. Something like this:\n\nacme_client_servers: \"{{ [\u0027server \u0027 ~ kolla_external_fqdn ~ \u0027 \u0027 ~ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) ~ \u0027:\u0027 ~ letsencrypt_acme_port if enable_letsencrypt | bool else [] }}\"","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":809,"context_line":"#####################"},{"line_number":810,"context_line":"# ACME client options"},{"line_number":811,"context_line":"#####################"},{"line_number":812,"context_line":"acme_client_servers: [\"{% if enable_letsencrypt | bool %}server {{ kolla_external_fqdn }} {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}{% endif %}\"]"},{"line_number":813,"context_line":""},{"line_number":814,"context_line":"####################"},{"line_number":815,"context_line":"# LetsEncrypt options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"782babfa_6729c614","line":812,"in_reply_to":"45a395c1_1871e141","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"8ed60e1a66d6a1a4344304bf15f63b9b875a711c","unresolved":true,"context_lines":[{"line_number":826,"context_line":"####################"},{"line_number":827,"context_line":"# LetsEncrypt options"},{"line_number":828,"context_line":"####################"},{"line_number":829,"context_line":"letsencrypt_email: \"\""},{"line_number":830,"context_line":""},{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"a62e127f_97402d3c","line":829,"range":{"start_line":829,"start_character":0,"end_line":829,"end_character":17},"updated":"2021-04-20 15:33:08.000000000","message":"move to the role and mention in globals.yml","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":826,"context_line":"####################"},{"line_number":827,"context_line":"# LetsEncrypt options"},{"line_number":828,"context_line":"####################"},{"line_number":829,"context_line":"letsencrypt_email: \"\""},{"line_number":830,"context_line":""},{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"c6f01ac6_5a196988","line":829,"range":{"start_line":829,"start_character":0,"end_line":829,"end_character":17},"in_reply_to":"a62e127f_97402d3c","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"8ed60e1a66d6a1a4344304bf15f63b9b875a711c","unresolved":true,"context_lines":[{"line_number":827,"context_line":"# LetsEncrypt options"},{"line_number":828,"context_line":"####################"},{"line_number":829,"context_line":"letsencrypt_email: \"\""},{"line_number":830,"context_line":""},{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":114,"id":"5ab5697a_4953e1e3","line":833,"range":{"start_line":830,"start_character":0,"end_line":833,"end_character":20},"updated":"2021-04-20 15:33:08.000000000","message":"drop","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":827,"context_line":"# LetsEncrypt options"},{"line_number":828,"context_line":"####################"},{"line_number":829,"context_line":"letsencrypt_email: \"\""},{"line_number":830,"context_line":""},{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":114,"id":"616b91f6_d09f393a","line":833,"range":{"start_line":830,"start_character":0,"end_line":833,"end_character":20},"in_reply_to":"5ab5697a_4953e1e3","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"8ed60e1a66d6a1a4344304bf15f63b9b875a711c","unresolved":true,"context_lines":[{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""},{"line_number":837,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"371868e1_78587f02","line":834,"range":{"start_line":834,"start_character":0,"end_line":834,"end_character":29},"updated":"2021-04-20 15:33:08.000000000","message":"drop \"pebble\" and move to the role","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":831,"context_line":"####################"},{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""},{"line_number":837,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"885eaae1_30103b07","line":834,"range":{"start_line":834,"start_character":0,"end_line":834,"end_character":29},"in_reply_to":"371868e1_78587f02","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"8ed60e1a66d6a1a4344304bf15f63b9b875a711c","unresolved":true,"context_lines":[{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""},{"line_number":837,"context_line":"####################"},{"line_number":838,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"77b9852f_fab14da3","line":835,"range":{"start_line":835,"start_character":0,"end_line":835,"end_character":34},"updated":"2021-04-20 15:33:08.000000000","message":"drop","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":832,"context_line":"# Pebble LetsEncrypt options"},{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":835,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":836,"context_line":""},{"line_number":837,"context_line":"####################"},{"line_number":838,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":114,"id":"35bc56f7_0e770974","line":835,"range":{"start_line":835,"start_character":0,"end_line":835,"end_character":34},"in_reply_to":"77b9852f_fab14da3","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"d6ddcc9b9a392b98a3a0aa9fcba03acabd1e991b"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_email: \"\""},{"line_number":835,"context_line":""},{"line_number":836,"context_line":"####################"},{"line_number":837,"context_line":"# Pebble LetsEncrypt options"},{"line_number":838,"context_line":"####################"},{"line_number":839,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":840,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":841,"context_line":""},{"line_number":842,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"c7fca6a9_c6b57c99","line":839,"range":{"start_line":836,"start_character":0,"end_line":839,"end_character":29},"updated":"2021-07-29 09:39:51.000000000","message":"I think Radek and I have requested to drop the word pebble - this could in theory be any LE server?","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":833,"context_line":"####################"},{"line_number":834,"context_line":"letsencrypt_email: \"\""},{"line_number":835,"context_line":""},{"line_number":836,"context_line":"####################"},{"line_number":837,"context_line":"# Pebble LetsEncrypt options"},{"line_number":838,"context_line":"####################"},{"line_number":839,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":840,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":841,"context_line":""},{"line_number":842,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"27f3fb0c_c033e57a","line":839,"range":{"start_line":836,"start_character":0,"end_line":839,"end_character":29},"in_reply_to":"c7fca6a9_c6b57c99","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":837,"context_line":"# Pebble LetsEncrypt options"},{"line_number":838,"context_line":"####################"},{"line_number":839,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":840,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":841,"context_line":""},{"line_number":842,"context_line":"####################"},{"line_number":843,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"a81f81d3_8a33ba54","line":840,"range":{"start_line":840,"start_character":0,"end_line":840,"end_character":34},"updated":"2021-07-29 09:39:51.000000000","message":"Not used","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":837,"context_line":"# Pebble LetsEncrypt options"},{"line_number":838,"context_line":"####################"},{"line_number":839,"context_line":"letsencrypt_pebble_server: \"\""},{"line_number":840,"context_line":"letsencrypt_pebble_domain_name: \"\""},{"line_number":841,"context_line":""},{"line_number":842,"context_line":"####################"},{"line_number":843,"context_line":"# Kibana options"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"bbaa527e_17d2dd5c","line":840,"range":{"start_line":840,"start_character":0,"end_line":840,"end_character":34},"in_reply_to":"a81f81d3_8a33ba54","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"0564790f_4e6e0da2","line":970,"updated":"2023-07-28 11:16:21.000000000","message":"[{% if enable_letsencrypt | bool %}{{ acme_client_lego }}{% endif %}]","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"58dce23110daa2470b236a6e7f8b3efc9b87548e","unresolved":true,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"26d635fe_4e420aae","line":970,"range":{"start_line":970,"start_character":0,"end_line":970,"end_character":19},"updated":"2023-08-04 14:10:33.000000000","message":"what is a \"client server\"? ;)","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"02bed2594651eecb5f7f970169621c1c600c5b82","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"2c61c269_fc170f70","line":970,"in_reply_to":"0564790f_4e6e0da2","updated":"2023-08-09 09:07:22.000000000","message":"Your approach not working....\n\n\n    ---\n    - name: Test var\n      hosts: localhost\n      connection: local\n\n      vars:\n        enable_letsencrypt: \"yes\"\n        acme_client_lego: \"server lego 192.168.1.1:1111\"\n        acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\"\n        acme_client_servers_maksim: \"[{% if enable_letsencrypt | bool %}{{ acme_client_lego }}{% endif %}]\"\n\n      tasks:\n        - name: Current approach\n          debug:\n            var: acme_client_servers\n\n        - name: Maksim suggested approach\n          debug:\n            var: acme_client_servers_maksim\n            \n            \n\u003e\u003e\u003e\u003e\n\n\n    PLAY [Test var] ***************************************************************************************************************************************************************************************************\n\n    TASK [Gathering Facts] ********************************************************************************************************************************************************************************************\n    ok: [localhost]\n     \n    TASK [Current approach] *******************************************************************************************************************************************************************************************\n    ok: [localhost] \u003d\u003e {\n        \"acme_client_servers\": [\n            \"server lego 192.168.1.1:1111\"\n        ]\n    }\n    \n    TASK [Maksim suggested approach] **********************************************************************************************************************************************************************************\n    ok: [localhost] \u003d\u003e {\n        \"acme_client_servers_maksim\": \"[server lego 192.168.1.1:1111]\"\n    }\n\n    PLAY RECAP ********************************************************************************************************************************************************************************************************\n    localhost                  : ok\u003d3    changed\u003d0    unreachable\u003d0    failed\u003d0    skipped\u003d0    rescued\u003d0    ignored\u003d0\n\n\n\n\n\n    ---\n    - name: Test var\n      hosts: localhost\n      connection: local\n\n      vars:\n        enable_letsencrypt: \"yes\"\n        acme_client_lego: \"server lego 192.168.1.1:1111\"\n        acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\"\n        acme_client_servers_maksim: [{% if enable_letsencrypt | bool %}{{ acme_client_lego }}{% endif %}]\n\n      tasks:\n        - name: Current approach\n          debug:\n            var: acme_client_servers\n\n        - name: Maksim suggested approach\n          debug:\n            var: acme_client_servers_maksim\n\n\n\u003e\u003e\u003e\u003e\u003e\n\n    ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:\n    JSON: Expecting value: line 1 column 1 (char 0)\n\n    Syntax Error while loading YAML.\n      found character that cannot start any token\n\n    The error appears to be in \u0027/tmp/test.yml\u0027: line 10, column 35, but may\n    be elsewhere in the file depending on the exact syntax problem.\n\n    The offending line appears to be:\n\n        acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\"\n        acme_client_servers_maksim: [{% if enable_letsencrypt | bool %}{{ acme_client_lego }}{% endif %}]\n                                      ^ here\n    We could be wrong, but this one looks like it might be an issue with\n    missing quotes. Always quote template expression brackets when they\n    start a value. For instance:\n\n        with_items:\n          - {{ foo }}\n\n    Should be written as:\n\n        with_items:\n          - \"{{ foo }}\"\n\n\n\n\nMarking as resolved, currently used approach is used on several places in kolla-ansible code.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"09ccf5b7334772511ab35061bce8144e06467f8c","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"a4182487_200111d4","line":970,"in_reply_to":"0e89af0b_0f849630","updated":"2023-08-09 09:58:22.000000000","message":"check the result also with quotes ...","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f7327e9ee8429d7e19875c5a623d9119feb4ad93","unresolved":true,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"d64fe455_0dbd1789","line":970,"range":{"start_line":970,"start_character":0,"end_line":970,"end_character":19},"in_reply_to":"26d635fe_4e420aae","updated":"2023-08-04 14:56:22.000000000","message":"well, it is a server which act as a client towards acme letsencypt server...","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"7276c02f323c66f162c4f186fb06bd4ef607d0f3","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"0e89af0b_0f849630","line":970,"in_reply_to":"2c61c269_fc170f70","updated":"2023-08-09 09:44:17.000000000","message":"there need quotes","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"350d3f4f81023ab9f8d40d59259452260e508da1","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"a42d0093_b049270e","line":970,"in_reply_to":"a4182487_200111d4","updated":"2023-08-09 10:36:17.000000000","message":"ok\ntry:\n\"{% if enable_letsencrypt | bool %}{{ acme_client_lego | list }}{% else %}[]{% endif %}\"","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"fcb08678faef093b60784a52f4407f14ca7395a9","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"f81e9040_3fe099d7","line":970,"in_reply_to":"a42d0093_b049270e","updated":"2023-08-09 11:01:14.000000000","message":"no, not working , i thought that you tried what are u reviewing :) \n\n    ---\n    - name: Test var\n      hosts: localhost\n      connection: local\n    \n      vars:\n        enable_letsencrypt: \"yes\"\n        acme_client_lego: \"server lego 192.168.1.1:1111\"\n        acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\"\n        acme_client_servers_maksim: \"{% if enable_letsencrypt | bool %}{{ acme_client_lego | list }}{% else %}[]{% endif %}\"\n    \n      tasks:\n        - name: Current approach\n          debug:\n            var: acme_client_servers\n    \n        - name: Maksim suggested approach\n          debug:\n            var: acme_client_servers_maksim\n\n\n    [WARNING]: No inventory was parsed, only implicit localhost is available\n    [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match \u0027all\u0027\n\n    PLAY [Test var] ***************************************************************************************************************************************************************************************************\n     \n    TASK [Gathering Facts] ********************************************************************************************************************************************************************************************\n    ok: [localhost]\n    \n    TASK [Current approach] *******************************************************************************************************************************************************************************************    \n    ok: [localhost] \u003d\u003e {\n        \"acme_client_servers\": [\n            \"server lego 192.168.1.1:1111\"\n        ]\n    }\n    \n    TASK [Maksim suggested approach] **********************************************************************************************************************************************************************************    \n    ok: [localhost] \u003d\u003e {\n        \"acme_client_servers_maksim\": [\n            \"s\",\n            \"e\",\n            \"r\",\n            \"v\",\n            \"e\",\n            \"r\",\n            \" \",\n            \"l\",\n            \"e\",\n            \"g\",\n            \"o\",\n            \" \",\n            \"1\",\n            \"9\",\n            \"2\",\n            \".\",\n            \"1\",\n            \"6\",\n            \"8\",\n            \".\",\n            \"1\",\n            \".\",\n            \"1\",\n            \":\",\n            \"1\",\n            \"1\",\n            \"1\",\n            \"1\"\n        ]\n    }","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6b5e836e08e2feb8e460d0ead3a6f82372864e05","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"2a33cc57_6f24781a","line":970,"range":{"start_line":970,"start_character":0,"end_line":970,"end_character":19},"in_reply_to":"d64fe455_0dbd1789","updated":"2023-08-07 08:52:32.000000000","message":"I also can\u0027t come up with a better name right now, marking as resolved.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"16404ae938c8ae3931c3cf33e5c012d80b60f25b","unresolved":false,"context_lines":[{"line_number":967,"context_line":"# ACME client options"},{"line_number":968,"context_line":"#####################"},{"line_number":969,"context_line":"acme_client_lego: \"server lego {{ api_interface_address }}:{{ letsencrypt_webserver_port }}\""},{"line_number":970,"context_line":"acme_client_servers: \"{% set arr \u003d [] %}{% if enable_letsencrypt | bool %}{{ arr.append(acme_client_lego) }}{% endif %}{{ arr }}\""},{"line_number":971,"context_line":""},{"line_number":972,"context_line":"####################"},{"line_number":973,"context_line":"# Keystone options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"e2ee52a6_da0719dd","line":970,"in_reply_to":"f81e9040_3fe099d7","updated":"2023-08-09 11:26:07.000000000","message":"lol) actually right now not tested your code. so, let\u0027s postpone this comment.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5e1a7ceac0015a0af5a8544d2336c19c91e9b49a","unresolved":false,"context_lines":[{"line_number":369,"context_line":""},{"line_number":370,"context_line":"haproxy_stats_port: \"1984\""},{"line_number":371,"context_line":"haproxy_monitor_port: \"61313\""},{"line_number":372,"context_line":"haproxy_ssh_port: \"2985\""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"heat_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":375,"context_line":"heat_external_fqdn: \"{{ kolla_external_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":228,"id":"44ea7ec4_7421054f","line":372,"range":{"start_line":372,"start_character":19,"end_line":372,"end_character":23},"updated":"2023-09-22 08:24:57.000000000","message":"was this port chosen arbitrary or is there some kind of precedence for this number?\nI\u0027m just curious.","commit_id":"dcc6ea93de76aaeb68ca3aee4b17f258b0ac8317"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"881df70d275a9cee255de3fcca12a8de38845708","unresolved":false,"context_lines":[{"line_number":369,"context_line":""},{"line_number":370,"context_line":"haproxy_stats_port: \"1984\""},{"line_number":371,"context_line":"haproxy_monitor_port: \"61313\""},{"line_number":372,"context_line":"haproxy_ssh_port: \"2985\""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"heat_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":375,"context_line":"heat_external_fqdn: \"{{ kolla_external_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":228,"id":"d5fb8618_7856a56f","line":372,"range":{"start_line":372,"start_character":19,"end_line":372,"end_character":23},"in_reply_to":"44ea7ec4_7421054f","updated":"2023-09-22 10:09:01.000000000","message":"It\u0027s question for Jason Anderson, I\u0027ve just adopted this patchset.","commit_id":"dcc6ea93de76aaeb68ca3aee4b17f258b0ac8317"}],"ansible/inventory/all-in-one":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"5faf73c9acd0ce32c71ca97c66ed5b6b9375b9b2","unresolved":true,"context_lines":[{"line_number":787,"context_line":"[letsencrypt:children]"},{"line_number":788,"context_line":"haproxy"},{"line_number":789,"context_line":""},{"line_number":790,"context_line":"[letsencrypt:children]"},{"line_number":791,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":11,"id":"2700ca26_d8514836","line":790,"updated":"2021-01-27 09:09:18.000000000","message":"Looks like duplicate bug group of letsencrypt has children haproxy and itself ?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":787,"context_line":"[letsencrypt:children]"},{"line_number":788,"context_line":"haproxy"},{"line_number":789,"context_line":""},{"line_number":790,"context_line":"[letsencrypt:children]"},{"line_number":791,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":11,"id":"bef387c0_3a5c4b2e","line":790,"in_reply_to":"2700ca26_d8514836","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":733,"context_line":"[ovn-sb-db:children]"},{"line_number":734,"context_line":"ovn-database"},{"line_number":735,"context_line":""},{"line_number":736,"context_line":"[letsencrypt:children]"},{"line_number":737,"context_line":"loadbalancer"},{"line_number":738,"context_line":""},{"line_number":739,"context_line":"[letsencrypt-acme:children]"},{"line_number":740,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":131,"id":"0d03af9c_9c575b3c","line":737,"range":{"start_line":736,"start_character":0,"end_line":737,"end_character":12},"updated":"2022-02-15 11:25:43.000000000","message":"This entry should move to L218.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":733,"context_line":"[ovn-sb-db:children]"},{"line_number":734,"context_line":"ovn-database"},{"line_number":735,"context_line":""},{"line_number":736,"context_line":"[letsencrypt:children]"},{"line_number":737,"context_line":"loadbalancer"},{"line_number":738,"context_line":""},{"line_number":739,"context_line":"[letsencrypt-acme:children]"},{"line_number":740,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":131,"id":"873f0d50_0ef943ab","line":737,"range":{"start_line":736,"start_character":0,"end_line":737,"end_character":12},"in_reply_to":"0d03af9c_9c575b3c","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"ansible/inventory/multinode":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"5faf73c9acd0ce32c71ca97c66ed5b6b9375b9b2","unresolved":true,"context_lines":[{"line_number":805,"context_line":"[letsencrypt:children]"},{"line_number":806,"context_line":"haproxy"},{"line_number":807,"context_line":""},{"line_number":808,"context_line":"[letsencrypt:children]"},{"line_number":809,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":11,"id":"7a232e3a_1c09f021","line":808,"updated":"2021-01-27 09:09:18.000000000","message":"same here","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":805,"context_line":"[letsencrypt:children]"},{"line_number":806,"context_line":"haproxy"},{"line_number":807,"context_line":""},{"line_number":808,"context_line":"[letsencrypt:children]"},{"line_number":809,"context_line":"letsencrypt"}],"source_content_type":"application/octet-stream","patch_set":11,"id":"b82d34e0_e86a9f48","line":808,"in_reply_to":"7a232e3a_1c09f021","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":751,"context_line":"[ovn-sb-db:children]"},{"line_number":752,"context_line":"ovn-database"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"[letsencrypt:children]"},{"line_number":755,"context_line":"loadbalancer"},{"line_number":756,"context_line":""},{"line_number":757,"context_line":"[letsencrypt-acme:children]"},{"line_number":758,"context_line":"letsencrypt"},{"line_number":759,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":131,"id":"52a1a412_7f5a02b9","line":756,"range":{"start_line":754,"start_character":0,"end_line":756,"end_character":0},"updated":"2022-02-15 11:25:43.000000000","message":"Ditto","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":751,"context_line":"[ovn-sb-db:children]"},{"line_number":752,"context_line":"ovn-database"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"[letsencrypt:children]"},{"line_number":755,"context_line":"loadbalancer"},{"line_number":756,"context_line":""},{"line_number":757,"context_line":"[letsencrypt-acme:children]"},{"line_number":758,"context_line":"letsencrypt"},{"line_number":759,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":131,"id":"2663e6a2_c2d744e0","line":756,"range":{"start_line":754,"start_character":0,"end_line":756,"end_character":0},"in_reply_to":"52a1a412_7f5a02b9","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"ansible/roles/baremetal/tasks/pre-install.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":34,"context_line":"        {{ \u0027api\u0027 | kolla_address(host) }} {{ hostnames | unique | join(\u0027 \u0027) }}"},{"line_number":35,"context_line":"        {% endif %}"},{"line_number":36,"context_line":"        {% endfor %}"},{"line_number":37,"context_line":"        {% if letsencrypt_pebble_domain_name | length \u003e 0 %}"},{"line_number":38,"context_line":"        {{ kolla_internal_vip_address }} {{ letsencrypt_pebble_domain_name }}"},{"line_number":39,"context_line":"        {% endif %}"},{"line_number":40,"context_line":"  become: True"},{"line_number":41,"context_line":"  when:"},{"line_number":42,"context_line":"    - customize_etc_hosts | bool"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"fed8dddd_35c8aaad","line":39,"range":{"start_line":37,"start_character":0,"end_line":39,"end_character":19},"updated":"2021-04-06 13:08:28.000000000","message":"Should be part of test scripts.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":34,"context_line":"        {{ \u0027api\u0027 | kolla_address(host) }} {{ hostnames | unique | join(\u0027 \u0027) }}"},{"line_number":35,"context_line":"        {% endif %}"},{"line_number":36,"context_line":"        {% endfor %}"},{"line_number":37,"context_line":"        {% if letsencrypt_pebble_domain_name | length \u003e 0 %}"},{"line_number":38,"context_line":"        {{ kolla_internal_vip_address }} {{ letsencrypt_pebble_domain_name }}"},{"line_number":39,"context_line":"        {% endif %}"},{"line_number":40,"context_line":"  become: True"},{"line_number":41,"context_line":"  when:"},{"line_number":42,"context_line":"    - customize_etc_hosts | bool"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"3c4b1e1c_ca4d36bf","line":39,"range":{"start_line":37,"start_character":0,"end_line":39,"end_character":19},"in_reply_to":"fed8dddd_35c8aaad","updated":"2021-04-08 03:36:53.000000000","message":"moved","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"ansible/roles/certificates/tasks/generate.yml":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":67,"context_line":"        dest: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":68,"context_line":"        mode: \"0660\""},{"line_number":69,"context_line":"  when:"},{"line_number":70,"context_line":"    - kolla_enable_tls_external | bool and not enable_letsencrypt | bool"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"- block:"},{"line_number":73,"context_line":"    - name: Copy the external PEM file to be the internal when internal + external are same network"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"e0027c5f_8707d2bd","line":70,"updated":"2023-07-28 11:16:21.000000000","message":"\\- not enable_letsencrypt | bool\n\\- kolla_enable_tls_external | bool","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":67,"context_line":"        dest: \"{{ kolla_external_fqdn_cert }}\""},{"line_number":68,"context_line":"        mode: \"0660\""},{"line_number":69,"context_line":"  when:"},{"line_number":70,"context_line":"    - kolla_enable_tls_external | bool and not enable_letsencrypt | bool"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"- block:"},{"line_number":73,"context_line":"    - name: Copy the external PEM file to be the internal when internal + external are same network"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"360ad54a_8dd3a9d8","line":70,"in_reply_to":"e0027c5f_8707d2bd","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":138,"context_line":"        dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":139,"context_line":"        mode: \"0660\""},{"line_number":140,"context_line":"  when:"},{"line_number":141,"context_line":"    - kolla_enable_tls_internal | bool and not enable_letsencrypt | bool"},{"line_number":142,"context_line":"    - not kolla_same_external_internal_vip | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"44c07fbe_00371824","line":141,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":138,"context_line":"        dest: \"{{ kolla_internal_fqdn_cert }}\""},{"line_number":139,"context_line":"        mode: \"0660\""},{"line_number":140,"context_line":"  when:"},{"line_number":141,"context_line":"    - kolla_enable_tls_internal | bool and not enable_letsencrypt | bool"},{"line_number":142,"context_line":"    - not kolla_same_external_internal_vip | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"0a3224ba_e12369cd","line":141,"in_reply_to":"44c07fbe_00371824","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"ansible/roles/haproxy/defaults/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":54,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":55,"context_line":"  - \"{{ \u0027/etc/timezone:/etc/timezone:ro\u0027 if ansible_os_family \u003d\u003d \u0027Debian\u0027 else \u0027\u0027 }}\""},{"line_number":56,"context_line":"  - \"{% if enable_letsencrypt | bool %}letsencrypt_priv_certs:/etc/letsencrypt/live/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":57,"context_line":"  - \"{% if enable_letsencrypt and not kolla_same_external_internal_vip | bool %}letsencrypt_pub_certs:/etc/letsencrypt/live/{{ kolla_external_fqdn }}{% endif %}\""},{"line_number":58,"context_line":"  - \"haproxy_socket:/var/lib/kolla/haproxy/\""},{"line_number":59,"context_line":"keepalived_default_volumes:"},{"line_number":60,"context_line":"  - \"{{ node_config_directory }}/keepalived/:{{ container_config_directory }}/:ro\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ee44af45_2ca95ca7","line":57,"updated":"2021-01-27 17:22:00.000000000","message":"Had some discussion about whether internal certificates make sense with letsencrypt. It\u0027s unclear how useful it will be to support them, since the API must be publicly accessible. It\u0027s probably not worth removing at this stage however.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":54,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":55,"context_line":"  - \"{{ \u0027/etc/timezone:/etc/timezone:ro\u0027 if ansible_os_family \u003d\u003d \u0027Debian\u0027 else \u0027\u0027 }}\""},{"line_number":56,"context_line":"  - \"{% if enable_letsencrypt | bool %}letsencrypt_priv_certs:/etc/letsencrypt/live/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":57,"context_line":"  - \"{% if enable_letsencrypt and not kolla_same_external_internal_vip | bool %}letsencrypt_pub_certs:/etc/letsencrypt/live/{{ kolla_external_fqdn }}{% endif %}\""},{"line_number":58,"context_line":"  - \"haproxy_socket:/var/lib/kolla/haproxy/\""},{"line_number":59,"context_line":"keepalived_default_volumes:"},{"line_number":60,"context_line":"  - \"{{ node_config_directory }}/keepalived/:{{ container_config_directory }}/:ro\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"b11bf5b1_9aa55eef","line":57,"in_reply_to":"ee44af45_2ca95ca7","updated":"2021-02-12 22:04:19.000000000","message":"Ack","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/haproxy/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":156,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0770\" }"},{"line_number":157,"context_line":"  when:"},{"line_number":158,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":159,"context_line":"    - service.enabled | bool"},{"line_number":160,"context_line":"  notify:"},{"line_number":161,"context_line":"    - Restart haproxy container"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"4554f81f_39e0fb9d","line":159,"updated":"2021-01-27 17:22:00.000000000","message":"also:\n- enable_letsencrypt | bool?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0770\" }"},{"line_number":157,"context_line":"  when:"},{"line_number":158,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":159,"context_line":"    - service.enabled | bool"},{"line_number":160,"context_line":"  notify:"},{"line_number":161,"context_line":"    - Restart haproxy container"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"c0fc24e9_e6d2c058","line":159,"in_reply_to":"4554f81f_39e0fb9d","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/haproxy/templates/crontab.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"44ba28d04ac853f5d3f8d46d1869608348ae00cd","unresolved":true,"context_lines":[{"line_number":1,"context_line":"* * * * * /usr/bin/check-for-new-certificates.sh \u003e\u003e /var/log/kolla/cron.log 2\u003e\u00261"},{"line_number":2,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":15,"id":"d3a25ae3_d6ac5c74","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":48},"updated":"2021-02-24 15:30:30.000000000","message":"Do we really need to run it that often?","commit_id":"70388a68f1967ebadaf52378122ef89e23639733"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"5a14571d6c91894ea4a293ce68262feadc272036","unresolved":false,"context_lines":[{"line_number":1,"context_line":"* * * * * /usr/bin/check-for-new-certificates.sh \u003e\u003e /var/log/kolla/cron.log 2\u003e\u00261"},{"line_number":2,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":15,"id":"6048f8d1_b994089c","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":48},"in_reply_to":"d3a25ae3_d6ac5c74","updated":"2021-02-25 22:09:34.000000000","message":"I believe so - it small hit and don\u0027t want to miss when certs are rsynced in.","commit_id":"70388a68f1967ebadaf52378122ef89e23639733"}],"ansible/roles/haproxy/templates/haproxy.json.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":24,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":25,"context_line":"            \"dest\": \"/etc/haproxy/haproxy.pem\","},{"line_number":26,"context_line":"            \"owner\": \"root\","},{"line_number":27,"context_line":"            \"perm\": \"0700\","},{"line_number":28,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":29,"context_line":"        },"},{"line_number":30,"context_line":"        {"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"64f4dc0b_98edf77f","line":27,"range":{"start_line":27,"start_character":21,"end_line":27,"end_character":25},"updated":"2021-01-27 17:22:00.000000000","message":"0700?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":24,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":25,"context_line":"            \"dest\": \"/etc/haproxy/haproxy.pem\","},{"line_number":26,"context_line":"            \"owner\": \"root\","},{"line_number":27,"context_line":"            \"perm\": \"0700\","},{"line_number":28,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":29,"context_line":"        },"},{"line_number":30,"context_line":"        {"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"fbad41ff_85f331fa","line":27,"range":{"start_line":27,"start_character":21,"end_line":27,"end_character":25},"in_reply_to":"64f4dc0b_98edf77f","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":38,"context_line":"            \"source\": \"{{ container_config_directory }}/check-for-new-certificates.sh\","},{"line_number":39,"context_line":"            \"dest\": \"/usr/bin/check-for-new-certificates.sh\","},{"line_number":40,"context_line":"            \"owner\": \"root\","},{"line_number":41,"context_line":"            \"perm\": \"0770\""},{"line_number":42,"context_line":"        },"},{"line_number":43,"context_line":"        {"},{"line_number":44,"context_line":"            \"source\": \"{{ container_config_directory }}/crontab\","}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"4210f9d8_dc51d8c9","line":41,"range":{"start_line":41,"start_character":21,"end_line":41,"end_character":25},"updated":"2021-01-27 17:22:00.000000000","message":"0700?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":38,"context_line":"            \"source\": \"{{ container_config_directory }}/check-for-new-certificates.sh\","},{"line_number":39,"context_line":"            \"dest\": \"/usr/bin/check-for-new-certificates.sh\","},{"line_number":40,"context_line":"            \"owner\": \"root\","},{"line_number":41,"context_line":"            \"perm\": \"0770\""},{"line_number":42,"context_line":"        },"},{"line_number":43,"context_line":"        {"},{"line_number":44,"context_line":"            \"source\": \"{{ container_config_directory }}/crontab\","}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"ba1f7f13_4f9b1a88","line":41,"range":{"start_line":41,"start_character":21,"end_line":41,"end_character":25},"in_reply_to":"4210f9d8_dc51d8c9","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":46,"context_line":"            \"owner\": \"root\","},{"line_number":47,"context_line":"            \"perm\": \"0600\""},{"line_number":48,"context_line":"        }{% endif %}"},{"line_number":49,"context_line":"    ],"},{"line_number":50,"context_line":"    \"permissions\": ["},{"line_number":51,"context_line":"    ]"},{"line_number":52,"context_line":"}"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"01fdcd95_ef019151","line":51,"range":{"start_line":49,"start_character":5,"end_line":51,"end_character":5},"updated":"2021-01-27 17:22:00.000000000","message":"Not necessary","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":46,"context_line":"            \"owner\": \"root\","},{"line_number":47,"context_line":"            \"perm\": \"0600\""},{"line_number":48,"context_line":"        }{% endif %}"},{"line_number":49,"context_line":"    ],"},{"line_number":50,"context_line":"    \"permissions\": ["},{"line_number":51,"context_line":"    ]"},{"line_number":52,"context_line":"}"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"91a343df_f05cdec1","line":51,"range":{"start_line":49,"start_character":5,"end_line":51,"end_character":5},"in_reply_to":"01fdcd95_ef019151","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3befd5f1e775d2fe44cc53cbd2ca683b74c0b62","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set haproxy_cmd \u003d \u0027/usr/bin/supervisord\u0027 if enable_letsencrypt | bool else \u0027/usr/sbin/haproxy -W -db -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/services.d/\u0027 %}"},{"line_number":2,"context_line":"{"},{"line_number":3,"context_line":"    \"command\": \"{{ haproxy_cmd }}\","},{"line_number":4,"context_line":"    \"config_files\": ["}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"89e9bca7_9ee3d678","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":183},"updated":"2021-03-25 18:01:11.000000000","message":"In the interests of making this patch simpler, I suggest we pull out the refactor to remove haproxy_run.sh into a separate patch.","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set haproxy_cmd \u003d \u0027/usr/bin/supervisord\u0027 if enable_letsencrypt | bool else \u0027/usr/sbin/haproxy -W -db -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/services.d/\u0027 %}"},{"line_number":2,"context_line":"{"},{"line_number":3,"context_line":"    \"command\": \"{{ haproxy_cmd }}\","},{"line_number":4,"context_line":"    \"config_files\": ["}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"95731672_aeea94f8","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":183},"in_reply_to":"244c5b20_12660124","updated":"2021-04-06 13:08:28.000000000","message":"Is it done? I don\u0027t see a patch. I\u0027d assumed this one would depend on it.","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"4f6572775f41b20efc6e632816e6305711bffbdb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set haproxy_cmd \u003d \u0027/usr/bin/supervisord\u0027 if enable_letsencrypt | bool else \u0027/usr/sbin/haproxy -W -db -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/services.d/\u0027 %}"},{"line_number":2,"context_line":"{"},{"line_number":3,"context_line":"    \"command\": \"{{ haproxy_cmd }}\","},{"line_number":4,"context_line":"    \"config_files\": ["}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"244c5b20_12660124","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":183},"in_reply_to":"89e9bca7_9ee3d678","updated":"2021-04-01 23:29:07.000000000","message":"Done","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set haproxy_cmd \u003d \u0027/usr/bin/supervisord\u0027 if enable_letsencrypt | bool else \u0027/usr/sbin/haproxy -W -db -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/services.d/\u0027 %}"},{"line_number":2,"context_line":"{"},{"line_number":3,"context_line":"    \"command\": \"{{ haproxy_cmd }}\","},{"line_number":4,"context_line":"    \"config_files\": ["}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"0ef0edfb_f4d4dca4","line":1,"range":{"start_line":1,"start_character":0,"end_line":1,"end_character":183},"in_reply_to":"95731672_aeea94f8","updated":"2021-04-08 03:36:53.000000000","message":"I put the changes directly in haproxy_run.sh. The refactor can happen later.","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"}],"ansible/roles/haproxy/templates/haproxy_run.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":3,"context_line":"{% if enable_letsencrypt | bool %}"},{"line_number":4,"context_line":"echo \"start cron to monitor for Let\u0027s Encrypt certificates\""},{"line_number":5,"context_line":"{% set cron_cmd \u003d \u0027cron\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027crond\u0027 %}"},{"line_number":6,"context_line":"{{ cron_cmd }}"},{"line_number":7,"context_line":"{% endif %}"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"echo \"start haproxy\""}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"d65f76f6_fb888029","line":6,"updated":"2021-01-27 17:22:00.000000000","message":"It does appear that in Ubuntu at least, executing cron will cause it to daemonise and return control.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":3,"context_line":"{% if enable_letsencrypt | bool %}"},{"line_number":4,"context_line":"echo \"start cron to monitor for Let\u0027s Encrypt certificates\""},{"line_number":5,"context_line":"{% set cron_cmd \u003d \u0027cron\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027crond\u0027 %}"},{"line_number":6,"context_line":"{{ cron_cmd }}"},{"line_number":7,"context_line":"{% endif %}"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"echo \"start haproxy\""}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"de05d9e4_e83a2dc5","line":6,"in_reply_to":"d65f76f6_fb888029","updated":"2021-02-12 22:04:19.000000000","message":"Ack","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":11,"id":"288a2147_12885c10","line":12,"updated":"2021-01-27 17:22:00.000000000","message":"Without a process supervisor we may get some odd behaviour with signal handling. What happens if a signal is sent to the haproxy container? Are both processes able to cleanly handle it before it exits?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"e3a19824_4c655db5","line":12,"in_reply_to":"288a2147_12885c10","updated":"2021-02-12 22:04:19.000000000","message":"Added supervisor to manage processes","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/haproxy/templates/supervisord.conf.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"44ba28d04ac853f5d3f8d46d1869608348ae00cd","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":15,"id":"37b0d05c_90f808ca","line":11,"range":{"start_line":1,"start_character":0,"end_line":11,"end_character":0},"updated":"2021-02-24 15:30:30.000000000","message":"do we really need to run multiple services in a container?","commit_id":"70388a68f1967ebadaf52378122ef89e23639733"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"5a14571d6c91894ea4a293ce68262feadc272036","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"f13c69cb_b18c1ae3","line":11,"range":{"start_line":1,"start_character":0,"end_line":11,"end_character":0},"in_reply_to":"37b0d05c_90f808ca","updated":"2021-02-25 22:09:34.000000000","message":"Yes. The script that checks for new certs needs to run on the same container as haproxy, so can kill -USR2 $ha_parent_pid","commit_id":"70388a68f1967ebadaf52378122ef89e23639733"}],"ansible/roles/letsencrypt/defaults/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":4,"context_line":"letsencrypt_services:"},{"line_number":5,"context_line":"  letsencrypt-acme:"},{"line_number":6,"context_line":"    container_name: letsencrypt_acme"},{"line_number":7,"context_line":"    group: letsencrypt"},{"line_number":8,"context_line":"    enabled: true"},{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"956f2320_56c589ec","line":7,"updated":"2021-01-27 17:22:00.000000000","message":"we could use host_in_groups here to deploy to a single host.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":4,"context_line":"letsencrypt_services:"},{"line_number":5,"context_line":"  letsencrypt-acme:"},{"line_number":6,"context_line":"    container_name: letsencrypt_acme"},{"line_number":7,"context_line":"    group: letsencrypt"},{"line_number":8,"context_line":"    enabled: true"},{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"d923b97d_b6b6e18f","line":7,"in_reply_to":"956f2320_56c589ec","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    haproxy:"},{"line_number":13,"context_line":"      letsencrypt_acme_server:"},{"line_number":14,"context_line":"        enabled: \"{{ enable_letsencrypt }}\""},{"line_number":15,"context_line":"        mode: \"http\""},{"line_number":16,"context_line":"        external: false"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"a0af454b_37404703","line":13,"range":{"start_line":13,"start_character":6,"end_line":13,"end_character":29},"updated":"2021-01-27 17:22:00.000000000","message":"nit: normally the same as the container name","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    haproxy:"},{"line_number":13,"context_line":"      letsencrypt_acme_server:"},{"line_number":14,"context_line":"        enabled: \"{{ enable_letsencrypt }}\""},{"line_number":15,"context_line":"        mode: \"http\""},{"line_number":16,"context_line":"        external: false"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"f8daf665_78f113cb","line":13,"range":{"start_line":13,"start_character":6,"end_line":13,"end_character":29},"in_reply_to":"a0af454b_37404703","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":63,"context_line":"letsencrypt_certbot_default_volumes:"},{"line_number":64,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-certbot/:{{ container_config_directory }}/:ro\""},{"line_number":65,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":66,"context_line":"  - \"letsencrypt_etcs:/etc/letsencrypt\""},{"line_number":67,"context_line":"  - \"letsencrypt_priv_certs:/etc/letsencrypt/live/{{ kolla_internal_fqdn }}\""},{"line_number":68,"context_line":"  - \"{{ \u0027letsencrypt_pub_certs:/etc/letsencrypt/live/{{ kolla_external_fqdn }}\u0027 if not kolla_same_external_internal_vip else \u0027\u0027 }}\""},{"line_number":69,"context_line":"  - \"letsencrypt_acme_webroot:/www/data\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"b76f9b03_974f2ef6","line":66,"range":{"start_line":66,"start_character":5,"end_line":66,"end_character":21},"updated":"2021-01-27 17:22:00.000000000","message":"letsencrypt_etc?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":63,"context_line":"letsencrypt_certbot_default_volumes:"},{"line_number":64,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-certbot/:{{ container_config_directory }}/:ro\""},{"line_number":65,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":66,"context_line":"  - \"letsencrypt_etcs:/etc/letsencrypt\""},{"line_number":67,"context_line":"  - \"letsencrypt_priv_certs:/etc/letsencrypt/live/{{ kolla_internal_fqdn }}\""},{"line_number":68,"context_line":"  - \"{{ \u0027letsencrypt_pub_certs:/etc/letsencrypt/live/{{ kolla_external_fqdn }}\u0027 if not kolla_same_external_internal_vip else \u0027\u0027 }}\""},{"line_number":69,"context_line":"  - \"letsencrypt_acme_webroot:/www/data\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"266d0b4b_20a9b1ef","line":66,"range":{"start_line":66,"start_character":5,"end_line":66,"end_character":21},"in_reply_to":"b76f9b03_974f2ef6","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":70,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":71,"context_line":"letsencrypt_certbot_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"letsencrypt_ssh_enable_healthchecks: \"{{ enable_container_healthchecks }}\""},{"line_number":74,"context_line":"letsencrypt_ssh_healthcheck_interval: \"{{ default_container_healthcheck_interval }}\""},{"line_number":75,"context_line":"letsencrypt_ssh_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":76,"context_line":"letsencrypt_ssh_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":77,"context_line":"letsencrypt_ssh_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_listen sshd {{ letsencrypt_ssh_port }}\"]"},{"line_number":78,"context_line":"letsencrypt_ssh_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":79,"context_line":"letsencrypt_ssh_healthcheck:"},{"line_number":80,"context_line":"  interval: \"{{ letsencrypt_ssh_healthcheck_interval }}\""},{"line_number":81,"context_line":"  retries: \"{{ letsencrypt_ssh_healthcheck_retries }}\""},{"line_number":82,"context_line":"  start_period: \"{{ letsencrypt_ssh_healthcheck_start_period }}\""},{"line_number":83,"context_line":"  test: \"{% if letsencrypt_ssh_enable_healthchecks | bool %}{{ letsencrypt_ssh_healthcheck_test }}{% else %}NONE{% endif %}\""},{"line_number":84,"context_line":"  timeout: \"{{ letsencrypt_ssh_healthcheck_timeout }}\""},{"line_number":85,"context_line":"letsencrypt_ssh_default_volumes:"},{"line_number":86,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-ssh/:{{ container_config_directory }}/:ro\""},{"line_number":87,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"d2608ce3_6e4bae68","line":84,"range":{"start_line":73,"start_character":0,"end_line":84,"end_character":54},"updated":"2021-01-27 17:22:00.000000000","message":"Usual pattern is all healthchecks, then all volumes.\n\nCould have a similar healthcheck for the acme server?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":70,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":71,"context_line":"letsencrypt_certbot_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"letsencrypt_ssh_enable_healthchecks: \"{{ enable_container_healthchecks }}\""},{"line_number":74,"context_line":"letsencrypt_ssh_healthcheck_interval: \"{{ default_container_healthcheck_interval }}\""},{"line_number":75,"context_line":"letsencrypt_ssh_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":76,"context_line":"letsencrypt_ssh_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":77,"context_line":"letsencrypt_ssh_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_listen sshd {{ letsencrypt_ssh_port }}\"]"},{"line_number":78,"context_line":"letsencrypt_ssh_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":79,"context_line":"letsencrypt_ssh_healthcheck:"},{"line_number":80,"context_line":"  interval: \"{{ letsencrypt_ssh_healthcheck_interval }}\""},{"line_number":81,"context_line":"  retries: \"{{ letsencrypt_ssh_healthcheck_retries }}\""},{"line_number":82,"context_line":"  start_period: \"{{ letsencrypt_ssh_healthcheck_start_period }}\""},{"line_number":83,"context_line":"  test: \"{% if letsencrypt_ssh_enable_healthchecks | bool %}{{ letsencrypt_ssh_healthcheck_test }}{% else %}NONE{% endif %}\""},{"line_number":84,"context_line":"  timeout: \"{{ letsencrypt_ssh_healthcheck_timeout }}\""},{"line_number":85,"context_line":"letsencrypt_ssh_default_volumes:"},{"line_number":86,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-ssh/:{{ container_config_directory }}/:ro\""},{"line_number":87,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"cf81e10b_68b926bd","line":84,"range":{"start_line":73,"start_character":0,"end_line":84,"end_character":54},"in_reply_to":"d2608ce3_6e4bae68","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":4,"context_line":"letsencrypt_services:"},{"line_number":5,"context_line":"  letsencrypt-acme:"},{"line_number":6,"context_line":"    container_name: letsencrypt_acme"},{"line_number":7,"context_line":"    group: letsencrypt"},{"line_number":8,"context_line":"    enabled: true"},{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""}],"source_content_type":"text/x-yaml","patch_set":14,"id":"45adfa37_4ee28902","line":7,"range":{"start_line":7,"start_character":11,"end_line":7,"end_character":22},"updated":"2021-02-15 15:27:10.000000000","message":"inventory has specific groups for each container. Do we need them?","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":4,"context_line":"letsencrypt_services:"},{"line_number":5,"context_line":"  letsencrypt-acme:"},{"line_number":6,"context_line":"    container_name: letsencrypt_acme"},{"line_number":7,"context_line":"    group: letsencrypt"},{"line_number":8,"context_line":"    enabled: true"},{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""}],"source_content_type":"text/x-yaml","patch_set":14,"id":"4ba1da10_812ec995","line":7,"range":{"start_line":7,"start_character":11,"end_line":7,"end_character":22},"in_reply_to":"45adfa37_4ee28902","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    host_in_groups: \"{{ inventory_hostname in groups[\u0027letsencrypt\u0027] }}\""},{"line_number":13,"context_line":"    healthcheck: \"{{ letsencrypt_acme_healthcheck }}\""},{"line_number":14,"context_line":"  letsencrypt-certbot:"},{"line_number":15,"context_line":"    container_name: letsencrypt_certbot"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"901a713f_7fec6d2d","line":12,"updated":"2021-02-15 15:27:10.000000000","message":"I thought we were using this to deploy to a single host? See glance_api_hosts for an example.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    host_in_groups: \"{{ inventory_hostname in groups[\u0027letsencrypt\u0027] }}\""},{"line_number":13,"context_line":"    healthcheck: \"{{ letsencrypt_acme_healthcheck }}\""},{"line_number":14,"context_line":"  letsencrypt-certbot:"},{"line_number":15,"context_line":"    container_name: letsencrypt_certbot"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"d7ab5aca_7d502964","line":12,"in_reply_to":"901a713f_7fec6d2d","updated":"2021-02-20 17:22:38.000000000","message":"We need this on every host. If the VIP changes to a different host, we will need the acme server on that host for validation.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":86,"context_line":"  - \"letsencrypt_haproxy:/etc/letsencrypt/haproxy\""},{"line_number":87,"context_line":"  - \"letsencrypt:/etc/letsencrypt\""},{"line_number":88,"context_line":"letsencrypt_ssh_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"letsencrypt_ssh_enable_healthchecks: \"{{ enable_container_healthchecks }}\""},{"line_number":91,"context_line":"letsencrypt_ssh_healthcheck_interval: \"{{ default_container_healthcheck_interval }}\""},{"line_number":92,"context_line":"letsencrypt_ssh_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":93,"context_line":"letsencrypt_ssh_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":94,"context_line":"letsencrypt_ssh_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_listen sshd {{ letsencrypt_ssh_port }}\"]"},{"line_number":95,"context_line":"letsencrypt_ssh_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":96,"context_line":"letsencrypt_ssh_healthcheck:"},{"line_number":97,"context_line":"  interval: \"{{ letsencrypt_ssh_healthcheck_interval }}\""},{"line_number":98,"context_line":"  retries: \"{{ letsencrypt_ssh_healthcheck_retries }}\""},{"line_number":99,"context_line":"  start_period: \"{{ letsencrypt_ssh_healthcheck_start_period }}\""},{"line_number":100,"context_line":"  test: \"{% if letsencrypt_ssh_enable_healthchecks | bool %}{{ letsencrypt_ssh_healthcheck_test }}{% else %}NONE{% endif %}\""},{"line_number":101,"context_line":"  timeout: \"{{ letsencrypt_ssh_healthcheck_timeout }}\""}],"source_content_type":"text/x-yaml","patch_set":14,"id":"a1d7d300_72a4e214","line":101,"range":{"start_line":89,"start_character":0,"end_line":101,"end_character":54},"updated":"2021-02-15 15:27:10.000000000","message":"Move to L66","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":86,"context_line":"  - \"letsencrypt_haproxy:/etc/letsencrypt/haproxy\""},{"line_number":87,"context_line":"  - \"letsencrypt:/etc/letsencrypt\""},{"line_number":88,"context_line":"letsencrypt_ssh_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"letsencrypt_ssh_enable_healthchecks: \"{{ enable_container_healthchecks }}\""},{"line_number":91,"context_line":"letsencrypt_ssh_healthcheck_interval: \"{{ default_container_healthcheck_interval }}\""},{"line_number":92,"context_line":"letsencrypt_ssh_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":93,"context_line":"letsencrypt_ssh_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":94,"context_line":"letsencrypt_ssh_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_listen sshd {{ letsencrypt_ssh_port }}\"]"},{"line_number":95,"context_line":"letsencrypt_ssh_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":96,"context_line":"letsencrypt_ssh_healthcheck:"},{"line_number":97,"context_line":"  interval: \"{{ letsencrypt_ssh_healthcheck_interval }}\""},{"line_number":98,"context_line":"  retries: \"{{ letsencrypt_ssh_healthcheck_retries }}\""},{"line_number":99,"context_line":"  start_period: \"{{ letsencrypt_ssh_healthcheck_start_period }}\""},{"line_number":100,"context_line":"  test: \"{% if letsencrypt_ssh_enable_healthchecks | bool %}{{ letsencrypt_ssh_healthcheck_test }}{% else %}NONE{% endif %}\""},{"line_number":101,"context_line":"  timeout: \"{{ letsencrypt_ssh_healthcheck_timeout }}\""}],"source_content_type":"text/x-yaml","patch_set":14,"id":"5132f953_7c292105","line":101,"range":{"start_line":89,"start_character":0,"end_line":101,"end_character":54},"in_reply_to":"a1d7d300_72a4e214","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    host_in_groups: \"{{ inventory_hostname in groups[\u0027letsencrypt\u0027] }}\""},{"line_number":13,"context_line":"    healthcheck: \"{{ letsencrypt_acme_healthcheck }}\""},{"line_number":14,"context_line":"  letsencrypt-certbot:"},{"line_number":15,"context_line":"    container_name: letsencrypt_certbot"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"050d23fb_2ab64371","line":12,"updated":"2021-03-17 12:35:05.000000000","message":"The idea of using host_in_groups is that you can ensure the container only runs on one host, then still use HAProxy in front of that host.","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    image: \"{{ letsencrypt_acme_image_full }}\""},{"line_number":10,"context_line":"    volumes: \"{{ letsencrypt_acme_default_volumes + letsencrypt_acme_extra_volumes }}\""},{"line_number":11,"context_line":"    dimensions: \"{{ letsencrypt_acme_dimensions }}\""},{"line_number":12,"context_line":"    host_in_groups: \"{{ inventory_hostname in groups[\u0027letsencrypt\u0027] }}\""},{"line_number":13,"context_line":"    healthcheck: \"{{ letsencrypt_acme_healthcheck }}\""},{"line_number":14,"context_line":"  letsencrypt-certbot:"},{"line_number":15,"context_line":"    container_name: letsencrypt_certbot"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"2f80101c_0ee8900c","line":12,"in_reply_to":"050d23fb_2ab64371","updated":"2021-03-22 19:11:59.000000000","message":"Ack","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":77,"context_line":"letsencrypt_acme_default_volumes:"},{"line_number":78,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-acme/:{{ container_config_directory }}/:ro\""},{"line_number":79,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":80,"context_line":"  - \"letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":81,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}{% endif %}\""},{"line_number":82,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":83,"context_line":"letsencrypt_acme_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":84,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":103,"id":"fdd379e3_4b18e29d","line":81,"range":{"start_line":80,"start_character":0,"end_line":81,"end_character":138},"updated":"2021-04-06 13:08:28.000000000","message":"hmm, I thought this was from an earlier version?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":77,"context_line":"letsencrypt_acme_default_volumes:"},{"line_number":78,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-acme/:{{ container_config_directory }}/:ro\""},{"line_number":79,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":80,"context_line":"  - \"letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":81,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}{% endif %}\""},{"line_number":82,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":83,"context_line":"letsencrypt_acme_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":84,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":103,"id":"2967a79c_4c6ddf8d","line":81,"range":{"start_line":80,"start_character":0,"end_line":81,"end_character":138},"in_reply_to":"fdd379e3_4b18e29d","updated":"2021-04-08 03:36:53.000000000","message":"It got returned after I removed the \"mkdir\" code during haproxy startup.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":52,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-acme/:{{ container_config_directory }}/:ro\""},{"line_number":53,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":54,"context_line":"  - \"letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}\""},{"line_number":55,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":56,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":57,"context_line":"letsencrypt_acme_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":58,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"1f128331_8ab614b9","line":55,"range":{"start_line":55,"start_character":15,"end_line":55,"end_character":47},"updated":"2022-02-15 11:25:43.000000000","message":"Logic is backwards compared to elsewhere: internal is mandatory, external is optional.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":52,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-acme/:{{ container_config_directory }}/:ro\""},{"line_number":53,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":54,"context_line":"  - \"letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}\""},{"line_number":55,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":56,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":57,"context_line":"letsencrypt_acme_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":58,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"76d6c72c_ab475e87","line":55,"range":{"start_line":55,"start_character":15,"end_line":55,"end_character":47},"in_reply_to":"1f128331_8ab614b9","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":60,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-certbot/:{{ container_config_directory }}/:ro\""},{"line_number":61,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":62,"context_line":"  - \"letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}\""},{"line_number":63,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":64,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":65,"context_line":"letsencrypt_certbot_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":66,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"41e0fab2_fd9a97b9","line":63,"updated":"2022-02-15 11:25:43.000000000","message":"ditto","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":60,"context_line":"  - \"{{ node_config_directory }}/letsencrypt-certbot/:{{ container_config_directory }}/:ro\""},{"line_number":61,"context_line":"  - \"/etc/localtime:/etc/localtime:ro\""},{"line_number":62,"context_line":"  - \"letsencrypt_acme_webroot_external:/www/data/{{ kolla_external_fqdn }}\""},{"line_number":63,"context_line":"  - \"{% if not kolla_same_external_internal_vip | bool %}letsencrypt_acme_webroot_internal:/www/data/{{ kolla_internal_fqdn }}{% endif %}\""},{"line_number":64,"context_line":"  - \"kolla_logs:/var/log/kolla/\""},{"line_number":65,"context_line":"letsencrypt_certbot_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":66,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"839251fa_974bd55d","line":63,"in_reply_to":"41e0fab2_fd9a97b9","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":67,"context_line":"letsencrypt_cert_server: \"https://acme-v02.api.letsencrypt.org/directory\""},{"line_number":68,"context_line":"letsencrypt_validate_certificate: \"yes\""},{"line_number":69,"context_line":"# attempt to renew Let\u0027s Encrypt certificate every 12 hours"},{"line_number":70,"context_line":"letsencrypt_cron_renew_rate:  \"0   */12   *   *   *\""},{"line_number":71,"context_line":"# The email used for certificate registration and recovery contact. Required."},{"line_number":72,"context_line":"letsencrypt_email: \"\""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"070fc197_c8edf9d8","line":70,"range":{"start_line":70,"start_character":23,"end_line":70,"end_character":27},"updated":"2022-02-15 11:25:43.000000000","message":"nit: schedule","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":67,"context_line":"letsencrypt_cert_server: \"https://acme-v02.api.letsencrypt.org/directory\""},{"line_number":68,"context_line":"letsencrypt_validate_certificate: \"yes\""},{"line_number":69,"context_line":"# attempt to renew Let\u0027s Encrypt certificate every 12 hours"},{"line_number":70,"context_line":"letsencrypt_cron_renew_rate:  \"0   */12   *   *   *\""},{"line_number":71,"context_line":"# The email used for certificate registration and recovery contact. Required."},{"line_number":72,"context_line":"letsencrypt_email: \"\""}],"source_content_type":"text/x-yaml","patch_set":131,"id":"483d81d5_cbbc15ff","line":70,"range":{"start_line":70,"start_character":23,"end_line":70,"end_character":27},"in_reply_to":"070fc197_c8edf9d8","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"e11da59289aa8c7b13e32db1467e4a26b15d6a18","unresolved":true,"context_lines":[{"line_number":54,"context_line":"letsencrypt_email: \"\""},{"line_number":55,"context_line":"letsencrypt_cert_valid_days: \"30\""},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"letsencrypt_external_fqdns:"},{"line_number":58,"context_line":"  - \"{{ kolla_external_fqdn }}\""},{"line_number":59,"context_line":"letsencrypt_internal_fqdns:"},{"line_number":60,"context_line":"  - \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"5d3072f7_eef6adff","line":57,"range":{"start_line":57,"start_character":0,"end_line":57,"end_character":26},"updated":"2023-08-26 20:08:07.000000000","message":"letsencrypt_external_fqdn_extra: []\nletsencrypt_external_fqdns: \"{{ kolla_external_fqdn + letsencrypt_external_fqdn_extra }}\"","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"8dc25d8acd15bed3d2f0b9d69ccd0d7be2970f90","unresolved":false,"context_lines":[{"line_number":54,"context_line":"letsencrypt_email: \"\""},{"line_number":55,"context_line":"letsencrypt_cert_valid_days: \"30\""},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"letsencrypt_external_fqdns:"},{"line_number":58,"context_line":"  - \"{{ kolla_external_fqdn }}\""},{"line_number":59,"context_line":"letsencrypt_internal_fqdns:"},{"line_number":60,"context_line":"  - \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"f663ffd3_aaf70f85","line":57,"range":{"start_line":57,"start_character":0,"end_line":57,"end_character":26},"in_reply_to":"5d3072f7_eef6adff","updated":"2023-10-30 19:04:56.000000000","message":"Why do you think it\u0027s needed to propose another variable ? I think it\u0027s enough if you override letsencrypt_external_fqdns in globals if you want....","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"e11da59289aa8c7b13e32db1467e4a26b15d6a18","unresolved":true,"context_lines":[{"line_number":56,"context_line":""},{"line_number":57,"context_line":"letsencrypt_external_fqdns:"},{"line_number":58,"context_line":"  - \"{{ kolla_external_fqdn }}\""},{"line_number":59,"context_line":"letsencrypt_internal_fqdns:"},{"line_number":60,"context_line":"  - \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"6122ad1b_7960c10f","line":59,"range":{"start_line":59,"start_character":0,"end_line":59,"end_character":26},"updated":"2023-08-26 20:08:07.000000000","message":"ditto","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"8dc25d8acd15bed3d2f0b9d69ccd0d7be2970f90","unresolved":false,"context_lines":[{"line_number":56,"context_line":""},{"line_number":57,"context_line":"letsencrypt_external_fqdns:"},{"line_number":58,"context_line":"  - \"{{ kolla_external_fqdn }}\""},{"line_number":59,"context_line":"letsencrypt_internal_fqdns:"},{"line_number":60,"context_line":"  - \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"6c3afa2e_b4fba6a5","line":59,"range":{"start_line":59,"start_character":0,"end_line":59,"end_character":26},"in_reply_to":"6122ad1b_7960c10f","updated":"2023-10-30 19:04:56.000000000","message":"Done","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5ea3ed5a67bf1132a7ac3565d5ac64060e7762b4","unresolved":true,"context_lines":[{"line_number":48,"context_line":"letsencrypt_webserver_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"letsencrypt_cert_server: \"https://acme-v02.api.letsencrypt.org/directory\""},{"line_number":51,"context_line":"# attempt to renew Let\u0027s Encrypt certificate every 12 hours"},{"line_number":52,"context_line":"letsencrypt_cron_renew_schedule: \"0 */4 * * *\""},{"line_number":53,"context_line":"# The email used for certificate registration and recovery contact. Required."},{"line_number":54,"context_line":"letsencrypt_email: \"\""},{"line_number":55,"context_line":"letsencrypt_cert_valid_days: \"30\""}],"source_content_type":"text/x-yaml","patch_set":234,"id":"5ee6dbf5_fc184134","line":52,"range":{"start_line":51,"start_character":0,"end_line":52,"end_character":46},"updated":"2023-11-02 08:50:19.000000000","message":"please adjust the comment to match the actual renew schedule via cron (every 4th hour).","commit_id":"00d0d545f080199e567c21b6688aa28cf56f9be4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"2bebfb9ede4d52e34b095025e0670e65d1611255","unresolved":false,"context_lines":[{"line_number":48,"context_line":"letsencrypt_webserver_extra_volumes: \"{{ default_extra_volumes }}\""},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"letsencrypt_cert_server: \"https://acme-v02.api.letsencrypt.org/directory\""},{"line_number":51,"context_line":"# attempt to renew Let\u0027s Encrypt certificate every 12 hours"},{"line_number":52,"context_line":"letsencrypt_cron_renew_schedule: \"0 */4 * * *\""},{"line_number":53,"context_line":"# The email used for certificate registration and recovery contact. Required."},{"line_number":54,"context_line":"letsencrypt_email: \"\""},{"line_number":55,"context_line":"letsencrypt_cert_valid_days: \"30\""}],"source_content_type":"text/x-yaml","patch_set":234,"id":"74d286da_7af2df1c","line":52,"range":{"start_line":51,"start_character":0,"end_line":52,"end_character":46},"in_reply_to":"5ee6dbf5_fc184134","updated":"2023-11-06 10:04:08.000000000","message":"Done","commit_id":"00d0d545f080199e567c21b6688aa28cf56f9be4"}],"ansible/roles/letsencrypt/handlers/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":11,"context_line":"    image: \"{{ service.image }}\""},{"line_number":12,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":13,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":14,"context_line":"  when:"},{"line_number":15,"context_line":"    - kolla_action !\u003d \"config\""},{"line_number":16,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"b1126bd2_972c52a4","line":13,"updated":"2021-07-29 09:39:51.000000000","message":"Missing healthcheck","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":11,"context_line":"    image: \"{{ service.image }}\""},{"line_number":12,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":13,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":14,"context_line":"  when:"},{"line_number":15,"context_line":"    - kolla_action !\u003d \"config\""},{"line_number":16,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"ebd4d589_f05a4ebb","line":13,"in_reply_to":"b1126bd2_972c52a4","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":25,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":26,"context_line":"    image: \"{{ service.image }}\""},{"line_number":27,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":28,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":29,"context_line":"  when:"},{"line_number":30,"context_line":"    - kolla_action !\u003d \"config\""},{"line_number":31,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"9a7e2bb2_f7967ebd","line":28,"updated":"2021-07-29 09:39:51.000000000","message":"Missing healthcheck","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":25,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":26,"context_line":"    image: \"{{ service.image }}\""},{"line_number":27,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":28,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":29,"context_line":"  when:"},{"line_number":30,"context_line":"    - kolla_action !\u003d \"config\""},{"line_number":31,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"1e2f0636_6e67898e","line":28,"in_reply_to":"9a7e2bb2_f7967ebd","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":40,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":41,"context_line":"    image: \"{{ service.image }}\""},{"line_number":42,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":43,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":44,"context_line":"  when:"},{"line_number":45,"context_line":"    - kolla_action !\u003d \"config\""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"514c07c7_63f38ef9","line":43,"updated":"2021-07-29 09:39:51.000000000","message":"Missing healthcheck","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":40,"context_line":"    name: \"{{ service.container_name }}\""},{"line_number":41,"context_line":"    image: \"{{ service.image }}\""},{"line_number":42,"context_line":"    volumes: \"{{ service.volumes }}\""},{"line_number":43,"context_line":"    dimensions: \"{{ service.dimensions }}\""},{"line_number":44,"context_line":"  when:"},{"line_number":45,"context_line":"    - kolla_action !\u003d \"config\""}],"source_content_type":"text/x-yaml","patch_set":117,"id":"2775b7ee_ab04850c","line":43,"in_reply_to":"514c07c7_63f38ef9","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"}],"ansible/roles/letsencrypt/meta/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"dependencies:"},{"line_number":3,"context_line":"  - { role: common }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"47cd8f06_f75b0d3b","line":3,"range":{"start_line":2,"start_character":0,"end_line":3,"end_character":20},"updated":"2021-01-27 17:22:00.000000000","message":"This file is no longer required.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"dependencies:"},{"line_number":3,"context_line":"  - { role: common }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"65f1daed_900fa13f","line":3,"range":{"start_line":2,"start_character":0,"end_line":3,"end_character":20},"in_reply_to":"47cd8f06_f75b0d3b","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/letsencrypt/tasks/check-containers.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    name: \"{{ item.value.container_name }}\""},{"line_number":8,"context_line":"    image: \"{{ item.value.image }}\""},{"line_number":9,"context_line":"    volumes: \"{{ item.value.volumes }}\""},{"line_number":10,"context_line":"    dimensions: \"{{ item.value.dimensions }}\""},{"line_number":11,"context_line":"  when:"},{"line_number":12,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":13,"context_line":"    - item.value.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"e507e4ba_581a5f5f","line":10,"updated":"2021-07-29 09:39:51.000000000","message":"Missing healthcheck","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    name: \"{{ item.value.container_name }}\""},{"line_number":8,"context_line":"    image: \"{{ item.value.image }}\""},{"line_number":9,"context_line":"    volumes: \"{{ item.value.volumes }}\""},{"line_number":10,"context_line":"    dimensions: \"{{ item.value.dimensions }}\""},{"line_number":11,"context_line":"  when:"},{"line_number":12,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":13,"context_line":"    - item.value.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"fea50652_95ada9fe","line":10,"in_reply_to":"e507e4ba_581a5f5f","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"}],"ansible/roles/letsencrypt/tasks/config.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":31,"context_line":"  template:"},{"line_number":32,"context_line":"    src: \"{{ item.src }}\""},{"line_number":33,"context_line":"    dest: \"{{ node_config_directory }}/letsencrypt-acme/{{ item.dest }}\""},{"line_number":34,"context_line":"    mode: \"{{ item.mode | default(\u00270660\u0027) }}\""},{"line_number":35,"context_line":"  become: true"},{"line_number":36,"context_line":"  with_items:"},{"line_number":37,"context_line":"    - { src: \"certbot-apache.conf.j2\", dest: \"certbot-apache.conf\" }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"a5345859_39fb6745","line":34,"range":{"start_line":34,"start_character":14,"end_line":34,"end_character":23},"updated":"2021-01-27 17:22:00.000000000","message":"none has a mode","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":31,"context_line":"  template:"},{"line_number":32,"context_line":"    src: \"{{ item.src }}\""},{"line_number":33,"context_line":"    dest: \"{{ node_config_directory }}/letsencrypt-acme/{{ item.dest }}\""},{"line_number":34,"context_line":"    mode: \"{{ item.mode | default(\u00270660\u0027) }}\""},{"line_number":35,"context_line":"  become: true"},{"line_number":36,"context_line":"  with_items:"},{"line_number":37,"context_line":"    - { src: \"certbot-apache.conf.j2\", dest: \"certbot-apache.conf\" }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"16210040_675b1eb5","line":34,"range":{"start_line":34,"start_character":14,"end_line":34,"end_character":23},"in_reply_to":"a5345859_39fb6745","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":54,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":55,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":57,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0770\" }"},{"line_number":58,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":59,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":60,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"b9456a01_e35888bc","line":57,"range":{"start_line":57,"start_character":51,"end_line":57,"end_character":55},"updated":"2021-01-27 17:22:00.000000000","message":"I don\u0027t think it needs to be executable","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":54,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":55,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":57,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0770\" }"},{"line_number":58,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":59,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":60,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"2fd03828_20627c02","line":57,"range":{"start_line":57,"start_character":51,"end_line":57,"end_character":55},"in_reply_to":"b9456a01_e35888bc","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":69,"context_line":"  template:"},{"line_number":70,"context_line":"    src: \"{{ item.src }}\""},{"line_number":71,"context_line":"    dest: \"{{ node_config_directory }}/letsencrypt-ssh/{{ item.dest }}\""},{"line_number":72,"context_line":"    mode: \"{{ item.mode | default(\u00270660\u0027) }}\""},{"line_number":73,"context_line":"  become: true"},{"line_number":74,"context_line":"  with_items:"},{"line_number":75,"context_line":"    - { src: \"sshd_config.j2\", dest: \"sshd_config\" }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"3a972025_14ad9d2f","line":72,"range":{"start_line":72,"start_character":19,"end_line":72,"end_character":23},"updated":"2021-01-27 17:22:00.000000000","message":"none has a mode","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":69,"context_line":"  template:"},{"line_number":70,"context_line":"    src: \"{{ item.src }}\""},{"line_number":71,"context_line":"    dest: \"{{ node_config_directory }}/letsencrypt-ssh/{{ item.dest }}\""},{"line_number":72,"context_line":"    mode: \"{{ item.mode | default(\u00270660\u0027) }}\""},{"line_number":73,"context_line":"  become: true"},{"line_number":74,"context_line":"  with_items:"},{"line_number":75,"context_line":"    - { src: \"sshd_config.j2\", dest: \"sshd_config\" }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"1d75af4e_6bb5dba4","line":72,"range":{"start_line":72,"start_character":19,"end_line":72,"end_character":23},"in_reply_to":"3a972025_14ad9d2f","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":80,"context_line":"  notify:"},{"line_number":81,"context_line":"    - Restart letsencrypt-ssh container"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"- include_tasks: check-containers.yml"},{"line_number":84,"context_line":"  when: kolla_action !\u003d \"config\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5a37e738_2b66e6db","line":84,"range":{"start_line":83,"start_character":0,"end_line":84,"end_character":32},"updated":"2021-01-27 17:22:00.000000000","message":"This should be moved to deploy.yml, using import_tasks and without the when condition.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":80,"context_line":"  notify:"},{"line_number":81,"context_line":"    - Restart letsencrypt-ssh container"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"- include_tasks: check-containers.yml"},{"line_number":84,"context_line":"  when: kolla_action !\u003d \"config\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"463c1fa8_a3cc41fc","line":84,"range":{"start_line":83,"start_character":0,"end_line":84,"end_character":32},"in_reply_to":"5a37e738_2b66e6db","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":54,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":55,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":57,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0700\" }"},{"line_number":58,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":59,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":60,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"180280d6_40cf2f7c","line":57,"range":{"start_line":57,"start_character":51,"end_line":57,"end_character":55},"updated":"2021-02-15 15:27:10.000000000","message":"0600","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":54,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":55,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":57,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0700\" }"},{"line_number":58,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":59,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":60,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"78899ed4_1d3bf57c","line":57,"range":{"start_line":57,"start_character":51,"end_line":57,"end_character":55},"in_reply_to":"180280d6_40cf2f7c","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":53,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":54,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":55,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0600\" }"},{"line_number":57,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":58,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":59,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"f930c570_1a75bc4e","line":56,"range":{"start_line":56,"start_character":44,"end_line":56,"end_character":56},"updated":"2021-07-29 09:39:51.000000000","message":"Why not default 0660?","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    - { src: \"letsencrypt.ini.j2\", dest: \"letsencrypt.ini\" }"},{"line_number":54,"context_line":"    - { src: \"start-certbot-and-cron.sh.j2\", dest: \"start-certbot-and-cron.sh\", mode: \"0770\" }"},{"line_number":55,"context_line":"    - { src: \"certbot.sh.j2\", dest: \"certbot.sh\", mode: \"0770\" }"},{"line_number":56,"context_line":"    - { src: \"crontab.j2\", dest: \"crontab\", mode: \"0600\" }"},{"line_number":57,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":58,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"},{"line_number":59,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":117,"id":"63f56211_d07de524","line":56,"range":{"start_line":56,"start_character":44,"end_line":56,"end_character":56},"in_reply_to":"f930c570_1a75bc4e","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":11,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":12,"context_line":"    - item.value.enabled | bool"},{"line_number":13,"context_line":"  with_dict: \"{{ letsencrypt_services }}\""},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"- name: Copying over config.json files for services"},{"line_number":16,"context_line":"  template:"},{"line_number":17,"context_line":"    src: \"{{ item.key }}.json.j2\""}],"source_content_type":"text/x-yaml","patch_set":222,"id":"7c1dfcb6_a24ed7a5","line":14,"updated":"2023-07-28 11:16:21.000000000","message":"add here the task with fail to check the email is set before the tasks with templates.\ndon\u0027t forget update doc/source/admin/tls.rst about fail.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"17afb970c4fadc6728d84176f6265f42b91862e2","unresolved":false,"context_lines":[{"line_number":11,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":12,"context_line":"    - item.value.enabled | bool"},{"line_number":13,"context_line":"  with_dict: \"{{ letsencrypt_services }}\""},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"- name: Copying over config.json files for services"},{"line_number":16,"context_line":"  template:"},{"line_number":17,"context_line":"    src: \"{{ item.key }}.json.j2\""}],"source_content_type":"text/x-yaml","patch_set":222,"id":"d386c57f_22ffde28","line":14,"in_reply_to":"01e4e2b7_5c1fd4f4","updated":"2023-08-09 13:08:11.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":true,"context_lines":[{"line_number":11,"context_line":"    - inventory_hostname in groups[item.value.group]"},{"line_number":12,"context_line":"    - item.value.enabled | bool"},{"line_number":13,"context_line":"  with_dict: \"{{ letsencrypt_services }}\""},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"- name: Copying over config.json files for services"},{"line_number":16,"context_line":"  template:"},{"line_number":17,"context_line":"    src: \"{{ item.key }}.json.j2\""}],"source_content_type":"text/x-yaml","patch_set":222,"id":"01e4e2b7_5c1fd4f4","line":14,"in_reply_to":"7c1dfcb6_a24ed7a5","updated":"2023-08-09 12:13:36.000000000","message":"I think we have prechecks for this, i will add a task into prechecks.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"ansible/roles/letsencrypt/tasks/deploy.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: config.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Flush handlers"},{"line_number":5,"context_line":"  meta: flush_handlers"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"15e27929_201ffafa","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"updated":"2021-01-27 17:22:00.000000000","message":"import_tasks","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: config.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Flush handlers"},{"line_number":5,"context_line":"  meta: flush_handlers"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"75fed3d3_e2db0148","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"in_reply_to":"15e27929_201ffafa","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3befd5f1e775d2fe44cc53cbd2ca683b74c0b62","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- import_tasks: config.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Flush handlers"},{"line_number":5,"context_line":"  meta: flush_handlers"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"- import_tasks: check-containers.yml"}],"source_content_type":"text/x-yaml","patch_set":56,"id":"443faa95_e2a48990","line":5,"range":{"start_line":4,"start_character":0,"end_line":5,"end_character":22},"updated":"2021-03-25 18:01:11.000000000","message":"Why are we flushing handlers before the check?","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"4f6572775f41b20efc6e632816e6305711bffbdb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- import_tasks: config.yml"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"- name: Flush handlers"},{"line_number":5,"context_line":"  meta: flush_handlers"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"- import_tasks: check-containers.yml"}],"source_content_type":"text/x-yaml","patch_set":56,"id":"9272b339_be31066b","line":5,"range":{"start_line":4,"start_character":0,"end_line":5,"end_character":22},"in_reply_to":"443faa95_e2a48990","updated":"2021-04-01 23:29:07.000000000","message":"Done","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"}],"ansible/roles/letsencrypt/tasks/precheck.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  kolla_container_facts:"},{"line_number":5,"context_line":"    name:"},{"line_number":6,"context_line":"      - letsencrypt_acme"},{"line_number":7,"context_line":"  register: container_facts"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"- name: Checking free port for LetsEncrypt server"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"9cf1a2da_520e3b06","line":6,"range":{"start_line":6,"start_character":8,"end_line":6,"end_character":24},"updated":"2021-01-27 17:22:00.000000000","message":"SSH too","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  kolla_container_facts:"},{"line_number":5,"context_line":"    name:"},{"line_number":6,"context_line":"      - letsencrypt_acme"},{"line_number":7,"context_line":"  register: container_facts"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"- name: Checking free port for LetsEncrypt server"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba2c2fdd_bcf06eb0","line":6,"range":{"start_line":6,"start_character":8,"end_line":6,"end_character":24},"in_reply_to":"9cf1a2da_520e3b06","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":14,"context_line":"    timeout: 1"},{"line_number":15,"context_line":"    state: stopped"},{"line_number":16,"context_line":"  when:"},{"line_number":17,"context_line":"    - container_facts[\u0027letsencrypt_acme\u0027] is not defined"},{"line_number":18,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt_acme\u0027]"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- name: Checking free port for LetsEncrypt SSH"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"129df833_305927aa","line":17,"updated":"2021-01-27 17:22:00.000000000","message":"letsencrypt_acme.enabled | bool","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":14,"context_line":"    timeout: 1"},{"line_number":15,"context_line":"    state: stopped"},{"line_number":16,"context_line":"  when:"},{"line_number":17,"context_line":"    - container_facts[\u0027letsencrypt_acme\u0027] is not defined"},{"line_number":18,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt_acme\u0027]"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- name: Checking free port for LetsEncrypt SSH"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"90087df8_b28f186e","line":17,"in_reply_to":"129df833_305927aa","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":18,"context_line":"    state: stopped"},{"line_number":19,"context_line":"  when:"},{"line_number":20,"context_line":"    - container_facts[\u0027letsencrypt_acme\u0027] is not defined"},{"line_number":21,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt-acme\u0027]"},{"line_number":22,"context_line":"    - letsencrypt_acme.enabled | bool"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- name: Checking free port for LetsEncrypt SSH"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"261e3c75_61c7c5b6","line":21,"range":{"start_line":21,"start_character":35,"end_line":21,"end_character":53},"updated":"2021-03-17 12:35:05.000000000","message":"letsencrypt_acme.group","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":18,"context_line":"    state: stopped"},{"line_number":19,"context_line":"  when:"},{"line_number":20,"context_line":"    - container_facts[\u0027letsencrypt_acme\u0027] is not defined"},{"line_number":21,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt-acme\u0027]"},{"line_number":22,"context_line":"    - letsencrypt_acme.enabled | bool"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- name: Checking free port for LetsEncrypt SSH"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"19b57c8d_caef040a","line":21,"range":{"start_line":21,"start_character":35,"end_line":21,"end_character":53},"in_reply_to":"261e3c75_61c7c5b6","updated":"2021-03-22 19:11:59.000000000","message":"Done","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":33,"context_line":"  when:"},{"line_number":34,"context_line":"    - container_facts[\u0027letsencrypt_ssh\u0027] is not defined"},{"line_number":35,"context_line":"    - letsencrypt_ssh.enabled | bool"},{"line_number":36,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt\u0027]"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"5b1859d6_090b04ad","line":36,"range":{"start_line":36,"start_character":36,"end_line":36,"end_character":48},"updated":"2021-03-17 12:35:05.000000000","message":"letsencrypt_ssh.group","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":33,"context_line":"  when:"},{"line_number":34,"context_line":"    - container_facts[\u0027letsencrypt_ssh\u0027] is not defined"},{"line_number":35,"context_line":"    - letsencrypt_ssh.enabled | bool"},{"line_number":36,"context_line":"    - inventory_hostname in groups[\u0027letsencrypt\u0027]"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"c76141b3_bb343576","line":36,"range":{"start_line":36,"start_character":36,"end_line":36,"end_character":48},"in_reply_to":"5b1859d6_090b04ad","updated":"2021-03-22 19:11:59.000000000","message":"Done","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"c8477d6dc48f6e709bcfc2ff4eac0b5ed25c8c27","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"c96159db_d9395eec","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"updated":"2023-08-10 15:02:38.000000000","message":"this is only a simplified validation regex for e-mail, which fails on some valid mail addresses see: https://stackoverflow.com/a/201378\n\nfor a fast and RFC compliant regex (which is very long).\n\nI\u0027m not sure we really want to validate the mail here completely.\nI\u0027d like to hear thoughts from other people though.\n\nI\u0027d personally say we either validate correctly (long regex) or not at all?\n\nWhat do you think?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"428d3a61f3e23a230bb210cb3dd206dad5bb4143","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"2bfe68d7_d103b16a","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"2581a4b1_4a3437ca","updated":"2023-11-06 11:41:10.000000000","message":"don\u0027t agree with you too. our purpose to deploy software not check all possible user mistakes, lets do a simple check for a string with \u0027.*@.*\\..*\u0027. if user provides an incorrect (mean non-working) email it can make any mistake even in latin letters.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"c3805b65104959e7ac1a6a204299dbb61741f782","unresolved":false,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"74654d44_2b38e4fd","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"2bfe68d7_d103b16a","updated":"2023-11-07 10:00:51.000000000","message":"Now it\u0027s as simple as possible... Done","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"fb6edbdbc3f5e9aefd267d7489c9eed11792cb2e","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"f7324f2e_894e8a92","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"4cdd8796_60076674","updated":"2023-08-14 09:06:17.000000000","message":"so, for my part of the discussion, this is resolved.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"884ce70bfa47552b87ffe84545d9f6c55c59dbe5","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"78762855_b548d538","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"69f51803_0abe236a","updated":"2023-11-06 11:08:36.000000000","message":"not all possible emails fit this regexp","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f3256d1f16526571d7bc91e31b93ed2727841ac8","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"2581a4b1_4a3437ca","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"78762855_b548d538","updated":"2023-11-06 11:17:55.000000000","message":"Feel free to amend it and propose better filter please, or leave a comment with regexp here. I\u0027m not going to lose my energy to reimplement it, if you are not OK with it i will remove that precheck OR I will reimplement to just check var is DEFINED/UNDEFINED, and i will leave a comment that it is responsibility of deployer to define valid email. WDYT ?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"4254ed8d979b2c130cb3d745e3d7bb21b70b64cd","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"1f758b5a_8fee1719","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"78762855_b548d538","updated":"2023-11-06 11:12:49.000000000","message":"https://en.wikipedia.org/wiki/International_email","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"495efda01ac136a9eb8d663cd940b605ab0a6097","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"d670dae5_2ea3bef7","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"b2d209e0_0c8e36da","updated":"2023-08-11 08:58:29.000000000","message":"so, to clarify: I think a simple test must be done, so users don\u0027t shoot themselves in the foot by omitting this crucial variable, but I would maybe just check that the variable is not empty, or if we want to go that route use the complex regex that really fit\u0027s all valid mail addresses.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"5fcadbac4b23308f6a465ff25378bde9e82e3ca4","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"d910d774_278817e3","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"c96159db_d9395eec","updated":"2023-08-10 20:24:16.000000000","message":"imho, there is no need in strict checking here. something like \u0027.*@.*\u0027 is fair enough.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"bde77483539ff98ff7c48423c9773c0d92805764","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"4cdd8796_60076674","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"d670dae5_2ea3bef7","updated":"2023-08-11 09:09:22.000000000","message":"simple test that string contain @ symbol in the middle is enough imho, this will also check that string is not empty.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"1c2f601b070f05654198a75268511524db3a2510","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"b2d209e0_0c8e36da","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"d910d774_278817e3","updated":"2023-08-10 20:26:13.000000000","message":"because иванов@фамилия.рф for example is a valid email address (just for example)","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"61643f80dce87d1ae2a7e6a7e3edad2e5338674f","unresolved":false,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"69f51803_0abe236a","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"f7324f2e_894e8a92","updated":"2023-09-17 15:30:33.000000000","message":"Done","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"e11da59289aa8c7b13e32db1467e4a26b15d6a18","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  vars:"},{"line_number":27,"context_line":"    replace: \"valid\""},{"line_number":28,"context_line":"  assert:"},{"line_number":29,"context_line":"    that: letsencrypt_email | regex_replace(\u0027([A-Za-z0-9]+[.-_])*[A-Za-z0-9]+@[A-Za-z0-9-]+(\\.[A-Z|a-z]{2,})+$\u0027, replace) \u003d\u003d \"valid\""},{"line_number":30,"context_line":"    fail_msg: \"Letsencrypt contact email value didn\u0027t pass validation.\""},{"line_number":31,"context_line":"  when:"},{"line_number":32,"context_line":"    - enable_letsencrypt | bool"}],"source_content_type":"text/x-yaml","patch_set":227,"id":"5e4a905d_c20c003b","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":56},"in_reply_to":"f7324f2e_894e8a92","updated":"2023-08-26 20:08:07.000000000","message":"lets simplify test for \u0027.@.\u0027 minimum. your test would fail on some emails.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"ansible/roles/letsencrypt/tasks/reconfigure.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: deploy.yml"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5a7a47f1_63ae9915","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"updated":"2021-01-27 17:22:00.000000000","message":"import_tasks","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: deploy.yml"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"c9eecf89_6cb934f2","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"in_reply_to":"5a7a47f1_63ae9915","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/letsencrypt/tasks/upgrade.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: deploy.yml"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"18b2c44c_ec2ee68b","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"updated":"2021-01-27 17:22:00.000000000","message":"import_tasks","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- include_tasks: deploy.yml"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"92fb3b0f_2ef1ea2e","line":2,"range":{"start_line":2,"start_character":2,"end_line":2,"end_character":15},"in_reply_to":"18b2c44c_ec2ee68b","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"}],"ansible/roles/letsencrypt/templates/acme-apache.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"d4646da9_88ba852b","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":105},"updated":"2021-07-29 09:39:51.000000000","message":"Not used","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"2b189f19_f84826e1","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":105},"in_reply_to":"d4646da9_88ba852b","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":39,"context_line":"\u003c/VirtualHost\u003e"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"{% endif %}"},{"line_number":42,"context_line":"\u003cVirtualHost *:{{ letsencrypt_acme_port }}\u003e"},{"line_number":43,"context_line":"  DocumentRoot \"/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":44,"context_line":"  ServerName {{ kolla_internal_fqdn }}"},{"line_number":45,"context_line":"  ErrorLog \"{{ letsencrypt_log_dir }}/{{ kolla_internal_fqdn }}-error_log\""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"1423f63f_202381b0","line":42,"range":{"start_line":42,"start_character":13,"end_line":42,"end_character":14},"updated":"2021-07-29 09:39:51.000000000","message":"Should it listen on the internal VIP? Unclear what the use case is for internal Letsencrypt, and how it would work","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":39,"context_line":"\u003c/VirtualHost\u003e"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"{% endif %}"},{"line_number":42,"context_line":"\u003cVirtualHost *:{{ letsencrypt_acme_port }}\u003e"},{"line_number":43,"context_line":"  DocumentRoot \"/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":44,"context_line":"  ServerName {{ kolla_internal_fqdn }}"},{"line_number":45,"context_line":"  ErrorLog \"{{ letsencrypt_log_dir }}/{{ kolla_internal_fqdn }}-error_log\""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"f1488e82_2be7b51e","line":42,"range":{"start_line":42,"start_character":13,"end_line":42,"end_character":14},"in_reply_to":"1423f63f_202381b0","updated":"2022-02-15 11:25:43.000000000","message":"Bringing this up again. Have you tested a real deployment with external and internal LE? Does it work if the internal IP is not internet accessible?","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":39,"context_line":"\u003c/VirtualHost\u003e"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"{% endif %}"},{"line_number":42,"context_line":"\u003cVirtualHost *:{{ letsencrypt_acme_port }}\u003e"},{"line_number":43,"context_line":"  DocumentRoot \"/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":44,"context_line":"  ServerName {{ kolla_internal_fqdn }}"},{"line_number":45,"context_line":"  ErrorLog \"{{ letsencrypt_log_dir }}/{{ kolla_internal_fqdn }}-error_log\""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"cb972cca_41505a47","line":42,"range":{"start_line":42,"start_character":13,"end_line":42,"end_character":14},"in_reply_to":"1423f63f_202381b0","updated":"2022-02-18 01:59:07.000000000","message":"Yes. The internal IP does not get a certificate since LE cannot validate with the acme server. External works.","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":false,"context_lines":[{"line_number":39,"context_line":"\u003c/VirtualHost\u003e"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"{% endif %}"},{"line_number":42,"context_line":"\u003cVirtualHost *:{{ letsencrypt_acme_port }}\u003e"},{"line_number":43,"context_line":"  DocumentRoot \"/www/data/{{ kolla_internal_fqdn }}\""},{"line_number":44,"context_line":"  ServerName {{ kolla_internal_fqdn }}"},{"line_number":45,"context_line":"  ErrorLog \"{{ letsencrypt_log_dir }}/{{ kolla_internal_fqdn }}-error_log\""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"67821faf_7ecfa976","line":42,"range":{"start_line":42,"start_character":13,"end_line":42,"end_character":14},"in_reply_to":"cb972cca_41505a47","updated":"2022-02-23 10:17:14.000000000","message":"In which case, I don\u0027t think the support for the internal API is that useful.","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"}],"ansible/roles/letsencrypt/templates/apache.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3befd5f1e775d2fe44cc53cbd2ca683b74c0b62","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"echo \"create domain directories\""},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"{% if not kolla_same_external_internal_vip | bool %}mkdir -p /www/data/{{ kolla_external_fqdn }}{% endif %}"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"mkdir -p /www/data/{{ kolla_internal_fqdn }}"},{"line_number":12,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"fbaaa424_2f494cdb","line":9,"updated":"2021-03-25 18:01:11.000000000","message":"Can\u0027t we do this using the normal config.json approach?","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"4f6572775f41b20efc6e632816e6305711bffbdb","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"echo \"create domain directories\""},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"{% if not kolla_same_external_internal_vip | bool %}mkdir -p /www/data/{{ kolla_external_fqdn }}{% endif %}"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"mkdir -p /www/data/{{ kolla_internal_fqdn }}"},{"line_number":12,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"8cfdbfb4_30085577","line":9,"in_reply_to":"fbaaa424_2f494cdb","updated":"2021-04-01 23:29:07.000000000","message":"Done","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"}],"ansible/roles/letsencrypt/templates/cert.pem":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":1,"context_line":"-----BEGIN CERTIFICATE-----"},{"line_number":2,"context_line":"MIIDGzCCAgOgAwIBAgIIbEfayDFsBtwwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE"},{"line_number":3,"context_line":"AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMDcx"},{"line_number":4,"context_line":"MjA2MTk0MjEwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB"}],"source_content_type":"application/octet-stream","patch_set":40,"id":"adaed8e4_15b53db1","line":1,"updated":"2021-03-17 12:35:05.000000000","message":"What certificate is this?","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":1,"context_line":"-----BEGIN CERTIFICATE-----"},{"line_number":2,"context_line":"MIIDGzCCAgOgAwIBAgIIbEfayDFsBtwwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE"},{"line_number":3,"context_line":"AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMDcx"},{"line_number":4,"context_line":"MjA2MTk0MjEwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB"}],"source_content_type":"application/octet-stream","patch_set":40,"id":"1398fd7b_db8c74d0","line":1,"in_reply_to":"adaed8e4_15b53db1","updated":"2021-03-22 19:11:59.000000000","message":"Pebble needs a certificate which it uses as a CA. Since it pebble is a test server anyways, simplest to pass a generated cert.","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"}],"ansible/roles/letsencrypt/templates/certbot-apache.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"},{"line_number":6,"context_line":"ServerTokens Prod"}],"source_content_type":"text/x-jinja2","patch_set":14,"id":"28f8e450_f31f8dcf","line":3,"range":{"start_line":3,"start_character":10,"end_line":3,"end_character":29},"updated":"2021-02-15 15:27:10.000000000","message":"Why no haproxy?","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"},{"line_number":6,"context_line":"ServerTokens Prod"}],"source_content_type":"text/x-jinja2","patch_set":14,"id":"c33f6a04_a2d57613","line":3,"range":{"start_line":3,"start_character":10,"end_line":3,"end_character":29},"in_reply_to":"28f8e450_f31f8dcf","updated":"2021-02-20 17:22:38.000000000","message":"We explicitly do not want load balancing. Sequential communication from letsencrypt service could bounce between acme servers - and only one acme server will be configured by certbot.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"},{"line_number":6,"context_line":"ServerTokens Prod"}],"source_content_type":"text/x-jinja2","patch_set":14,"id":"15a40423_067dc27d","line":3,"range":{"start_line":3,"start_character":10,"end_line":3,"end_character":29},"in_reply_to":"5d43f369_f9e74729","updated":"2021-03-22 19:11:59.000000000","message":"The Acme server does not require a haproxy in front of it nor do we want load balancing. Perhaps I need a deeper understanding of host_in_groups","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"ServerSignature Off"},{"line_number":6,"context_line":"ServerTokens Prod"}],"source_content_type":"text/x-jinja2","patch_set":14,"id":"5d43f369_f9e74729","line":3,"range":{"start_line":3,"start_character":10,"end_line":3,"end_character":29},"in_reply_to":"c33f6a04_a2d57613","updated":"2021-03-17 12:35:05.000000000","message":"See the comment in defaults.yml.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3befd5f1e775d2fe44cc53cbd2ca683b74c0b62","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"52d9426d_4407fb05","line":1,"updated":"2021-03-25 18:01:11.000000000","message":"Should this be called acme-apache.conf.j2?","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"4f6572775f41b20efc6e632816e6305711bffbdb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_log_dir \u003d \u0027/var/log/kolla/letsencrypt\u0027 %}"},{"line_number":2,"context_line":"{% set binary_path \u003d \u0027/usr/bin\u0027 if letsencrypt_install_type \u003d\u003d \u0027binary\u0027 else \u0027/var/lib/kolla/venv/bin\u0027 %}"},{"line_number":3,"context_line":"Listen {{ kolla_external_fqdn | put_address_in_context(\u0027url\u0027) }}:{{ letsencrypt_acme_port }}"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":56,"id":"634b3281_53761a75","line":1,"in_reply_to":"52d9426d_4407fb05","updated":"2021-04-01 23:29:07.000000000","message":"Done","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"}],"ansible/roles/letsencrypt/templates/certbot.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":11,"context_line":"internal_fullchain_path\u003d$le_base/{{ kolla_internal_fqdn }}/fullchain.pem"},{"line_number":12,"context_line":"md5_internal_cert\u003d$(md5sum \"$internal_fullchain_path\" | cut -d \u0027 \u0027 -f1)"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"# if Lets Encrypt haproxy.pem has not been generated, always attempt to"},{"line_number":15,"context_line":"# execute certbot. It is possible that the VIP has been updated to this node"},{"line_number":16,"context_line":"# since this script last executed. If the VIP does not route to this node,"},{"line_number":17,"context_line":"# certbot will fail since the acme server listening on the VIP will not be"},{"line_number":18,"context_line":"# updated for the certbot web challenge."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"{% if not kolla_same_external_internal_vip | bool %}"},{"line_number":21,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"ef315c2c_cb821814","line":18,"range":{"start_line":14,"start_character":0,"end_line":18,"end_character":40},"updated":"2021-01-27 17:22:00.000000000","message":"I\u0027m not sure I follow this. Isn\u0027t the VIP primary a separate concern from the acme web server backend?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":11,"context_line":"internal_fullchain_path\u003d$le_base/{{ kolla_internal_fqdn }}/fullchain.pem"},{"line_number":12,"context_line":"md5_internal_cert\u003d$(md5sum \"$internal_fullchain_path\" | cut -d \u0027 \u0027 -f1)"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"# if Lets Encrypt haproxy.pem has not been generated, always attempt to"},{"line_number":15,"context_line":"# execute certbot. It is possible that the VIP has been updated to this node"},{"line_number":16,"context_line":"# since this script last executed. If the VIP does not route to this node,"},{"line_number":17,"context_line":"# certbot will fail since the acme server listening on the VIP will not be"},{"line_number":18,"context_line":"# updated for the certbot web challenge."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"{% if not kolla_same_external_internal_vip | bool %}"},{"line_number":21,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"eb0a29cc_28d02629","line":18,"range":{"start_line":14,"start_character":0,"end_line":18,"end_character":40},"in_reply_to":"ef315c2c_cb821814","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":20,"context_line":"{% if not kolla_same_external_internal_vip | bool %}"},{"line_number":21,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"},{"line_number":22,"context_line":"    echo \"Execute certbot for domain: {{ kolla_external_fqdn }}\""},{"line_number":23,"context_line":"    $bin_path/certbot certonly -v --webroot -w /www/data/{{ kolla_external_fqdn }} --no-eff-email --agree-tos -d {{ kolla_external_fqdn }} --cert-name {{ kolla_external_fqdn }}"},{"line_number":24,"context_line":"else"},{"line_number":25,"context_line":"    echo \"Execute certbot renew\""},{"line_number":26,"context_line":"    $bin_path/certbot renew"},{"line_number":27,"context_line":"fi"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"if [ \"$md5_external_cert\" !\u003d \"$(md5sum \"$external_fullchain_path\" | cut -d \u0027 \u0027 -f1)\" ]; then"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"a9f9407d_8c0de9ca","line":26,"range":{"start_line":23,"start_character":0,"end_line":26,"end_character":27},"updated":"2021-01-27 17:22:00.000000000","message":"AFAICT, certonly is to bootstrap generation of an initial certificate, whereas renew is for when you have a certificate. Do we actually need to run them both?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":20,"context_line":"{% if not kolla_same_external_internal_vip | bool %}"},{"line_number":21,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"},{"line_number":22,"context_line":"    echo \"Execute certbot for domain: {{ kolla_external_fqdn }}\""},{"line_number":23,"context_line":"    $bin_path/certbot certonly -v --webroot -w /www/data/{{ kolla_external_fqdn }} --no-eff-email --agree-tos -d {{ kolla_external_fqdn }} --cert-name {{ kolla_external_fqdn }}"},{"line_number":24,"context_line":"else"},{"line_number":25,"context_line":"    echo \"Execute certbot renew\""},{"line_number":26,"context_line":"    $bin_path/certbot renew"},{"line_number":27,"context_line":"fi"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"if [ \"$md5_external_cert\" !\u003d \"$(md5sum \"$external_fullchain_path\" | cut -d \u0027 \u0027 -f1)\" ]; then"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"24c73d05_77fab2f2","line":26,"range":{"start_line":23,"start_character":0,"end_line":26,"end_character":27},"in_reply_to":"a9f9407d_8c0de9ca","updated":"2021-02-12 22:04:19.000000000","message":"only one is run per script execution.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":7,"context_line":""},{"line_number":8,"context_line":"{% if letsencrypt_pebble_domain_name | length \u003e 0 %}"},{"line_number":9,"context_line":"external_domain_name\u003d{{ letsencrypt_pebble_domain_name }}"},{"line_number":10,"context_line":"internal_domain_name\u003d{{ letsencrypt_pebble_domain_name }}"},{"line_number":11,"context_line":"{% else %}"},{"line_number":12,"context_line":"external_domain_name\u003d{{ kolla_external_fqdn }}"},{"line_number":13,"context_line":"internal_domain_name\u003d{{ kolla_internal_fqdn }}"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"9b318f2a_f4cec7cb","line":10,"range":{"start_line":10,"start_character":24,"end_line":10,"end_character":54},"updated":"2021-04-06 13:08:28.000000000","message":"Is this fixed by pebble? Any reason why we can\u0027t set it to the same value as kolla_external_fqdn and kolla_internal_fqdn?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":7,"context_line":""},{"line_number":8,"context_line":"{% if letsencrypt_pebble_domain_name | length \u003e 0 %}"},{"line_number":9,"context_line":"external_domain_name\u003d{{ letsencrypt_pebble_domain_name }}"},{"line_number":10,"context_line":"internal_domain_name\u003d{{ letsencrypt_pebble_domain_name }}"},{"line_number":11,"context_line":"{% else %}"},{"line_number":12,"context_line":"external_domain_name\u003d{{ kolla_external_fqdn }}"},{"line_number":13,"context_line":"internal_domain_name\u003d{{ kolla_internal_fqdn }}"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"caeea03e_92dca37e","line":10,"range":{"start_line":10,"start_character":24,"end_line":10,"end_character":54},"in_reply_to":"9b318f2a_f4cec7cb","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"},{"line_number":25,"context_line":"    echo \"Execute certbot for domain: $external_domain_name\""},{"line_number":26,"context_line":"    $bin_path/certbot certonly -v -n --no-eff-email --agree-tos -d $external_domain_name --cert-name $external_domain_name {% if letsencrypt_pebble_server | length \u003e 0 %} --standalone --server https://{{ letsencrypt_pebble_server }}:14000/dir --no-verify-ssl --http-01-port\u003d5002 {% else %} --webroot -w /www/data/$external_domain_name {% endif %}"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"else"},{"line_number":29,"context_line":"    echo \"Execute certbot renew\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"75141cd5_62724bdd","line":26,"range":{"start_line":26,"start_character":123,"end_line":26,"end_character":346},"updated":"2021-04-06 13:08:28.000000000","message":"Why are these arguments so different when pebble is in use? I get these ones:\n\n--server https://{{ letsencrypt_pebble_server }}:14000/dir\n--no-verify-ssl\n\nBut why these:\n\n--standalone\n--http-01-port\u003d5002\n\nAnd why not these?\n\n--webroot -w /www/data/$external_domain_name","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"},{"line_number":25,"context_line":"    echo \"Execute certbot for domain: $external_domain_name\""},{"line_number":26,"context_line":"    $bin_path/certbot certonly -v -n --no-eff-email --agree-tos -d $external_domain_name --cert-name $external_domain_name {% if letsencrypt_pebble_server | length \u003e 0 %} --standalone --server https://{{ letsencrypt_pebble_server }}:14000/dir --no-verify-ssl --http-01-port\u003d5002 {% else %} --webroot -w /www/data/$external_domain_name {% endif %}"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"else"},{"line_number":29,"context_line":"    echo \"Execute certbot renew\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"dae3e8f9_72af6371","line":26,"range":{"start_line":26,"start_character":123,"end_line":26,"end_character":346},"in_reply_to":"75141cd5_62724bdd","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"if [ ! -f \"$external_cert_path\" ]; then"},{"line_number":25,"context_line":"    echo \"Execute certbot for domain: $external_domain_name\""},{"line_number":26,"context_line":"    $bin_path/certbot certonly -v -n --no-eff-email --agree-tos -d $external_domain_name --cert-name $external_domain_name {% if letsencrypt_pebble_server | length \u003e 0 %} --standalone --server https://{{ letsencrypt_pebble_server }}:14000/dir --no-verify-ssl --http-01-port\u003d5002 {% else %} --webroot -w /www/data/$external_domain_name {% endif %}"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"else"},{"line_number":29,"context_line":"    echo \"Execute certbot renew\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"fb09c77a_e68e839b","line":26,"range":{"start_line":26,"start_character":123,"end_line":26,"end_character":346},"in_reply_to":"dae3e8f9_72af6371","updated":"2021-04-08 10:19:33.000000000","message":"Looks better now","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {% endfor %}"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    {% if kolla_same_external_internal_vip | bool %}"},{"line_number":38,"context_line":"    # duplicate certificate for internal"},{"line_number":39,"context_line":"    cp \"$external_cert_path\" \"$internal_cert_path\""},{"line_number":40,"context_line":"    echo \"ssh internal certificate to other nodes\""},{"line_number":41,"context_line":"    {% for host in groups[\u0027letsencrypt-ssh\u0027] %}{% if inventory_hostname !\u003d host %}/usr/bin/rsync -azvr -e \u0027ssh -i /var/lib/letsencrypt/.ssh/id_rsa -p {{ hostvars[host][\u0027letsencrypt_ssh_port\u0027] }} -F /var/lib/letsencrypt/.ssh/config\u0027 $internal_cert_path  letsencrypt@{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:$le_haproxy_base{% endif %}"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"    {% endfor %}"},{"line_number":44,"context_line":"    {% endif %}"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"fi"},{"line_number":47,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"f6f9e9ab_c7afd5f0","line":44,"range":{"start_line":37,"start_character":0,"end_line":44,"end_character":15},"updated":"2021-07-29 09:39:51.000000000","message":"If there is only one VIP, then there is only one cert. I think the logic is usually the other way around - internal VIP always exists, external is optional.","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {% endfor %}"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    {% if kolla_same_external_internal_vip | bool %}"},{"line_number":38,"context_line":"    # duplicate certificate for internal"},{"line_number":39,"context_line":"    cp \"$external_cert_path\" \"$internal_cert_path\""},{"line_number":40,"context_line":"    echo \"ssh internal certificate to other nodes\""},{"line_number":41,"context_line":"    {% for host in groups[\u0027letsencrypt-ssh\u0027] %}{% if inventory_hostname !\u003d host %}/usr/bin/rsync -azvr -e \u0027ssh -i /var/lib/letsencrypt/.ssh/id_rsa -p {{ hostvars[host][\u0027letsencrypt_ssh_port\u0027] }} -F /var/lib/letsencrypt/.ssh/config\u0027 $internal_cert_path  letsencrypt@{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:$le_haproxy_base{% endif %}"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"    {% endfor %}"},{"line_number":44,"context_line":"    {% endif %}"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"fi"},{"line_number":47,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"325da80e_2b75f6f9","line":44,"range":{"start_line":37,"start_character":0,"end_line":44,"end_character":15},"in_reply_to":"f6f9e9ab_c7afd5f0","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"}],"ansible/roles/letsencrypt/templates/crontab.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"0   */12   *   *   *   /usr/bin/certbot.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"5d0504b8_62fd1f86","line":2,"range":{"start_line":2,"start_character":45,"end_line":2,"end_character":71},"updated":"2021-04-06 13:08:28.000000000","message":"What\u0027s going on here?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"0   */12   *   *   *   /usr/bin/certbot.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"be9522c0_232844e2","line":2,"range":{"start_line":2,"start_character":45,"end_line":2,"end_character":71},"in_reply_to":"5d0504b8_62fd1f86","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6ed430dd47f874aff84ee94edb138e8fa44a5f43","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"0   */12   *   *   *   /usr/bin/certbot.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"31c4fd53_8a087d43","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":20},"updated":"2021-07-29 09:39:51.000000000","message":"Might be nice if the schedule is configurable. We could crank up the rate for CI.","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"0   */12   *   *   *   /usr/bin/certbot.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":117,"id":"e8c3f925_a2cc28da","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":20},"in_reply_to":"31c4fd53_8a087d43","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"2e2e45f0ca743b1225085b89396d15c2e36f83dc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"{{ letsencrypt_cron_renew_rate }}   /usr/bin/letsencrypt-cert.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"188d4b2d_b9f73758","line":1,"range":{"start_line":1,"start_character":2,"end_line":1,"end_character":39},"updated":"2022-02-15 11:25:43.000000000","message":"Unless you change the default schedule...","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Will run certbot renew every 12 hours"},{"line_number":2,"context_line":"{{ letsencrypt_cron_renew_rate }}   /usr/bin/letsencrypt-cert.sh \u003e /tmp/stdout 2\u003e /tmp/stderr"},{"line_number":3,"context_line":"# Don\u0027t remove the empty line at the end of this file. It is required to run the cron job"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"3de60180_b4a23a38","line":1,"range":{"start_line":1,"start_character":2,"end_line":1,"end_character":39},"in_reply_to":"188d4b2d_b9f73758","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":1,"context_line":"PATH\u003d/usr/local/bin:/usr/bin:/bin"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"{% if kolla_external_vip_address !\u003d kolla_internal_vip_address and kolla_external_fqdn !\u003d kolla_external_vip_address %}"},{"line_number":4,"context_line":"{{ letsencrypt_cron_renew_schedule }} /usr/bin/letsencrypt-certificates --external --fqdn {{ kolla_external_fqdn }} --days {{ letsencrypt_cert_valid_days }} --port {{ letsencrypt_webserver_port }} --mail {{ letsencrypt_email }} --acme {{ letsencrypt_cert_server }} --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} --haproxies-ssh {% for host in groups[\u0027loadbalancer\u0027] %}{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} 2\u003e\u00261 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log"},{"line_number":5,"context_line":"{% endif %}"},{"line_number":6,"context_line":"{% if kolla_external_vip_address \u003d\u003d kolla_internal_vip_address and kolla_internal_fqdn !\u003d kolla_internal_vip_address %}"},{"line_number":7,"context_line":"{{ letsencrypt_cron_renew_schedule }} /usr/bin/letsencrypt-certificates --internal --fqdn {{ kolla_internal_fqdn }} --days {{ letsencrypt_cert_valid_days }} --port {{ letsencrypt_webserver_port }} --mail {{ letsencrypt_email }} --acme {{ letsencrypt_cert_server }} --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} --haproxies-ssh {% for host in groups[\u0027loadbalancer\u0027] %}{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} 2\u003e\u00261 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log"},{"line_number":8,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"8b7fa7cd_74ab1122","line":8,"range":{"start_line":1,"start_character":0,"end_line":8,"end_character":11},"updated":"2023-07-17 13:28:22.000000000","message":"did someone verify that the crontab works as expected?\nI\u0027m asking because the crontab approach for different projects was sometimes broken without anyone noticing, especially with missing libs, locale settings and permissions for the crontab user.","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":false,"context_lines":[{"line_number":1,"context_line":"PATH\u003d/usr/local/bin:/usr/bin:/bin"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"{% if kolla_external_vip_address !\u003d kolla_internal_vip_address and kolla_external_fqdn !\u003d kolla_external_vip_address %}"},{"line_number":4,"context_line":"{{ letsencrypt_cron_renew_schedule }} /usr/bin/letsencrypt-certificates --external --fqdn {{ kolla_external_fqdn }} --days {{ letsencrypt_cert_valid_days }} --port {{ letsencrypt_webserver_port }} --mail {{ letsencrypt_email }} --acme {{ letsencrypt_cert_server }} --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} --haproxies-ssh {% for host in groups[\u0027loadbalancer\u0027] %}{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} 2\u003e\u00261 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log"},{"line_number":5,"context_line":"{% endif %}"},{"line_number":6,"context_line":"{% if kolla_external_vip_address \u003d\u003d kolla_internal_vip_address and kolla_internal_fqdn !\u003d kolla_internal_vip_address %}"},{"line_number":7,"context_line":"{{ letsencrypt_cron_renew_schedule }} /usr/bin/letsencrypt-certificates --internal --fqdn {{ kolla_internal_fqdn }} --days {{ letsencrypt_cert_valid_days }} --port {{ letsencrypt_webserver_port }} --mail {{ letsencrypt_email }} --acme {{ letsencrypt_cert_server }} --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} --haproxies-ssh {% for host in groups[\u0027loadbalancer\u0027] %}{{ \u0027api\u0027 | kolla_address(host) | put_address_in_context(\u0027url\u0027) }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} 2\u003e\u00261 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log"},{"line_number":8,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"472db4a9_09b1a52d","line":8,"range":{"start_line":1,"start_character":0,"end_line":8,"end_character":11},"in_reply_to":"8b7fa7cd_74ab1122","updated":"2023-07-17 14:15:37.000000000","message":"yes, me","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"}],"ansible/roles/letsencrypt/templates/letsencrypt-acme.json.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":15,"context_line":"        {"},{"line_number":16,"context_line":"            \"path\": \"/www/data/{{ kolla_internal_fqdn }}\","},{"line_number":17,"context_line":"            \"owner\": \"letsencrypt:letsencrypt\","},{"line_number":18,"context_line":"            \"recurse\": true"},{"line_number":19,"context_line":"        }{% if not kolla_same_external_internal_vip | bool %},"},{"line_number":20,"context_line":"        {"},{"line_number":21,"context_line":"            \"path\": \"/www/data/{{ kolla_external_fqdn }}\","}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"3823af15_4b90570c","line":18,"range":{"start_line":18,"start_character":12,"end_line":18,"end_character":27},"updated":"2021-04-06 13:08:28.000000000","message":"Let\u0027s remove this, if possible","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":15,"context_line":"        {"},{"line_number":16,"context_line":"            \"path\": \"/www/data/{{ kolla_internal_fqdn }}\","},{"line_number":17,"context_line":"            \"owner\": \"letsencrypt:letsencrypt\","},{"line_number":18,"context_line":"            \"recurse\": true"},{"line_number":19,"context_line":"        }{% if not kolla_same_external_internal_vip | bool %},"},{"line_number":20,"context_line":"        {"},{"line_number":21,"context_line":"            \"path\": \"/www/data/{{ kolla_external_fqdn }}\","}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"5110bac5_82d3b434","line":18,"range":{"start_line":18,"start_character":12,"end_line":18,"end_character":27},"in_reply_to":"3823af15_4b90570c","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":20,"context_line":"        {"},{"line_number":21,"context_line":"            \"path\": \"/www/data/{{ kolla_external_fqdn }}\","},{"line_number":22,"context_line":"            \"owner\": \"letsencrypt:letsencrypt\","},{"line_number":23,"context_line":"            \"recurse\": true"},{"line_number":24,"context_line":"        }{% endif %}"},{"line_number":25,"context_line":"    ]"},{"line_number":26,"context_line":"}"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"cfc474c0_beeb9502","line":23,"range":{"start_line":23,"start_character":12,"end_line":23,"end_character":27},"updated":"2021-04-06 13:08:28.000000000","message":"ditto","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":20,"context_line":"        {"},{"line_number":21,"context_line":"            \"path\": \"/www/data/{{ kolla_external_fqdn }}\","},{"line_number":22,"context_line":"            \"owner\": \"letsencrypt:letsencrypt\","},{"line_number":23,"context_line":"            \"recurse\": true"},{"line_number":24,"context_line":"        }{% endif %}"},{"line_number":25,"context_line":"    ]"},{"line_number":26,"context_line":"}"}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"2d7c803f_e232ae24","line":23,"range":{"start_line":23,"start_character":12,"end_line":23,"end_character":27},"in_reply_to":"cfc474c0_beeb9502","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"53551560ff440191e282bfcd2cee19a04eb2b293","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_apache_dir \u003d \u0027apache2/conf-enabled\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd/conf.d\u0027 %}"},{"line_number":2,"context_line":"{% set apache_binary \u003d \u0027apache2\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/{{ apache_binary }} -DFOREGROUND\","}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"d1356103_94b74267","line":2,"range":{"start_line":2,"start_character":58,"end_line":2,"end_character":76},"updated":"2022-09-06 10:06:44.000000000","message":"make it alphabetical? in whole patch","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"ebcc55af7c45e5c292412e394bc0e64b95bdad25","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_apache_dir \u003d \u0027apache2/conf-enabled\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd/conf.d\u0027 %}"},{"line_number":2,"context_line":"{% set apache_binary \u003d \u0027apache2\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/{{ apache_binary }} -DFOREGROUND\","}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"a34c43f4_05176ec4","line":2,"range":{"start_line":2,"start_character":58,"end_line":2,"end_character":76},"in_reply_to":"6c328e66_fa32d226","updated":"2022-09-07 08:02:56.000000000","message":"Done","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"42504c28304ecaa355fa02193f96de12d6e1474c","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% set letsencrypt_apache_dir \u003d \u0027apache2/conf-enabled\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd/conf.d\u0027 %}"},{"line_number":2,"context_line":"{% set apache_binary \u003d \u0027apache2\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/{{ apache_binary }} -DFOREGROUND\","}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"6c328e66_fa32d226","line":2,"range":{"start_line":2,"start_character":58,"end_line":2,"end_character":76},"in_reply_to":"d1356103_94b74267","updated":"2022-09-06 23:16:03.000000000","message":"I can address this, however this is consistent with many other files (54 occurrences). Let me know.","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"}],"ansible/roles/letsencrypt/templates/letsencrypt-webserver.json.j2":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":2,"context_line":"{% set apache_binary \u003d \u0027apache2\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/{{ apache_binary }} -DFOREGROUND\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"        {"},{"line_number":8,"context_line":"            \"source\": \"{{ container_config_directory }}/letsencrypt-webserver.conf\","}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"7b7024f4_c2fcafef","line":5,"range":{"start_line":5,"start_character":17,"end_line":5,"end_character":45},"updated":"2023-09-18 09:13:21.000000000","message":"Note to self: To Check: is that binary really located in `/usr/sbin/`?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":2,"context_line":"{% set apache_binary \u003d \u0027apache2\u0027 if kolla_base_distro in [\u0027ubuntu\u0027, \u0027debian\u0027] else \u0027httpd\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/{{ apache_binary }} -DFOREGROUND\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"        {"},{"line_number":8,"context_line":"            \"source\": \"{{ container_config_directory }}/letsencrypt-webserver.conf\","}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"9e7e90a2_57cc8c02","line":5,"range":{"start_line":5,"start_character":17,"end_line":5,"end_character":45},"in_reply_to":"7b7024f4_c2fcafef","updated":"2023-09-18 10:13:57.000000000","message":"Do you think that if it wasn\u0027t there, CI would pass? :D","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"ansible/roles/letsencrypt/templates/pebble.minica.pem":[{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"53551560ff440191e282bfcd2cee19a04eb2b293","unresolved":true,"context_lines":[{"line_number":1,"context_line":"-----BEGIN CERTIFICATE-----"},{"line_number":2,"context_line":"MIIDCTCCAfGgAwIBAgIIJOLbes8sTr4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE"},{"line_number":3,"context_line":"AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMTcx"},{"line_number":4,"context_line":"MjA2MTk0MjEwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAyNGUyZGIwggEi"}],"source_content_type":"application/octet-stream","patch_set":165,"id":"cb73e32f_59eaef20","line":1,"updated":"2022-09-06 10:06:44.000000000","message":"Can this cert be generated during deploy so is it different for everyone?","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"42504c28304ecaa355fa02193f96de12d6e1474c","unresolved":false,"context_lines":[{"line_number":1,"context_line":"-----BEGIN CERTIFICATE-----"},{"line_number":2,"context_line":"MIIDCTCCAfGgAwIBAgIIJOLbes8sTr4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE"},{"line_number":3,"context_line":"AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMTcx"},{"line_number":4,"context_line":"MjA2MTk0MjEwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAyNGUyZGIwggEi"}],"source_content_type":"application/octet-stream","patch_set":165,"id":"d2cb24c5_59a11e1d","line":1,"in_reply_to":"cb73e32f_59eaef20","updated":"2022-09-06 23:16:03.000000000","message":"This is the specific cert required to use the testing cert server named \"pebble\". It is insecure by design, and it\u0027s only to be used in testing, and in our case during integration testing.","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"}],"ansible/roles/letsencrypt/templates/start-certbot-and-cron.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"# run certbot immediately"},{"line_number":12,"context_line":"certbot.sh"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"# Run cron"},{"line_number":15,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"420f55da_58dc4d8f","line":12,"range":{"start_line":12,"start_character":0,"end_line":12,"end_character":10},"updated":"2021-01-27 17:22:00.000000000","message":"certbot runs every time the container starts?","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"# run certbot immediately"},{"line_number":12,"context_line":"certbot.sh"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"# Run cron"},{"line_number":15,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"7a60505d_7c7d5fee","line":12,"range":{"start_line":12,"start_character":0,"end_line":12,"end_character":10},"in_reply_to":"420f55da_58dc4d8f","updated":"2021-02-12 22:04:19.000000000","message":"Yes - the script that either creates the cert or checks for renewal is executed","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":7,"context_line":"tail -f /tmp/stdout \u0026"},{"line_number":8,"context_line":"tail -f /tmp/stderr \u003e\u00262 \u0026"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# run certbot immediately"},{"line_number":11,"context_line":"certbot.sh"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Run cron"},{"line_number":14,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"de0a7c95_46ad4b2e","line":11,"range":{"start_line":10,"start_character":0,"end_line":11,"end_character":10},"updated":"2021-04-06 13:08:28.000000000","message":"I still don\u0027t really get why we need this one.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":false,"context_lines":[{"line_number":7,"context_line":"tail -f /tmp/stdout \u0026"},{"line_number":8,"context_line":"tail -f /tmp/stderr \u003e\u00262 \u0026"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# run certbot immediately"},{"line_number":11,"context_line":"certbot.sh"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Run cron"},{"line_number":14,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"b1714a20_6d998f15","line":11,"range":{"start_line":10,"start_character":0,"end_line":11,"end_character":10},"in_reply_to":"6b4cf725_d674d50b","updated":"2021-04-08 10:19:33.000000000","message":"What happens in a multinode scenario? Will all certbot containers try to generate certificates? Could that cause a problem?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":7,"context_line":"tail -f /tmp/stdout \u0026"},{"line_number":8,"context_line":"tail -f /tmp/stderr \u003e\u00262 \u0026"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# run certbot immediately"},{"line_number":11,"context_line":"certbot.sh"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Run cron"},{"line_number":14,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"a8b4be5c_aa91be8e","line":11,"range":{"start_line":10,"start_character":0,"end_line":11,"end_character":10},"in_reply_to":"b1714a20_6d998f15","updated":"2021-04-08 16:14:39.000000000","message":"This is not a problem. All nodes will attempt to generate certificate. However, only the certbot running on the node which the fqdn is directing towards will be successful, since the acme server on that node will return the required token. The other nodes will not succeed.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":7,"context_line":"tail -f /tmp/stdout \u0026"},{"line_number":8,"context_line":"tail -f /tmp/stderr \u003e\u00262 \u0026"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# run certbot immediately"},{"line_number":11,"context_line":"certbot.sh"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Run cron"},{"line_number":14,"context_line":"echo \"start cron\""}],"source_content_type":"text/x-jinja2","patch_set":103,"id":"6b4cf725_d674d50b","line":11,"range":{"start_line":10,"start_character":0,"end_line":11,"end_character":10},"in_reply_to":"de0a7c95_46ad4b2e","updated":"2021-04-08 03:36:53.000000000","message":"We want to run certbot immediately after deployment to generate the certificate. The Cron job will run periodically (every 12 hrs) to renew the certs.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"ansible/roles/letsencrypt/templates/update-external-haproxy-cert.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":true,"context_lines":[{"line_number":8,"context_line":"    # strip out whitespace"},{"line_number":9,"context_line":"    sed -i \u0027/^$/d\u0027 $external_cert_dir/fullcert.pem"},{"line_number":10,"context_line":"{% for host in groups[\u0027loadbalancer\u0027] %}"},{"line_number":11,"context_line":"    echo -e \"set ssl cert /etc/haproxy/haproxy.pem \u003c\u003c\\n$(cat $external_cert_dir/fullcert.pem)\\n\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host) }}:{{ haproxy_runtime_api_port }} -"},{"line_number":12,"context_line":"    echo \"commit ssl cert /etc/haproxy/haproxy.pem\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host) }}:{{ haproxy_runtime_api_port }} -"},{"line_number":13,"context_line":"    echo \"show ssl cert /etc/haproxy/haproxy.pem\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host)  }}:{{ haproxy_runtime_api_port }} -"},{"line_number":14,"context_line":"{% endfor %}"},{"line_number":15,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":135,"id":"67e2adf1_ebdf70db","line":13,"range":{"start_line":11,"start_character":0,"end_line":13,"end_character":137},"updated":"2022-02-23 10:17:14.000000000","message":"From https://www.haproxy.com/blog/dynamic-ssl-certificate-storage-in-haproxy/:\n\nAlthough updating a certificate in memory means you don’t need to reload HAProxy, it’s a good idea to store the file on the HAProxy server so that when you do perform a restart or reload, HAProxy will pick up the new file at startup, rather than reverting back to a stale version that’s still on disk. There are a number of ways to do this, such as by using Rsync, SCP, or SFTP to transfer the files to the remote HAProxy server. For example, you could use this one-line SCP command to do it:\n\nscp new_certificate.pem username@172.25.0.10:/etc/haproxy/certs/site.pem","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":8,"context_line":"    # strip out whitespace"},{"line_number":9,"context_line":"    sed -i \u0027/^$/d\u0027 $external_cert_dir/fullcert.pem"},{"line_number":10,"context_line":"{% for host in groups[\u0027loadbalancer\u0027] %}"},{"line_number":11,"context_line":"    echo -e \"set ssl cert /etc/haproxy/haproxy.pem \u003c\u003c\\n$(cat $external_cert_dir/fullcert.pem)\\n\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host) }}:{{ haproxy_runtime_api_port }} -"},{"line_number":12,"context_line":"    echo \"commit ssl cert /etc/haproxy/haproxy.pem\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host) }}:{{ haproxy_runtime_api_port }} -"},{"line_number":13,"context_line":"    echo \"show ssl cert /etc/haproxy/haproxy.pem\" | socat tcp-connect:{{ \u0027api\u0027 | kolla_address(host)  }}:{{ haproxy_runtime_api_port }} -"},{"line_number":14,"context_line":"{% endfor %}"},{"line_number":15,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":135,"id":"4edeaa09_3ef529b3","line":13,"range":{"start_line":11,"start_character":0,"end_line":13,"end_character":137},"in_reply_to":"67e2adf1_ebdf70db","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    scp -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config $external_cert haproxy@{{ \u0027api\u0027 | kolla_address(host) }}:/etc/letsencrypt/"},{"line_number":11,"context_line":"    # backup the haproxy.pem certificate"},{"line_number":12,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027cp /etc/letsencrypt/haproxy.pem /etc/letsencrypt/haproxy.pem.$(date +%Y%m%d%H%M%S)\u0027"},{"line_number":13,"context_line":"    # replace haproxy.pem with the new certificate"},{"line_number":14,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027cp /etc/letsencrypt/{{ kolla_external_fqdn }}.pem /etc/letsencrypt/haproxy.pem\u0027"},{"line_number":15,"context_line":"    # update haproxy with new certificate"},{"line_number":16,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo -e \"set ssl cert /etc/letsencrypt/haproxy.pem \u003c\u003c\\n$(cat /etc/letsencrypt/haproxy.pem)\\n\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":17,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo \"commit ssl cert /etc/letsencrypt/haproxy.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":18,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo \"show ssl cert /etc/letsencrypt/haproxy.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":19,"context_line":"{% endfor %}"},{"line_number":20,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":158,"id":"8f16cdc3_4524bb04","line":18,"range":{"start_line":13,"start_character":0,"end_line":18,"end_character":233},"updated":"2022-06-08 16:11:12.000000000","message":"Would we be better off putting these commands in a script that we can execute in one connection? Could also more easily lock down the SSH config potentially.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    scp -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config $external_cert haproxy@{{ \u0027api\u0027 | kolla_address(host) }}:/etc/letsencrypt/"},{"line_number":11,"context_line":"    # backup the haproxy.pem certificate"},{"line_number":12,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027cp /etc/letsencrypt/haproxy.pem /etc/letsencrypt/haproxy.pem.$(date +%Y%m%d%H%M%S)\u0027"},{"line_number":13,"context_line":"    # replace haproxy.pem with the new certificate"},{"line_number":14,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027cp /etc/letsencrypt/{{ kolla_external_fqdn }}.pem /etc/letsencrypt/haproxy.pem\u0027"},{"line_number":15,"context_line":"    # update haproxy with new certificate"},{"line_number":16,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo -e \"set ssl cert /etc/letsencrypt/haproxy.pem \u003c\u003c\\n$(cat /etc/letsencrypt/haproxy.pem)\\n\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":17,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo \"commit ssl cert /etc/letsencrypt/haproxy.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":18,"context_line":"    ssh -i /var/lib/letsencrypt/.ssh/id_rsa -F /var/lib/letsencrypt/.ssh/config haproxy@{{ \u0027api\u0027 | kolla_address(host) }} \u0027echo \"show ssl cert /etc/letsencrypt/haproxy.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -\u0027"},{"line_number":19,"context_line":"{% endfor %}"},{"line_number":20,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":158,"id":"8a7ef0ce_1c63368b","line":18,"range":{"start_line":13,"start_character":0,"end_line":18,"end_character":233},"in_reply_to":"8f16cdc3_4524bb04","updated":"2022-06-14 04:08:33.000000000","message":"Done","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"}],"ansible/roles/letsencrypt/templates/update-internal-haproxy-cert.sh.j2":[{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"53551560ff440191e282bfcd2cee19a04eb2b293","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"internal_cert\u003d/www/data/{{ kolla_internal_fqdn }}/certificates/{{ kolla_internal_fqdn }}.pem"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":165,"id":"3174aff8_12456d1d","line":1,"updated":"2022-09-06 10:06:44.000000000","message":"why not creating volume for LE keys and mount it on images which needs cert?","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"42504c28304ecaa355fa02193f96de12d6e1474c","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"internal_cert\u003d/www/data/{{ kolla_internal_fqdn }}/certificates/{{ kolla_internal_fqdn }}.pem"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":165,"id":"73155229_d1f1f2b9","line":1,"in_reply_to":"3174aff8_12456d1d","updated":"2022-09-06 23:16:03.000000000","message":"Since lets encrypt keys are generated after deployment, and then refreshed periodically after expiration, the keys would still be required to be transferred from a single HA node to all other replicated HA nodes. Maybe I don\u0027t fully understand the question. Thanks.","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"},{"author":{"_account_id":24072,"name":"Marcin Juszkiewicz","email":"mjuszkiewicz@redhat.com","username":"hrw"},"change_message_id":"ebcc55af7c45e5c292412e394bc0e64b95bdad25","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"internal_cert\u003d/www/data/{{ kolla_internal_fqdn }}/certificates/{{ kolla_internal_fqdn }}.pem"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":165,"id":"db2848fe_40c06ce3","line":1,"in_reply_to":"73155229_d1f1f2b9","updated":"2022-09-07 08:02:56.000000000","message":"Done","commit_id":"b35ed33f22e0b493151d8db12d59e040f9d5ab3d"}],"ansible/roles/loadbalancer/defaults/main.yml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5e1a7ceac0015a0af5a8544d2336c19c91e9b49a","unresolved":true,"context_lines":[{"line_number":179,"context_line":"haproxy_host_ipv4_tcp_retries2: \"KOLLA_UNSET\""},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"# HAProxy socket admin permissions enable"},{"line_number":182,"context_line":"haproxy_socket_level_admin: \"{{ enable_letsencrypt | bool }}\""},{"line_number":183,"context_line":"kolla_externally_managed_cert: False"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"# Allow to disable keepalived tracking script (e.g. for single node environments"}],"source_content_type":"text/x-yaml","patch_set":228,"id":"7d12d19d_cce75efd","line":182,"range":{"start_line":182,"start_character":0,"end_line":182,"end_character":6},"updated":"2023-09-22 08:24:57.000000000","message":"it would be nice to mention this changed behaviour in the docs or relnotes.\n\nSo something along the lines of:\n\n\"Notice: When you set `enable_letsencrypt` to true, you also enable haproxy socket level admin\".\n\nI infer it is needed for LE to interact with HA Proxy? Then this could also be mentioned there:\n\n\"This is needed so Let\u0027s Encrypt can interact with HAProxy.\"","commit_id":"dcc6ea93de76aaeb68ca3aee4b17f258b0ac8317"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"035f3d2a9b639c0abc563a809f991e6a5c8ffa46","unresolved":false,"context_lines":[{"line_number":179,"context_line":"haproxy_host_ipv4_tcp_retries2: \"KOLLA_UNSET\""},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"# HAProxy socket admin permissions enable"},{"line_number":182,"context_line":"haproxy_socket_level_admin: \"{{ enable_letsencrypt | bool }}\""},{"line_number":183,"context_line":"kolla_externally_managed_cert: False"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"# Allow to disable keepalived tracking script (e.g. for single node environments"}],"source_content_type":"text/x-yaml","patch_set":228,"id":"01eed21a_1c74d280","line":182,"range":{"start_line":182,"start_character":0,"end_line":182,"end_character":6},"in_reply_to":"7d12d19d_cce75efd","updated":"2023-10-23 16:48:29.000000000","message":"Done","commit_id":"dcc6ea93de76aaeb68ca3aee4b17f258b0ac8317"}],"ansible/roles/loadbalancer/tasks/config.yml":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":217,"context_line":"    mode: \"0660\""},{"line_number":218,"context_line":"  become: true"},{"line_number":219,"context_line":"  when:"},{"line_number":220,"context_line":"    - kolla_enable_tls_external | bool and not enable_letsencrypt | bool"},{"line_number":221,"context_line":"    - not kolla_externally_managed_cert | bool"},{"line_number":222,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":223,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"02a3b9d3_9dfc1a45","line":220,"updated":"2023-07-28 11:16:21.000000000","message":"split","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":217,"context_line":"    mode: \"0660\""},{"line_number":218,"context_line":"  become: true"},{"line_number":219,"context_line":"  when:"},{"line_number":220,"context_line":"    - kolla_enable_tls_external | bool and not enable_letsencrypt | bool"},{"line_number":221,"context_line":"    - not kolla_externally_managed_cert | bool"},{"line_number":222,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":223,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"c6f59a61_78fd2cdb","line":220,"in_reply_to":"02a3b9d3_9dfc1a45","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":235,"context_line":"    mode: \"0660\""},{"line_number":236,"context_line":"  become: true"},{"line_number":237,"context_line":"  when:"},{"line_number":238,"context_line":"    - kolla_enable_tls_internal | bool and not enable_letsencrypt | bool"},{"line_number":239,"context_line":"    - not kolla_externally_managed_cert | bool"},{"line_number":240,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":241,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"6ee87f4f_1039d230","line":238,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":235,"context_line":"    mode: \"0660\""},{"line_number":236,"context_line":"  become: true"},{"line_number":237,"context_line":"  when:"},{"line_number":238,"context_line":"    - kolla_enable_tls_internal | bool and not enable_letsencrypt | bool"},{"line_number":239,"context_line":"    - not kolla_externally_managed_cert | bool"},{"line_number":240,"context_line":"    - inventory_hostname in groups[service.group]"},{"line_number":241,"context_line":"    - service.enabled | bool"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"c40e0da8_cb5fefae","line":238,"in_reply_to":"6ee87f4f_1039d230","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":290,"context_line":"  template:"},{"line_number":291,"context_line":"    src: \"{{ item.src }}\""},{"line_number":292,"context_line":"    dest: \"{{ node_config_directory }}/haproxy-ssh/{{ item.dest }}\""},{"line_number":293,"context_line":"    mode: \"0660\""},{"line_number":294,"context_line":"  become: true"},{"line_number":295,"context_line":"  with_items:"},{"line_number":296,"context_line":"    - { src: \"haproxy-ssh/sshd_config.j2\", dest: \"sshd_config\" }"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"eaac66b2_c0959f33","line":293,"range":{"start_line":293,"start_character":11,"end_line":293,"end_character":15},"updated":"2023-07-28 11:16:21.000000000","message":"0600","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":290,"context_line":"  template:"},{"line_number":291,"context_line":"    src: \"{{ item.src }}\""},{"line_number":292,"context_line":"    dest: \"{{ node_config_directory }}/haproxy-ssh/{{ item.dest }}\""},{"line_number":293,"context_line":"    mode: \"0660\""},{"line_number":294,"context_line":"  become: true"},{"line_number":295,"context_line":"  with_items:"},{"line_number":296,"context_line":"    - { src: \"haproxy-ssh/sshd_config.j2\", dest: \"sshd_config\" }"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"584f72f1_8230f958","line":293,"range":{"start_line":293,"start_character":11,"end_line":293,"end_character":15},"in_reply_to":"eaac66b2_c0959f33","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"ansible/roles/loadbalancer/templates/haproxy-ssh/update-haproxy-cert.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"db3c31dbf631766f973f1b8fa541a298e3277d58","unresolved":true,"context_lines":[{"line_number":5,"context_line":"# update haproxy with new certificate"},{"line_number":6,"context_line":"echo -e \"set ssl cert /etc/letsencrypt/$1.pem \u003c\u003c\\n$(cat /etc/letsencrypt/$1.pem)\\n\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"},{"line_number":7,"context_line":"echo \"commit ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock -"},{"line_number":8,"context_line":"echo \"show ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"b8b6a31d_001bfc78","line":8,"range":{"start_line":8,"start_character":0,"end_line":8,"end_character":104},"updated":"2022-07-29 08:56:34.000000000","message":"Why do we need to show the cert?","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"c238b5f8266101e833aa44d5ef971bd506f5bb7c","unresolved":false,"context_lines":[{"line_number":5,"context_line":"# update haproxy with new certificate"},{"line_number":6,"context_line":"echo -e \"set ssl cert /etc/letsencrypt/$1.pem \u003c\u003c\\n$(cat /etc/letsencrypt/$1.pem)\\n\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"},{"line_number":7,"context_line":"echo \"commit ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock -"},{"line_number":8,"context_line":"echo \"show ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"86291e9c_c038e397","line":8,"range":{"start_line":8,"start_character":0,"end_line":8,"end_character":104},"in_reply_to":"7660f253_2fb99350","updated":"2023-07-17 07:43:40.000000000","message":"Done","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6c4cb7b2507b3c6d100e496af4ea4175077c0936","unresolved":true,"context_lines":[{"line_number":5,"context_line":"# update haproxy with new certificate"},{"line_number":6,"context_line":"echo -e \"set ssl cert /etc/letsencrypt/$1.pem \u003c\u003c\\n$(cat /etc/letsencrypt/$1.pem)\\n\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"},{"line_number":7,"context_line":"echo \"commit ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock -"},{"line_number":8,"context_line":"echo \"show ssl cert /etc/letsencrypt/$1.pem\" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock  -"}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"7660f253_2fb99350","line":8,"range":{"start_line":8,"start_character":0,"end_line":8,"end_character":104},"in_reply_to":"b8b6a31d_001bfc78","updated":"2022-08-03 00:12:02.000000000","message":"We don\u0027t, but it\u0027s good if you are debug tracing the certificate update, especially during functional test. I can remove it if requested.","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"}],"ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":32,"context_line":"            \"owner\": \"haproxy\","},{"line_number":33,"context_line":"            \"perm\": \"0660\","},{"line_number":34,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":35,"context_line":"        }{% if enable_letsencrypt | bool %},"},{"line_number":36,"context_line":"        {"},{"line_number":37,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":38,"context_line":"            \"dest\": \"/etc/letsencrypt/haproxy.pem\","},{"line_number":39,"context_line":"            \"owner\": \"haproxy\","},{"line_number":40,"context_line":"            \"perm\": \"0660\","},{"line_number":41,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":42,"context_line":"        },"},{"line_number":43,"context_line":"        {"},{"line_number":44,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy-internal.pem\","},{"line_number":45,"context_line":"            \"dest\": \"/etc/letsencrypt/haproxy-internal.pem\","},{"line_number":46,"context_line":"            \"owner\": \"haproxy\","},{"line_number":47,"context_line":"            \"perm\": \"0660\","},{"line_number":48,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":49,"context_line":"        }"},{"line_number":50,"context_line":"{% endif %}"},{"line_number":51,"context_line":"    ]"}],"source_content_type":"text/x-jinja2","patch_set":158,"id":"4ffb947b_d1455d95","line":48,"range":{"start_line":35,"start_character":0,"end_line":48,"end_character":85},"updated":"2022-06-08 16:11:12.000000000","message":"Seems like this will end badly once LE has done a rotation.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":false,"context_lines":[{"line_number":32,"context_line":"            \"owner\": \"haproxy\","},{"line_number":33,"context_line":"            \"perm\": \"0660\","},{"line_number":34,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":35,"context_line":"        }{% if enable_letsencrypt | bool %},"},{"line_number":36,"context_line":"        {"},{"line_number":37,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":38,"context_line":"            \"dest\": \"/etc/letsencrypt/haproxy.pem\","},{"line_number":39,"context_line":"            \"owner\": \"haproxy\","},{"line_number":40,"context_line":"            \"perm\": \"0660\","},{"line_number":41,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":42,"context_line":"        },"},{"line_number":43,"context_line":"        {"},{"line_number":44,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy-internal.pem\","},{"line_number":45,"context_line":"            \"dest\": \"/etc/letsencrypt/haproxy-internal.pem\","},{"line_number":46,"context_line":"            \"owner\": \"haproxy\","},{"line_number":47,"context_line":"            \"perm\": \"0660\","},{"line_number":48,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":49,"context_line":"        }"},{"line_number":50,"context_line":"{% endif %}"},{"line_number":51,"context_line":"    ]"}],"source_content_type":"text/x-jinja2","patch_set":158,"id":"5b6ded49_6fde58c3","line":48,"range":{"start_line":35,"start_character":0,"end_line":48,"end_character":85},"in_reply_to":"4ffb947b_d1455d95","updated":"2022-06-14 04:08:33.000000000","message":"Done","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/haproxy/certificates/haproxy.pem\","},{"line_number":32,"context_line":"            \"owner\": \"haproxy\","},{"line_number":33,"context_line":"            \"perm\": \"0660\","},{"line_number":34,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":35,"context_line":"        }{% endif %}"},{"line_number":36,"context_line":"        {% if kolla_enable_tls_internal | bool and not enable_letsencrypt | bool %},"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"2b8ae578_0cea2ee3","line":33,"range":{"start_line":33,"start_character":21,"end_line":33,"end_character":25},"updated":"2023-07-28 11:16:21.000000000","message":"0600","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/haproxy/certificates/haproxy.pem\","},{"line_number":32,"context_line":"            \"owner\": \"haproxy\","},{"line_number":33,"context_line":"            \"perm\": \"0660\","},{"line_number":34,"context_line":"            \"optional\": {{ (not kolla_enable_tls_external | bool) | string | lower }}"},{"line_number":35,"context_line":"        }{% endif %}"},{"line_number":36,"context_line":"        {% if kolla_enable_tls_internal | bool and not enable_letsencrypt | bool %},"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"acb8ddfd_fdafeea8","line":33,"range":{"start_line":33,"start_character":21,"end_line":33,"end_character":25},"in_reply_to":"2b8ae578_0cea2ee3","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":38,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy-internal.pem\","},{"line_number":39,"context_line":"            \"dest\": \"/etc/haproxy/certificates/haproxy-internal.pem\","},{"line_number":40,"context_line":"            \"owner\": \"haproxy\","},{"line_number":41,"context_line":"            \"perm\": \"0660\","},{"line_number":42,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":43,"context_line":"        }"},{"line_number":44,"context_line":"        {% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"92f303fc_efb9a9fd","line":41,"range":{"start_line":41,"start_character":21,"end_line":41,"end_character":25},"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":38,"context_line":"            \"source\": \"{{ container_config_directory }}/haproxy-internal.pem\","},{"line_number":39,"context_line":"            \"dest\": \"/etc/haproxy/certificates/haproxy-internal.pem\","},{"line_number":40,"context_line":"            \"owner\": \"haproxy\","},{"line_number":41,"context_line":"            \"perm\": \"0660\","},{"line_number":42,"context_line":"            \"optional\": {{ (not kolla_enable_tls_internal | bool) | string | lower }}"},{"line_number":43,"context_line":"        }"},{"line_number":44,"context_line":"        {% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"6c5ff1fd_d00fdd93","line":41,"range":{"start_line":41,"start_character":21,"end_line":41,"end_character":25},"in_reply_to":"92f303fc_efb9a9fd","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"ansible/roles/loadbalancer/templates/haproxy/haproxy_main.cfg.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":13,"context_line":"        {% endfor %}"},{"line_number":14,"context_line":"    {% endif %}"},{"line_number":15,"context_line":"    stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660"},{"line_number":16,"context_line":"    stats socket {{ api_interface_address }}:{{ haproxy_runtime_api_port }} level admin expose-fd listeners"},{"line_number":17,"context_line":"    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}"},{"line_number":18,"context_line":"    ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES"},{"line_number":19,"context_line":"    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"015304e2_8cc0a4a2","line":16,"range":{"start_line":16,"start_character":76,"end_line":16,"end_character":87},"updated":"2022-02-15 11:25:43.000000000","message":"Exposing an unauthenticated admin socket on the internal API network is dangerous. It even says so in the haproxy docs!\n\nWhat is it required for?","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":true,"context_lines":[{"line_number":13,"context_line":"        {% endfor %}"},{"line_number":14,"context_line":"    {% endif %}"},{"line_number":15,"context_line":"    stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660"},{"line_number":16,"context_line":"    stats socket {{ api_interface_address }}:{{ haproxy_runtime_api_port }} level admin expose-fd listeners"},{"line_number":17,"context_line":"    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}"},{"line_number":18,"context_line":"    ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES"},{"line_number":19,"context_line":"    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"fc7fbef0_a045ef48","line":16,"range":{"start_line":16,"start_character":76,"end_line":16,"end_character":87},"in_reply_to":"015304e2_8cc0a4a2","updated":"2022-02-18 01:59:07.000000000","message":"The admin socket needs to be exposed to be able to dynamically update the certificate. It is how to enable the HAProxy Runtime API. I tried it at both the operator and user level, but that did not provide enough permissions.\n\nhttps://www.haproxy.com/blog/dynamic-ssl-certificate-storage-in-haproxy/\n\nI have updated this to be configured only when LE is enabled.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":false,"context_lines":[{"line_number":13,"context_line":"        {% endfor %}"},{"line_number":14,"context_line":"    {% endif %}"},{"line_number":15,"context_line":"    stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660"},{"line_number":16,"context_line":"    stats socket {{ api_interface_address }}:{{ haproxy_runtime_api_port }} level admin expose-fd listeners"},{"line_number":17,"context_line":"    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}"},{"line_number":18,"context_line":"    ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES"},{"line_number":19,"context_line":"    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"f229520d_66d798c4","line":16,"range":{"start_line":16,"start_character":76,"end_line":16,"end_character":87},"in_reply_to":"292fe6f6_1073b357","updated":"2022-06-08 16:11:12.000000000","message":"Now resolved","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":true,"context_lines":[{"line_number":13,"context_line":"        {% endfor %}"},{"line_number":14,"context_line":"    {% endif %}"},{"line_number":15,"context_line":"    stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660"},{"line_number":16,"context_line":"    stats socket {{ api_interface_address }}:{{ haproxy_runtime_api_port }} level admin expose-fd listeners"},{"line_number":17,"context_line":"    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}"},{"line_number":18,"context_line":"    ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES"},{"line_number":19,"context_line":"    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"292fe6f6_1073b357","line":16,"range":{"start_line":16,"start_character":76,"end_line":16,"end_character":87},"in_reply_to":"fc7fbef0_a045ef48","updated":"2022-02-23 10:17:14.000000000","message":"I\u0027m afraid that\u0027s a blocker for me. Exposing the runtime socket unauthenticated via TCP gives anyone with access to that network the ability to control HAProxy - change certs, backends etc.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"ansible/roles/loadbalancer/templates/haproxy/haproxy_run.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"db3c31dbf631766f973f1b8fa541a298e3277d58","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash -x"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"{% if enable_letsencrypt | bool %}"},{"line_number":4,"context_line":"{% if kolla_enable_tls_internal | bool %}"},{"line_number":5,"context_line":"if [ ! -f /etc/letsencrypt/haproxy-internal.pem ]; then"},{"line_number":6,"context_line":"    cp /etc/haproxy/haproxy-internal.pem /etc/letsencrypt/haproxy-internal.pem"},{"line_number":7,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy-internal.pem"},{"line_number":8,"context_line":"fi"},{"line_number":9,"context_line":"{% endif %}"},{"line_number":10,"context_line":"{% if kolla_enable_tls_external | bool %}"},{"line_number":11,"context_line":"if [ ! -f /etc/letsencrypt/haproxy.pem ]; then"},{"line_number":12,"context_line":"    cp /etc/haproxy/haproxy.pem /etc/letsencrypt/haproxy.pem"},{"line_number":13,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy.pem"},{"line_number":14,"context_line":"fi"},{"line_number":15,"context_line":"{% endif %}"},{"line_number":16,"context_line":"{% endif %}"},{"line_number":17,"context_line":"# We need to run haproxy with one `-f` for each service, because including an"},{"line_number":18,"context_line":"# entire config directory was not a feature until version 1.7 of HAProxy."},{"line_number":19,"context_line":"# So, append \"-f $cfg\" to the haproxy command for each service file."}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"e443222c_ccaf3511","line":16,"range":{"start_line":2,"start_character":0,"end_line":16,"end_character":11},"updated":"2022-07-29 08:56:34.000000000","message":"What is this for?","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash -x"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"{% if enable_letsencrypt | bool %}"},{"line_number":4,"context_line":"{% if kolla_enable_tls_internal | bool %}"},{"line_number":5,"context_line":"if [ ! -f /etc/letsencrypt/haproxy-internal.pem ]; then"},{"line_number":6,"context_line":"    cp /etc/haproxy/haproxy-internal.pem /etc/letsencrypt/haproxy-internal.pem"},{"line_number":7,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy-internal.pem"},{"line_number":8,"context_line":"fi"},{"line_number":9,"context_line":"{% endif %}"},{"line_number":10,"context_line":"{% if kolla_enable_tls_external | bool %}"},{"line_number":11,"context_line":"if [ ! -f /etc/letsencrypt/haproxy.pem ]; then"},{"line_number":12,"context_line":"    cp /etc/haproxy/haproxy.pem /etc/letsencrypt/haproxy.pem"},{"line_number":13,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy.pem"},{"line_number":14,"context_line":"fi"},{"line_number":15,"context_line":"{% endif %}"},{"line_number":16,"context_line":"{% endif %}"},{"line_number":17,"context_line":"# We need to run haproxy with one `-f` for each service, because including an"},{"line_number":18,"context_line":"# entire config directory was not a feature until version 1.7 of HAProxy."},{"line_number":19,"context_line":"# So, append \"-f $cfg\" to the haproxy command for each service file."}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"ff70ca35_33775989","line":16,"range":{"start_line":2,"start_character":0,"end_line":16,"end_character":11},"in_reply_to":"60a1704b_098f2bfd","updated":"2023-07-17 11:49:26.000000000","message":"Done","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6c4cb7b2507b3c6d100e496af4ea4175077c0936","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash -x"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"{% if enable_letsencrypt | bool %}"},{"line_number":4,"context_line":"{% if kolla_enable_tls_internal | bool %}"},{"line_number":5,"context_line":"if [ ! -f /etc/letsencrypt/haproxy-internal.pem ]; then"},{"line_number":6,"context_line":"    cp /etc/haproxy/haproxy-internal.pem /etc/letsencrypt/haproxy-internal.pem"},{"line_number":7,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy-internal.pem"},{"line_number":8,"context_line":"fi"},{"line_number":9,"context_line":"{% endif %}"},{"line_number":10,"context_line":"{% if kolla_enable_tls_external | bool %}"},{"line_number":11,"context_line":"if [ ! -f /etc/letsencrypt/haproxy.pem ]; then"},{"line_number":12,"context_line":"    cp /etc/haproxy/haproxy.pem /etc/letsencrypt/haproxy.pem"},{"line_number":13,"context_line":"    chown haproxy: /etc/letsencrypt/haproxy.pem"},{"line_number":14,"context_line":"fi"},{"line_number":15,"context_line":"{% endif %}"},{"line_number":16,"context_line":"{% endif %}"},{"line_number":17,"context_line":"# We need to run haproxy with one `-f` for each service, because including an"},{"line_number":18,"context_line":"# entire config directory was not a feature until version 1.7 of HAProxy."},{"line_number":19,"context_line":"# So, append \"-f $cfg\" to the haproxy command for each service file."}],"source_content_type":"text/x-jinja2","patch_set":160,"id":"60a1704b_098f2bfd","line":16,"range":{"start_line":2,"start_character":0,"end_line":16,"end_character":11},"in_reply_to":"e443222c_ccaf3511","updated":"2022-08-03 00:12:02.000000000","message":"We are copying the original certificate to letsencrypt volume, and setting the correct permissions. This copied certificate on the lets encrypt volume will ultimately be replaced with the LE cert (though it is backed up). \n\nThis is done to preserve the original self signed cert in the case that the deployer wants to revert to the original deployed openstack state, and to isolate the docker volume where disk changes can occur.","commit_id":"91c3f5514fb43b862780493d9b90c6d0b15bd4a1"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":4,"context_line":"{% if kolla_enable_tls_external | bool %}"},{"line_number":5,"context_line":"if [ ! -e \"/etc/haproxy/certificates/haproxy.pem\" ]; then"},{"line_number":6,"context_line":"    # Generate temporary self-signed cert"},{"line_number":7,"context_line":"    # This means external tls is enabled but certificates was not copied"},{"line_number":8,"context_line":"    # to container - so letsencrypt is enabled"},{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"8a434530_02579142","line":7,"range":{"start_line":7,"start_character":45,"end_line":7,"end_character":57},"updated":"2023-07-17 13:28:22.000000000","message":"nit: the certificate","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":4,"context_line":"{% if kolla_enable_tls_external | bool %}"},{"line_number":5,"context_line":"if [ ! -e \"/etc/haproxy/certificates/haproxy.pem\" ]; then"},{"line_number":6,"context_line":"    # Generate temporary self-signed cert"},{"line_number":7,"context_line":"    # This means external tls is enabled but certificates was not copied"},{"line_number":8,"context_line":"    # to container - so letsencrypt is enabled"},{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"c400099a_4b4cb5cf","line":7,"range":{"start_line":7,"start_character":45,"end_line":7,"end_character":57},"in_reply_to":"8a434530_02579142","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":5,"context_line":"if [ ! -e \"/etc/haproxy/certificates/haproxy.pem\" ]; then"},{"line_number":6,"context_line":"    # Generate temporary self-signed cert"},{"line_number":7,"context_line":"    # This means external tls is enabled but certificates was not copied"},{"line_number":8,"context_line":"    # to container - so letsencrypt is enabled"},{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"271d7eeb_778856fb","line":8,"range":{"start_line":8,"start_character":6,"end_line":8,"end_character":18},"updated":"2023-07-17 13:28:22.000000000","message":"nit: to the container","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":5,"context_line":"if [ ! -e \"/etc/haproxy/certificates/haproxy.pem\" ]; then"},{"line_number":6,"context_line":"    # Generate temporary self-signed cert"},{"line_number":7,"context_line":"    # This means external tls is enabled but certificates was not copied"},{"line_number":8,"context_line":"    # to container - so letsencrypt is enabled"},{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"d68a9ab0_f2a4050e","line":8,"range":{"start_line":8,"start_character":6,"end_line":8,"end_character":18},"in_reply_to":"271d7eeb_778856fb","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"08f97def_cb381b71","line":12,"range":{"start_line":12,"start_character":120,"end_line":12,"end_character":129},"updated":"2023-07-17 13:28:22.000000000","message":"use example.com please instead of real domains.","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"3df8e170_5faaf6ab","line":12,"range":{"start_line":12,"start_character":34,"end_line":12,"end_character":38},"updated":"2023-07-17 13:28:22.000000000","message":"why use an expensive cert if it\u0027s only used as an intermediary?","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"bdcc0842_b172d51b","line":12,"range":{"start_line":12,"start_character":120,"end_line":12,"end_character":129},"in_reply_to":"08f97def_cb381b71","updated":"2023-07-17 14:15:37.000000000","message":"this was for fun :)\n\nmichalarbet@pixla:~/ultimum/git/github/kolla$ whois example.com\n   Domain Name: EXAMPLE.COM\n   Registry Domain ID: 2336799_DOMAIN_COM-VRSN\n   Registrar WHOIS Server: whois.iana.org\n   Registrar URL: http://res-dom.iana.org\n   Updated Date: 2023-05-12T15:13:35Z\n   Creation Date: 1995-08-14T04:00:00Z\n\n\nexample.com exist","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"e3db4855fe5874af43041088543547aa86bd992e","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"9aefda0a_d693a970","line":12,"range":{"start_line":12,"start_character":34,"end_line":12,"end_character":38},"in_reply_to":"3df8e170_5faaf6ab","updated":"2023-07-17 13:30:02.000000000","message":"failed to add: use rsa:2048 as a default here imho.","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"75fc552b_456a2479","line":12,"range":{"start_line":12,"start_character":34,"end_line":12,"end_character":38},"in_reply_to":"42e9faec_bf4d025c","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"42e9faec_bf4d025c","line":12,"range":{"start_line":12,"start_character":34,"end_line":12,"end_character":38},"in_reply_to":"9aefda0a_d693a970","updated":"2023-07-17 14:15:37.000000000","message":"haha, google -\u003e self singed certificate oneliner -\u003e stackoverflow -\u003e ctrl+c -\u003e ctrl+v ..i will try to lower it on my env and will change if will pass","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003dkevko.com\" -addext \"subjectAltName\u003dDNS:kevko.com,DNS:*.kevko.com,IP:{{ kolla_external_vip_address }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"32e4d5bc_76300d60","line":12,"range":{"start_line":12,"start_character":120,"end_line":12,"end_character":129},"in_reply_to":"bdcc0842_b172d51b","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":25,"context_line":"    #"},{"line_number":26,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":27,"context_line":"    # replace it in a while"},{"line_number":28,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal.key -out /tmp/haproxy-internal.crt -subj \"/CN\u003dkevko-internal.com\" -addext \"subjectAltName\u003dDNS:kevko-internal.com,DNS:*.kevko-internal.com,IP:{{ kolla_internal_vip_address }}\""},{"line_number":29,"context_line":"    cat /tmp/haproxy-internal.crt \u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":30,"context_line":"    cat /tmp/haproxy-internal.key \u003e\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    rm -f /tmp/haproxy-internal.key /tmp/haproxy-internal.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"9cd50a95_c6188a6b","line":28,"range":{"start_line":28,"start_character":2,"end_line":28,"end_character":266},"updated":"2023-07-17 13:28:22.000000000","message":"see comments above","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":25,"context_line":"    #"},{"line_number":26,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":27,"context_line":"    # replace it in a while"},{"line_number":28,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal.key -out /tmp/haproxy-internal.crt -subj \"/CN\u003dkevko-internal.com\" -addext \"subjectAltName\u003dDNS:kevko-internal.com,DNS:*.kevko-internal.com,IP:{{ kolla_internal_vip_address }}\""},{"line_number":29,"context_line":"    cat /tmp/haproxy-internal.crt \u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":30,"context_line":"    cat /tmp/haproxy-internal.key \u003e\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    rm -f /tmp/haproxy-internal.key /tmp/haproxy-internal.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"b494460a_abe65437","line":28,"range":{"start_line":28,"start_character":2,"end_line":28,"end_character":266},"in_reply_to":"9cd50a95_c6188a6b","updated":"2023-07-17 14:15:37.000000000","message":"see replies above","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":25,"context_line":"    #"},{"line_number":26,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":27,"context_line":"    # replace it in a while"},{"line_number":28,"context_line":"    openssl req -x509 -newkey rsa:4096 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal.key -out /tmp/haproxy-internal.crt -subj \"/CN\u003dkevko-internal.com\" -addext \"subjectAltName\u003dDNS:kevko-internal.com,DNS:*.kevko-internal.com,IP:{{ kolla_internal_vip_address }}\""},{"line_number":29,"context_line":"    cat /tmp/haproxy-internal.crt \u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":30,"context_line":"    cat /tmp/haproxy-internal.key \u003e\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    rm -f /tmp/haproxy-internal.key /tmp/haproxy-internal.crt"}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"5b0f7b9c_547e1246","line":28,"range":{"start_line":28,"start_character":2,"end_line":28,"end_character":266},"in_reply_to":"b494460a_abe65437","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003d{{ kolla_external_fqdn }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"},{"line_number":16,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy.pem"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"51f84f13_77a0dc9a","line":13,"updated":"2023-07-28 11:16:21.000000000","message":"cat /tmp/haproxy.crt /tmp/haproxy.key \u003e /etc/haproxy/certificates/haproxy.pem\n\nno need in two commands\n\nalso its security safe to use $$ in all temp filenames to avoid the possible problems. so replace everywhere here /tmp/haproxy.crt with /tmp/haproxy$$.crt and /tmp/haproxy.key with /tmp/haproxy$$.key","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy.key -out /tmp/haproxy.crt -subj \"/CN\u003d{{ kolla_external_fqdn }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy.crt \u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    cat /tmp/haproxy.key \u003e\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":15,"context_line":"    rm -f /tmp/haproxy.key /tmp/haproxy.crt"},{"line_number":16,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy.pem"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"ea41b895_2d775e86","line":13,"in_reply_to":"51f84f13_77a0dc9a","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":26,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":27,"context_line":"    # replace it in a while"},{"line_number":28,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal.key -out /tmp/haproxy-internal.crt -subj \"/CN\u003d{{ kolla_internal_fqdn }}\""},{"line_number":29,"context_line":"    cat /tmp/haproxy-internal.crt \u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":30,"context_line":"    cat /tmp/haproxy-internal.key \u003e\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    rm -f /tmp/haproxy-internal.key /tmp/haproxy-internal.crt"},{"line_number":32,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy-internal.pem"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"94e31416_0682ba13","line":29,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":26,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":27,"context_line":"    # replace it in a while"},{"line_number":28,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal.key -out /tmp/haproxy-internal.crt -subj \"/CN\u003d{{ kolla_internal_fqdn }}\""},{"line_number":29,"context_line":"    cat /tmp/haproxy-internal.crt \u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":30,"context_line":"    cat /tmp/haproxy-internal.key \u003e\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    rm -f /tmp/haproxy-internal.key /tmp/haproxy-internal.crt"},{"line_number":32,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy-internal.pem"}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"9213bd86_311923d8","line":29,"in_reply_to":"94e31416_0682ba13","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy$$.key -out /tmp/haproxy$$.crt -subj \"/CN\u003d{{ kolla_external_fqdn }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy$$.crt /tmp/haproxy$$.key\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    rm -f /tmp/haproxy$$.key /tmp/haproxy$$.crt"},{"line_number":15,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy.pem"},{"line_number":16,"context_line":"    chmod 0660 /etc/haproxy/certificates/haproxy.pem"},{"line_number":17,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"9628ba91_5b62d3ab","line":14,"range":{"start_line":12,"start_character":0,"end_line":14,"end_character":47},"updated":"2023-09-18 09:13:21.000000000","message":"use this one:\n\n```\nssl_tmp_dir\u003d$(mktemp -d)\n    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout ${ssl_tmp_dir}/haproxy$$.key -out ${ssl_tmp_dir}/haproxy$$.crt -subj \"/CN\u003d{{ kolla_external_fqdn }}\"\n    cat ${ssl_tmp_dir}/haproxy$$.crt ${ssl_tmp_dir}/haproxy$$.key\u003e /etc/haproxy/certificates/haproxy.pem\n    rm -rf ${ssl_tmp_dir}\n```","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    #"},{"line_number":10,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":11,"context_line":"    # replace it in a while"},{"line_number":12,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy$$.key -out /tmp/haproxy$$.crt -subj \"/CN\u003d{{ kolla_external_fqdn }}\""},{"line_number":13,"context_line":"    cat /tmp/haproxy$$.crt /tmp/haproxy$$.key\u003e /etc/haproxy/certificates/haproxy.pem"},{"line_number":14,"context_line":"    rm -f /tmp/haproxy$$.key /tmp/haproxy$$.crt"},{"line_number":15,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy.pem"},{"line_number":16,"context_line":"    chmod 0660 /etc/haproxy/certificates/haproxy.pem"},{"line_number":17,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"c9d0e490_023a08a2","line":14,"range":{"start_line":12,"start_character":0,"end_line":14,"end_character":47},"in_reply_to":"9628ba91_5b62d3ab","updated":"2023-09-18 10:13:57.000000000","message":"Done","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":24,"context_line":"    #"},{"line_number":25,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":26,"context_line":"    # replace it in a while"},{"line_number":27,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal$$.key -out /tmp/haproxy-internal$$.crt -subj \"/CN\u003d{{ kolla_internal_fqdn }}\""},{"line_number":28,"context_line":"    cat /tmp/haproxy-internal$$.crt /tmp/haproxy-internal$$.key\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":29,"context_line":"    rm -f /tmp/haproxy-internal$$.key /tmp/haproxy-internal$$.crt"},{"line_number":30,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    chmod 0660 /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":32,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"1973b395_f1ca0d54","line":29,"range":{"start_line":27,"start_character":4,"end_line":29,"end_character":65},"updated":"2023-09-18 09:13:21.000000000","message":"use this one:\n\n```\nssl_tmp_dir\u003d$(mktemp -d)\nopenssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout ${ssl_tmp_dir}/haproxy-internal$$.key -out ${ssl_tmp_dir}/haproxy-internal$$.crt -subj \"/CN\u003d{{ kolla_internal_fqdn }}\"\ncat ${ssl_tmp_dir}/haproxy-internal$$.crt ${ssl_tmp_dir}/haproxy-internal$$.key\u003e /etc/haproxy/certificates/haproxy-internal.pem\nrm -rf ${ssl_tmp_dir}\n```","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":24,"context_line":"    #"},{"line_number":25,"context_line":"    # Let\u0027s generate certificate to make haproxy happy, lego will"},{"line_number":26,"context_line":"    # replace it in a while"},{"line_number":27,"context_line":"    openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes -keyout /tmp/haproxy-internal$$.key -out /tmp/haproxy-internal$$.crt -subj \"/CN\u003d{{ kolla_internal_fqdn }}\""},{"line_number":28,"context_line":"    cat /tmp/haproxy-internal$$.crt /tmp/haproxy-internal$$.key\u003e /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":29,"context_line":"    rm -f /tmp/haproxy-internal$$.key /tmp/haproxy-internal$$.crt"},{"line_number":30,"context_line":"    chown haproxy:haproxy /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":31,"context_line":"    chmod 0660 /etc/haproxy/certificates/haproxy-internal.pem"},{"line_number":32,"context_line":"fi"}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"3fe46769_89597ffb","line":29,"range":{"start_line":27,"start_character":4,"end_line":29,"end_character":65},"in_reply_to":"1973b395_f1ca0d54","updated":"2023-09-18 10:13:57.000000000","message":"Done","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"ansible/site.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":1221,"context_line":"  roles:"},{"line_number":1222,"context_line":"    - { role: letsencrypt,"},{"line_number":1223,"context_line":"        tags: letsencrypt,"},{"line_number":1224,"context_line":"        when: enable_letsencrypt | bool }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"11afc33e_48de0056","line":1224,"updated":"2021-01-27 17:22:00.000000000","message":"Maybe it should go after haproxy","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":1221,"context_line":"  roles:"},{"line_number":1222,"context_line":"    - { role: letsencrypt,"},{"line_number":1223,"context_line":"        tags: letsencrypt,"},{"line_number":1224,"context_line":"        when: enable_letsencrypt | bool }"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"401215fb_20a9e766","line":1224,"in_reply_to":"11afc33e_48de0056","updated":"2021-02-12 22:04:19.000000000","message":"k","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e3befd5f1e775d2fe44cc53cbd2ca683b74c0b62","unresolved":true,"context_lines":[{"line_number":1157,"context_line":"        tags: masakari,"},{"line_number":1158,"context_line":"        when: enable_masakari | bool }"},{"line_number":1159,"context_line":""},{"line_number":1160,"context_line":"- name: Apply role letsencrypt"},{"line_number":1161,"context_line":"  gather_facts: false"},{"line_number":1162,"context_line":"  hosts:"},{"line_number":1163,"context_line":"    - letsencrypt"},{"line_number":1164,"context_line":"    - \u0027\u0026enable_letsencrypt_True\u0027"},{"line_number":1165,"context_line":"  serial: \u0027{{ kolla_serial|default(\"0\") }}\u0027"},{"line_number":1166,"context_line":"  roles:"},{"line_number":1167,"context_line":"    - { role: letsencrypt,"},{"line_number":1168,"context_line":"        tags: letsencrypt,"},{"line_number":1169,"context_line":"        when: enable_letsencrypt | bool }"}],"source_content_type":"text/x-yaml","patch_set":56,"id":"226c0adc_db93942f","line":1169,"range":{"start_line":1160,"start_character":0,"end_line":1169,"end_character":41},"updated":"2021-03-25 18:01:11.000000000","message":"Should probably go just after haproxy role?","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"82de050c9e91453b3b355f7776d8d9a7c87ef550","unresolved":true,"context_lines":[{"line_number":1157,"context_line":"        tags: masakari,"},{"line_number":1158,"context_line":"        when: enable_masakari | bool }"},{"line_number":1159,"context_line":""},{"line_number":1160,"context_line":"- name: Apply role letsencrypt"},{"line_number":1161,"context_line":"  gather_facts: false"},{"line_number":1162,"context_line":"  hosts:"},{"line_number":1163,"context_line":"    - letsencrypt"},{"line_number":1164,"context_line":"    - \u0027\u0026enable_letsencrypt_True\u0027"},{"line_number":1165,"context_line":"  serial: \u0027{{ kolla_serial|default(\"0\") }}\u0027"},{"line_number":1166,"context_line":"  roles:"},{"line_number":1167,"context_line":"    - { role: letsencrypt,"},{"line_number":1168,"context_line":"        tags: letsencrypt,"},{"line_number":1169,"context_line":"        when: enable_letsencrypt | bool }"}],"source_content_type":"text/x-yaml","patch_set":56,"id":"59d3dcf3_37854075","line":1169,"range":{"start_line":1160,"start_character":0,"end_line":1169,"end_character":41},"in_reply_to":"226c0adc_db93942f","updated":"2021-04-01 04:30:25.000000000","message":"It will cause deployment to fail if it doesn\u0027t happen as the last role - or else subsequent roles will fail with with \"unable to get local issuer certificate\" when using pebble.","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":1157,"context_line":"        tags: masakari,"},{"line_number":1158,"context_line":"        when: enable_masakari | bool }"},{"line_number":1159,"context_line":""},{"line_number":1160,"context_line":"- name: Apply role letsencrypt"},{"line_number":1161,"context_line":"  gather_facts: false"},{"line_number":1162,"context_line":"  hosts:"},{"line_number":1163,"context_line":"    - letsencrypt"},{"line_number":1164,"context_line":"    - \u0027\u0026enable_letsencrypt_True\u0027"},{"line_number":1165,"context_line":"  serial: \u0027{{ kolla_serial|default(\"0\") }}\u0027"},{"line_number":1166,"context_line":"  roles:"},{"line_number":1167,"context_line":"    - { role: letsencrypt,"},{"line_number":1168,"context_line":"        tags: letsencrypt,"},{"line_number":1169,"context_line":"        when: enable_letsencrypt | bool }"}],"source_content_type":"text/x-yaml","patch_set":56,"id":"f84d8d0d_87a0ef3f","line":1169,"range":{"start_line":1160,"start_character":0,"end_line":1169,"end_character":41},"in_reply_to":"59d3dcf3_37854075","updated":"2023-07-17 11:49:26.000000000","message":"Done, working","commit_id":"4e5d71cab3938db43b7b78548ea027e19dd5dd1d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"31f9da8e_4b837c70","line":365,"updated":"2021-04-06 13:08:28.000000000","message":"Should the role run just after haproxy?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"50ed084a_25fcb33c","line":365,"in_reply_to":"31f9da8e_4b837c70","updated":"2021-04-08 03:36:53.000000000","message":"No, since the default cacert used during deployment becomes incorrect after letsencrypt deployment. It should be last. This will break deployment when using pebble, and the cacert changes.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"f8b0584e_3834275a","line":365,"in_reply_to":"39e1d639_b399df86","updated":"2022-02-15 11:25:43.000000000","message":"Going back to this, you\u0027re saying that the deployment will be broken after letsencrypt runs? Could we add both CA certs to the trust store?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"dc429821_f79d950c","line":365,"in_reply_to":"50ed084a_25fcb33c","updated":"2021-04-08 10:19:33.000000000","message":"hmm. I find it a shame we have to use these bootstrap certificates. I thought LE was supposed to make it easy? Perhaps it\u0027s something we can iterate on later.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"a4fa2123_8afb5561","line":365,"in_reply_to":"b5c32c0d_e14ffe3a","updated":"2023-07-17 11:49:26.000000000","message":"Done, working with pebble and working with official letsencrypt.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"39e1d639_b399df86","line":365,"in_reply_to":"dc429821_f79d950c","updated":"2021-04-08 16:14:39.000000000","message":"This was part of the spec - First bootstrap the self signed certificates, then replace with trusted certificates.\n\nWe could certainly iterate on us.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":true,"context_lines":[{"line_number":362,"context_line":"          when: enable_zun | bool"},{"line_number":363,"context_line":"      when:"},{"line_number":364,"context_line":"        - enable_haproxy | bool"},{"line_number":365,"context_line":"        - kolla_action in [\u0027deploy\u0027, \u0027reconfigure\u0027, \u0027upgrade\u0027, \u0027config\u0027]"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"- name: Apply role collectd"},{"line_number":368,"context_line":"  gather_facts: false"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"b5c32c0d_e14ffe3a","line":365,"in_reply_to":"f8b0584e_3834275a","updated":"2022-02-18 01:59:07.000000000","message":"When using a real valid SSL certificate for the domain, deployment should not be broken. When using a certificate from pebble, it will be broken, since the deployment node would need access to pebble to gather the CA certs. I believe the only way around this is to have deployment itself run certbot instead of generating certs.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"doc/source/admin/acme.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":1,"context_line":".. acme:"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":"ACME http-01 challenge support"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This guide describes how to configure Kolla Ansible to enable ACME http-01"}],"source_content_type":"text/x-rst","patch_set":14,"id":"a5937fe2_ba865f20","line":4,"updated":"2021-02-15 15:27:10.000000000","message":"This probably needs to be a bit more general.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":1,"context_line":".. acme:"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":"ACME http-01 challenge support"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This guide describes how to configure Kolla Ansible to enable ACME http-01"}],"source_content_type":"text/x-rst","patch_set":14,"id":"676ac788_afcc9cd5","line":4,"in_reply_to":"a5937fe2_ba865f20","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":"ACME http-01 challenge support"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This guide describes how to configure Kolla Ansible to enable ACME http-01"},{"line_number":8,"context_line":"challenge support."},{"line_number":9,"context_line":"As of Victoria, Kolla Ansible supports configuring HAProxy Horizon frontend"}],"source_content_type":"text/x-rst","patch_set":14,"id":"0a76f2ec_94b2420d","line":6,"updated":"2021-02-15 15:27:10.000000000","message":"Intro should say we have two modes of integration:\n\n* external ACME client\n* Kolla Ansible managed certbot","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":"ACME http-01 challenge support"},{"line_number":5,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This guide describes how to configure Kolla Ansible to enable ACME http-01"},{"line_number":8,"context_line":"challenge support."},{"line_number":9,"context_line":"As of Victoria, Kolla Ansible supports configuring HAProxy Horizon frontend"}],"source_content_type":"text/x-rst","patch_set":14,"id":"325a1935_f3abcf7f","line":6,"in_reply_to":"0a76f2ec_94b2420d","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40c7152e71b8d05f6d2ec4ebd98f0b830c621f3c","unresolved":true,"context_lines":[{"line_number":71,"context_line":"By enabling the Let\u0027s Encrypt service, the configuration for"},{"line_number":72,"context_line":"``acme_client_servers`` is automatically configured."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"OpenStack initially uses self signed TLS certificates to bootstrap during"},{"line_number":75,"context_line":"deployment. After deployment has completed, the Let\u0027s Encrypt container"},{"line_number":76,"context_line":"will execute the \"certbot\" process to generate the trusted TLS certificates."},{"line_number":77,"context_line":"After the certificates are successfully generated, the HAProxy container will"},{"line_number":78,"context_line":"replace the self signed certificates with the Let\u0027s Encrypt certificates. The"}],"source_content_type":"text/x-rst","patch_set":14,"id":"82280585_2f93d930","line":75,"range":{"start_line":74,"start_character":0,"end_line":75,"end_character":10},"updated":"2021-02-15 15:27:10.000000000","message":"Well, it needs some initial certificates. These can be locally generated. Please also include the kolla-ansible certificates command as an example for how to do it.","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"68a5639cb8c31e6d8a94c7753da6f9650be79fb5","unresolved":false,"context_lines":[{"line_number":71,"context_line":"By enabling the Let\u0027s Encrypt service, the configuration for"},{"line_number":72,"context_line":"``acme_client_servers`` is automatically configured."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"OpenStack initially uses self signed TLS certificates to bootstrap during"},{"line_number":75,"context_line":"deployment. After deployment has completed, the Let\u0027s Encrypt container"},{"line_number":76,"context_line":"will execute the \"certbot\" process to generate the trusted TLS certificates."},{"line_number":77,"context_line":"After the certificates are successfully generated, the HAProxy container will"},{"line_number":78,"context_line":"replace the self signed certificates with the Let\u0027s Encrypt certificates. The"}],"source_content_type":"text/x-rst","patch_set":14,"id":"94e01cf6_8d504cb1","line":75,"range":{"start_line":74,"start_character":0,"end_line":75,"end_character":10},"in_reply_to":"82280585_2f93d930","updated":"2021-02-20 17:22:38.000000000","message":"Done","commit_id":"09e2158ed7fc2a2688880fa0863308d426cd6acb"}],"doc/source/admin/tls.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":323,"context_line":"``/etc/kolla/certificates/`` directory, and a copy of the CA certificate"},{"line_number":324,"context_line":"(``root.crt``) will be stored in the ``/etc/kolla/certificates/ca/`` directory."},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"Certificates generated with Let\u0027s Encrypt Service"},{"line_number":327,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"The Let\u0027s Encrypt service, which generates trusted, production ready TLS"}],"source_content_type":"text/x-rst","patch_set":11,"id":"4867d8a6_ca82a6d3","line":326,"updated":"2021-01-27 17:22:00.000000000","message":"We already have an acme.rst, I think this needs to be integrated with it.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":323,"context_line":"``/etc/kolla/certificates/`` directory, and a copy of the CA certificate"},{"line_number":324,"context_line":"(``root.crt``) will be stored in the ``/etc/kolla/certificates/ca/`` directory."},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"Certificates generated with Let\u0027s Encrypt Service"},{"line_number":327,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"The Let\u0027s Encrypt service, which generates trusted, production ready TLS"}],"source_content_type":"text/x-rst","patch_set":11,"id":"ad1eb175_6a52d116","line":326,"in_reply_to":"4867d8a6_ca82a6d3","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":339,"context_line":""},{"line_number":340,"context_line":".. code-block:: yaml"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"  kolla_enable_tls_external: \"yes\""},{"line_number":343,"context_line":"  kolla_enable_tls_internal: \"yes\""},{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""}],"source_content_type":"text/x-rst","patch_set":11,"id":"721c1ad6_1ab439e0","line":343,"range":{"start_line":342,"start_character":2,"end_line":343,"end_character":34},"updated":"2021-01-27 17:22:00.000000000","message":"Let\u0027s not imply these are both necessary.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":339,"context_line":""},{"line_number":340,"context_line":".. code-block:: yaml"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"  kolla_enable_tls_external: \"yes\""},{"line_number":343,"context_line":"  kolla_enable_tls_internal: \"yes\""},{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf9e0b9b_db4a809f","line":343,"range":{"start_line":342,"start_character":2,"end_line":343,"end_character":34},"in_reply_to":"721c1ad6_1ab439e0","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":342,"context_line":"  kolla_enable_tls_external: \"yes\""},{"line_number":343,"context_line":"  kolla_enable_tls_internal: \"yes\""},{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":347,"context_line":"  kolla_verify_tls_backend: \"yes\""},{"line_number":348,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"2b928133_2025cc5d","line":345,"range":{"start_line":345,"start_character":2,"end_line":345,"end_character":33},"updated":"2021-01-27 17:22:00.000000000","message":"Unrelated","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":342,"context_line":"  kolla_enable_tls_external: \"yes\""},{"line_number":343,"context_line":"  kolla_enable_tls_internal: \"yes\""},{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":347,"context_line":"  kolla_verify_tls_backend: \"yes\""},{"line_number":348,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"b6005cc5_b6c87f28","line":345,"range":{"start_line":345,"start_character":2,"end_line":345,"end_character":33},"in_reply_to":"2b928133_2025cc5d","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":347,"context_line":"  kolla_verify_tls_backend: \"yes\""},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"Configure:"},{"line_number":350,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"9d5b4fea_dc9eb2f4","line":347,"range":{"start_line":347,"start_character":2,"end_line":347,"end_character":33},"updated":"2021-01-27 17:22:00.000000000","message":"Unrelated","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":344,"context_line":"  kolla_copy_ca_into_containers: \"yes\""},{"line_number":345,"context_line":"  kolla_enable_tls_backend: \"yes\""},{"line_number":346,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":347,"context_line":"  kolla_verify_tls_backend: \"yes\""},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"Configure:"},{"line_number":350,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"b568978a_88f28263","line":347,"range":{"start_line":347,"start_character":2,"end_line":347,"end_character":33},"in_reply_to":"9d5b4fea_dc9eb2f4","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"470f1a4dca8a53bf1fb25df0a9bf2a5cb7723e70","unresolved":true,"context_lines":[{"line_number":351,"context_line":".. code-block:: yaml"},{"line_number":352,"context_line":""},{"line_number":353,"context_line":"  kolla_admin_openrc_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":354,"context_line":"  acme_client_servers:"},{"line_number":355,"context_line":"    - server certbot \u003copenstack server domain name or ip\u003e:8081"},{"line_number":356,"context_line":"  letsencrypt_email: \"example@email.org\""},{"line_number":357,"context_line":""},{"line_number":358,"context_line":"OpenStack initially uses self signed TLS certificates to bootstrap during"}],"source_content_type":"text/x-rst","patch_set":11,"id":"ad6a285f_e88bacaa","line":355,"range":{"start_line":354,"start_character":2,"end_line":355,"end_character":62},"updated":"2021-01-27 17:22:00.000000000","message":"Would be nice if it could do this automatically.","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"e0e5708b913857d8d996cbd332c307df65a993f1","unresolved":false,"context_lines":[{"line_number":351,"context_line":".. code-block:: yaml"},{"line_number":352,"context_line":""},{"line_number":353,"context_line":"  kolla_admin_openrc_cacert: \"{{ kolla_certificates_dir }}/ca/root.crt\""},{"line_number":354,"context_line":"  acme_client_servers:"},{"line_number":355,"context_line":"    - server certbot \u003copenstack server domain name or ip\u003e:8081"},{"line_number":356,"context_line":"  letsencrypt_email: \"example@email.org\""},{"line_number":357,"context_line":""},{"line_number":358,"context_line":"OpenStack initially uses self signed TLS certificates to bootstrap during"}],"source_content_type":"text/x-rst","patch_set":11,"id":"13645496_97b6741e","line":355,"range":{"start_line":354,"start_character":2,"end_line":355,"end_character":62},"in_reply_to":"ad6a285f_e88bacaa","updated":"2021-02-12 22:04:19.000000000","message":"Done","commit_id":"9bc103f4ccace4e6108b14c4237d99ee152a90af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Once the Let\u0027s Encrypt certificates are retrieved from the Let\u0027s Encrypt"},{"line_number":309,"context_line":"certificate authority, they will automatically be deployed to the OpenStack"},{"line_number":310,"context_line":"HAProxy containers."},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":313,"context_line":"hours using certbot. If the certificates are renewed, they will automatically"}],"source_content_type":"text/x-rst","patch_set":131,"id":"466f44ae_4bfb1f60","line":310,"range":{"start_line":310,"start_character":8,"end_line":310,"end_character":18},"updated":"2022-02-15 11:25:43.000000000","message":"How is the cert synchronised between HAProxy hosts?","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":false,"context_lines":[{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Once the Let\u0027s Encrypt certificates are retrieved from the Let\u0027s Encrypt"},{"line_number":309,"context_line":"certificate authority, they will automatically be deployed to the OpenStack"},{"line_number":310,"context_line":"HAProxy containers."},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":313,"context_line":"hours using certbot. If the certificates are renewed, they will automatically"}],"source_content_type":"text/x-rst","patch_set":131,"id":"27e8a99f_dd147e2d","line":310,"range":{"start_line":310,"start_character":8,"end_line":310,"end_character":18},"in_reply_to":"2f258fd6_85f9b8ad","updated":"2022-02-23 10:17:14.000000000","message":"Well, it is now :)","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":true,"context_lines":[{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Once the Let\u0027s Encrypt certificates are retrieved from the Let\u0027s Encrypt"},{"line_number":309,"context_line":"certificate authority, they will automatically be deployed to the OpenStack"},{"line_number":310,"context_line":"HAProxy containers."},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":313,"context_line":"hours using certbot. If the certificates are renewed, they will automatically"}],"source_content_type":"text/x-rst","patch_set":131,"id":"2f258fd6_85f9b8ad","line":310,"range":{"start_line":310,"start_character":8,"end_line":310,"end_character":18},"in_reply_to":"466f44ae_4bfb1f60","updated":"2022-02-18 01:59:07.000000000","message":"The certificate is automatically deployed to all HAProxy containers. The script iterates through all hosts in the loadbalancer group.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":329,"context_line":""},{"line_number":330,"context_line":".. code-block:: console"},{"line_number":331,"context_line":""},{"line_number":332,"context_line":"  kolla-ansible -i multinode -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\" deploy"},{"line_number":333,"context_line":""},{"line_number":334,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":335,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"}],"source_content_type":"text/x-rst","patch_set":158,"id":"60bfcc59_a9eef0c5","line":332,"range":{"start_line":332,"start_character":28,"end_line":332,"end_character":89},"updated":"2022-06-08 16:11:12.000000000","message":"Why?","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":false,"context_lines":[{"line_number":329,"context_line":""},{"line_number":330,"context_line":".. code-block:: console"},{"line_number":331,"context_line":""},{"line_number":332,"context_line":"  kolla-ansible -i multinode -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\" deploy"},{"line_number":333,"context_line":""},{"line_number":334,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":335,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"}],"source_content_type":"text/x-rst","patch_set":158,"id":"7c3864ce_14a45b2d","line":332,"range":{"start_line":332,"start_character":28,"end_line":332,"end_character":89},"in_reply_to":"60bfcc59_a9eef0c5","updated":"2022-06-14 04:08:33.000000000","message":"Done","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":302,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":303,"context_line":"  letsencrypt_email: \"\u003cThe email used for registration and recovery contact\u003e\""},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"The Let\u0027s Encrypt container in OpenStack uses the Lego client to"},{"line_number":306,"context_line":"fetch and renew certificates from the Let’s Encrypt service."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"To use Let\u0027s Encrypt certificates there are several steps to deployment."}],"source_content_type":"text/x-rst","patch_set":215,"id":"b3c20e86_a1c2b2b5","line":305,"range":{"start_line":305,"start_character":50,"end_line":305,"end_character":61},"updated":"2023-07-17 13:28:22.000000000","message":"maybe add a link to https://github.com/go-acme/lego, as not everyone might be familiar with this software?","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":302,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":303,"context_line":"  letsencrypt_email: \"\u003cThe email used for registration and recovery contact\u003e\""},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"The Let\u0027s Encrypt container in OpenStack uses the Lego client to"},{"line_number":306,"context_line":"fetch and renew certificates from the Let’s Encrypt service."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"To use Let\u0027s Encrypt certificates there are several steps to deployment."}],"source_content_type":"text/x-rst","patch_set":215,"id":"eaf3d0da_7f9b7f66","line":305,"range":{"start_line":305,"start_character":50,"end_line":305,"end_character":61},"in_reply_to":"7896b779_ed38936d","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":302,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":303,"context_line":"  letsencrypt_email: \"\u003cThe email used for registration and recovery contact\u003e\""},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"The Let\u0027s Encrypt container in OpenStack uses the Lego client to"},{"line_number":306,"context_line":"fetch and renew certificates from the Let’s Encrypt service."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"To use Let\u0027s Encrypt certificates there are several steps to deployment."}],"source_content_type":"text/x-rst","patch_set":215,"id":"7896b779_ed38936d","line":305,"range":{"start_line":305,"start_character":50,"end_line":305,"end_character":61},"in_reply_to":"b3c20e86_a1c2b2b5","updated":"2023-07-17 14:15:37.000000000","message":"ack","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":322,"context_line":""},{"line_number":323,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":324,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"},{"line_number":325,"context_line":"to the HAProxy containers."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Generating a Private Certificate Authority"},{"line_number":328,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":215,"id":"5e269268_9f9b67c0","line":325,"range":{"start_line":325,"start_character":1,"end_line":325,"end_character":26},"updated":"2023-07-17 13:28:22.000000000","message":"I think there should be more explanation, like: what is the purpose of the new haproxy ssh container?","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":322,"context_line":""},{"line_number":323,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":324,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"},{"line_number":325,"context_line":"to the HAProxy containers."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Generating a Private Certificate Authority"},{"line_number":328,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":215,"id":"77f62888_c4444ee8","line":325,"range":{"start_line":325,"start_character":1,"end_line":325,"end_character":26},"in_reply_to":"454941ce_6414dac9","updated":"2023-07-17 22:18:05.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":322,"context_line":""},{"line_number":323,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":324,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"},{"line_number":325,"context_line":"to the HAProxy containers."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Generating a Private Certificate Authority"},{"line_number":328,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":215,"id":"454941ce_6414dac9","line":325,"range":{"start_line":325,"start_character":1,"end_line":325,"end_character":26},"in_reply_to":"5e269268_9f9b67c0","updated":"2023-07-17 14:15:37.000000000","message":"ack, can u help to formulate docs/releasenotes ? i hate it to be honest.","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":303,"context_line":"  letsencrypt_email: \"\u003cThe email used for registration and recovery contact\u003e\""},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":306,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"},{"line_number":307,"context_line":"to the HAProxy containers using SSH."}],"source_content_type":"text/x-rst","patch_set":222,"id":"9fca1ca6_f2d128f0","line":304,"updated":"2023-07-28 11:16:21.000000000","message":"add here note that email is required and deploy would fail if not set.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"17afb970c4fadc6728d84176f6265f42b91862e2","unresolved":false,"context_lines":[{"line_number":301,"context_line":""},{"line_number":302,"context_line":"  enable_letsencrypt: \"yes\""},{"line_number":303,"context_line":"  letsencrypt_email: \"\u003cThe email used for registration and recovery contact\u003e\""},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"The Let\u0027s Encrypt container will attempt to renew your certificates every 12"},{"line_number":306,"context_line":"hours. If the certificates are renewed, they will automatically be deployed"},{"line_number":307,"context_line":"to the HAProxy containers using SSH."}],"source_content_type":"text/x-rst","patch_set":222,"id":"4a2d7ba0_339d38e2","line":304,"in_reply_to":"9fca1ca6_f2d128f0","updated":"2023-08-09 13:08:11.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"etc/kolla/globals.yml":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":272,"context_line":"####################"},{"line_number":273,"context_line":"# LetsEncrypt options"},{"line_number":274,"context_line":"####################"},{"line_number":275,"context_line":"#letsencrypt_email: \"\""},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"####################"},{"line_number":278,"context_line":"# LetsEncrypt certificate server options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"782e6895_1eb3ec7a","line":275,"updated":"2023-07-28 11:16:21.000000000","message":"add comment that email is required","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":272,"context_line":"####################"},{"line_number":273,"context_line":"# LetsEncrypt options"},{"line_number":274,"context_line":"####################"},{"line_number":275,"context_line":"#letsencrypt_email: \"\""},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"####################"},{"line_number":278,"context_line":"# LetsEncrypt certificate server options"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"669b5cd7_e498416a","line":275,"in_reply_to":"782e6895_1eb3ec7a","updated":"2023-08-09 12:13:36.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"etc/kolla/passwords.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":186,"context_line":"  private_key:"},{"line_number":187,"context_line":"  public_key:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"letsencrypt_ssh_key:"},{"line_number":190,"context_line":"  private_key:"},{"line_number":191,"context_line":"  public_key:"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"bifrost_ssh_key:"},{"line_number":194,"context_line":"  private_key:"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"f863af7f_574b6bc3","line":191,"range":{"start_line":189,"start_character":0,"end_line":191,"end_character":13},"updated":"2022-02-15 11:25:43.000000000","message":"Still required?","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":186,"context_line":"  private_key:"},{"line_number":187,"context_line":"  public_key:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"letsencrypt_ssh_key:"},{"line_number":190,"context_line":"  private_key:"},{"line_number":191,"context_line":"  public_key:"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"bifrost_ssh_key:"},{"line_number":194,"context_line":"  private_key:"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"34615d89_b7d1e11f","line":191,"range":{"start_line":189,"start_character":0,"end_line":191,"end_character":13},"in_reply_to":"f863af7f_574b6bc3","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"kolla_ansible/cmd/genpwd.py":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":116,"context_line":""},{"line_number":117,"context_line":"    # SSH key pair"},{"line_number":118,"context_line":"    ssh_keys \u003d [\u0027kolla_ssh_key\u0027, \u0027nova_ssh_key\u0027,"},{"line_number":119,"context_line":"                \u0027keystone_ssh_key\u0027, \u0027letsencrypt_ssh_key\u0027,"},{"line_number":120,"context_line":"                \u0027bifrost_ssh_key\u0027, \u0027octavia_amp_ssh_key\u0027]"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"    # If these keys are None, leave them as None"}],"source_content_type":"text/x-python","patch_set":131,"id":"dbabbb70_5a6666f0","line":119,"range":{"start_line":119,"start_character":37,"end_line":119,"end_character":56},"updated":"2022-02-15 11:25:43.000000000","message":"ditto","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":116,"context_line":""},{"line_number":117,"context_line":"    # SSH key pair"},{"line_number":118,"context_line":"    ssh_keys \u003d [\u0027kolla_ssh_key\u0027, \u0027nova_ssh_key\u0027,"},{"line_number":119,"context_line":"                \u0027keystone_ssh_key\u0027, \u0027letsencrypt_ssh_key\u0027,"},{"line_number":120,"context_line":"                \u0027bifrost_ssh_key\u0027, \u0027octavia_amp_ssh_key\u0027]"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"    # If these keys are None, leave them as None"}],"source_content_type":"text/x-python","patch_set":131,"id":"3dae4fae_3dbad05f","line":119,"range":{"start_line":119,"start_character":37,"end_line":119,"end_character":56},"in_reply_to":"dbabbb70_5a6666f0","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"releasenotes/notes/add-lets-encrypt-intergration-9e5f9846536379af.yaml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"8972508227291f2bec828c6737c09b144c9605aa","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - Add Lets Encrypt TLS certificate service integration into Openstack"},{"line_number":4,"context_line":"    deployment. Enables trusted TLS certificate generation option for"},{"line_number":5,"context_line":"    secure communcation with OpenStack HAProxy instances using"},{"line_number":6,"context_line":"    ``kolla_internal_fqdn`` and/or ``kolla_external_fqdn`` is required."},{"line_number":7,"context_line":"    One container runs an Apache ACME server and one runs Lego for certificate"},{"line_number":8,"context_line":"    retrieval and renewal. The Lego container starts a cron job which attempts"},{"line_number":9,"context_line":"    to renew certificates every 12"}],"source_content_type":"text/x-yaml","patch_set":194,"id":"704f68b8_9d414a3c","line":6,"range":{"start_line":6,"start_character":5,"end_line":6,"end_character":71},"updated":"2023-07-03 10:22:23.000000000","message":"also a valid email address is required:\n\n\u003e The email used for certificate registration and recovery contact. Required.\n`letsencrypt_email: \"\"`","commit_id":"28f1ecfc823e0aa85b17f3b10556faad02065798"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - Add Lets Encrypt TLS certificate service integration into Openstack"},{"line_number":4,"context_line":"    deployment. Enables trusted TLS certificate generation option for"},{"line_number":5,"context_line":"    secure communcation with OpenStack HAProxy instances using"},{"line_number":6,"context_line":"    ``kolla_internal_fqdn`` and/or ``kolla_external_fqdn`` is required."},{"line_number":7,"context_line":"    One container runs an Apache ACME server and one runs Lego for certificate"},{"line_number":8,"context_line":"    retrieval and renewal. The Lego container starts a cron job which attempts"},{"line_number":9,"context_line":"    to renew certificates every 12"}],"source_content_type":"text/x-yaml","patch_set":194,"id":"9f95c0e6_f795acbd","line":6,"range":{"start_line":6,"start_character":5,"end_line":6,"end_character":71},"in_reply_to":"704f68b8_9d414a3c","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"28f1ecfc823e0aa85b17f3b10556faad02065798"}],"tests/check-lets-encrypt.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Check for CRITICAL, ERROR or WARNING messages in log files."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"set -o errexit"},{"line_number":6,"context_line":"set -o pipefail"}],"source_content_type":"text/x-sh","patch_set":40,"id":"d5d29847_78e07490","line":3,"updated":"2021-03-17 12:35:05.000000000","message":"This is just a copy of the log file check script?","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Check for CRITICAL, ERROR or WARNING messages in log files."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"set -o errexit"},{"line_number":6,"context_line":"set -o pipefail"}],"source_content_type":"text/x-sh","patch_set":40,"id":"dada2ccf_fcadd9c5","line":3,"in_reply_to":"d5d29847_78e07490","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"}],"tests/deploy-lets-encrypt.sh":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"76862a17d8d599c843f805462bb5df5473b0fe40","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"615e9c5f_b07e656d","line":32,"range":{"start_line":32,"start_character":55,"end_line":32,"end_character":80},"updated":"2022-05-18 11:38:23.000000000","message":"seems wrong to require","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"76862a17d8d599c843f805462bb5df5473b0fe40","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"46864d87_bcc7e823","line":32,"range":{"start_line":32,"start_character":86,"end_line":32,"end_character":110},"updated":"2022-05-18 11:38:23.000000000","message":"this too","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"538ccbdb4b3eba4d7a85b2adb8ef29ef88b8e87d","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"cab7697e_1d1f5f45","line":32,"range":{"start_line":32,"start_character":86,"end_line":32,"end_character":110},"in_reply_to":"46864d87_bcc7e823","updated":"2022-05-18 16:48:07.000000000","message":"Redeploying let\u0027s encrypt will trigger another certificate retrieval.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"538ccbdb4b3eba4d7a85b2adb8ef29ef88b8e87d","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"9db2cba5_9eb5c751","line":32,"range":{"start_line":32,"start_character":55,"end_line":32,"end_character":80},"in_reply_to":"615e9c5f_b07e656d","updated":"2022-05-18 16:48:07.000000000","message":"It\u0027s not that we want to disable the load balancer (or lets encrypt) - its that we don\u0027t want to redeploy the load balancer since the load balancer has been updated with the certificate from the let\u0027s encrypt server (in the test case that is pebble). If we redeploy the load balancer, the let\u0027s encrypt certificate will be lost and the self signed certificate created during the certificate task will be used.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":false,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"654cef7d_85c50b56","line":32,"range":{"start_line":32,"start_character":55,"end_line":32,"end_character":80},"in_reply_to":"7779c27e_5791ce5c","updated":"2022-06-14 04:08:33.000000000","message":"Done","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"7779c27e_5791ce5c","line":32,"range":{"start_line":32,"start_character":55,"end_line":32,"end_character":80},"in_reply_to":"9db2cba5_9eb5c751","updated":"2022-06-08 16:11:12.000000000","message":"As discussed before - we need to make it work without these hacks. Otherwise we\u0027ll never be able to reconfigure haproxy.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"ffb45d0bd9b6c579a8c5cbb89bb8a0a0a1dbd30e","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"de8d8fd2_f4d8709d","line":32,"range":{"start_line":32,"start_character":86,"end_line":32,"end_character":110},"in_reply_to":"cab7697e_1d1f5f45","updated":"2022-05-18 16:54:39.000000000","message":"Oh my, we need to improve the UX here then.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6a8d1b14cf34616c946f8c9fa9cbf6a9e179552c","unresolved":true,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"ed40f6a5_6c669a9c","line":32,"range":{"start_line":32,"start_character":86,"end_line":32,"end_character":110},"in_reply_to":"de8d8fd2_f4d8709d","updated":"2022-05-18 21:20:57.000000000","message":"To clarify, this does not need to happen in two steps during initial deployment. A regular deploy will work. During redeploy, the let\u0027s encrypt + loadbalancer containers should not be deployed again.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    # deploy rest of the containers"},{"line_number":32,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy  -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\"  \u0026\u003e /tmp/logs/ansible/deploy"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy"},{"line_number":35,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":153,"id":"4eccf922_6ac0e1ec","line":32,"range":{"start_line":32,"start_character":86,"end_line":32,"end_character":110},"in_reply_to":"ed40f6a5_6c669a9c","updated":"2023-07-17 11:49:26.000000000","message":"Done, active letsencrypt-lego  will generate cert if not exist and every next cron run will run the same but will not renew certificate because it\u0027s set to be valid during 30 days period - logged.","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":22,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t loadbalancer \u0026\u003e /tmp/logs/ansible/deploy-loadbalancer"},{"line_number":23,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t letsencrypt \u0026\u003e /tmp/logs/ansible/deploy-letsencrypt"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    # move the old root certificate, used for other certificates (like rabbit)"},{"line_number":26,"context_line":"    mv /etc/kolla/certificates/ca/root.crt /etc/kolla/certificates/ca/self-signed-root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    # store the pebble root certificate"},{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"}],"source_content_type":"text/x-sh","patch_set":158,"id":"5011bedb_02b67a2b","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":90},"updated":"2022-06-08 16:11:12.000000000","message":"Bad idea - we don\u0027t want to trust this CA. Better to avoid rabbitmq TLS in this scenario.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":true,"context_lines":[{"line_number":22,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t loadbalancer \u0026\u003e /tmp/logs/ansible/deploy-loadbalancer"},{"line_number":23,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t letsencrypt \u0026\u003e /tmp/logs/ansible/deploy-letsencrypt"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    # move the old root certificate, used for other certificates (like rabbit)"},{"line_number":26,"context_line":"    mv /etc/kolla/certificates/ca/root.crt /etc/kolla/certificates/ca/self-signed-root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    # store the pebble root certificate"},{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"}],"source_content_type":"text/x-sh","patch_set":158,"id":"686def97_bf65b9c8","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":90},"in_reply_to":"5011bedb_02b67a2b","updated":"2022-06-14 04:08:33.000000000","message":"We need the self signed CA for backend TLS to work. HAProxy needs the CA cert for the SSL handshake.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"db3c31dbf631766f973f1b8fa541a298e3277d58","unresolved":true,"context_lines":[{"line_number":22,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t loadbalancer \u0026\u003e /tmp/logs/ansible/deploy-loadbalancer"},{"line_number":23,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t letsencrypt \u0026\u003e /tmp/logs/ansible/deploy-letsencrypt"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    # move the old root certificate, used for other certificates (like rabbit)"},{"line_number":26,"context_line":"    mv /etc/kolla/certificates/ca/root.crt /etc/kolla/certificates/ca/self-signed-root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    # store the pebble root certificate"},{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"}],"source_content_type":"text/x-sh","patch_set":158,"id":"d375c273_ba83646a","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":90},"in_reply_to":"686def97_bf65b9c8","updated":"2022-07-29 08:56:34.000000000","message":"Let\u0027s disable backend TLS in the LE tests, since it doesn\u0027t support LE.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6c4cb7b2507b3c6d100e496af4ea4175077c0936","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t loadbalancer \u0026\u003e /tmp/logs/ansible/deploy-loadbalancer"},{"line_number":23,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy -t letsencrypt \u0026\u003e /tmp/logs/ansible/deploy-letsencrypt"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    # move the old root certificate, used for other certificates (like rabbit)"},{"line_number":26,"context_line":"    mv /etc/kolla/certificates/ca/root.crt /etc/kolla/certificates/ca/self-signed-root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    # store the pebble root certificate"},{"line_number":29,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/root.crt -v https://127.0.0.1:15000/roots/0"}],"source_content_type":"text/x-sh","patch_set":158,"id":"34eebddf_6005b253","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":90},"in_reply_to":"d375c273_ba83646a","updated":"2022-08-03 00:12:02.000000000","message":"Done","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":56,"context_line":"    sudo echo \"[i] Download CA root and Intermediate Certificates from  https://127.0.0.1:15000/roots/0\" \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":57,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/pebble.crt -v https://127.0.0.1:15000/roots/0 \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."}],"source_content_type":"text/x-sh","patch_set":215,"id":"090cc9f0_e9b600c0","line":60,"range":{"start_line":59,"start_character":34,"end_line":60,"end_character":6},"updated":"2023-07-17 13:28:22.000000000","message":"whitespace","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":56,"context_line":"    sudo echo \"[i] Download CA root and Intermediate Certificates from  https://127.0.0.1:15000/roots/0\" \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":57,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/pebble.crt -v https://127.0.0.1:15000/roots/0 \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."}],"source_content_type":"text/x-sh","patch_set":215,"id":"117d9c14_db09876b","line":60,"range":{"start_line":59,"start_character":34,"end_line":60,"end_character":6},"in_reply_to":"090cc9f0_e9b600c0","updated":"2023-07-17 14:15:37.000000000","message":"ack","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ce27516f768e3480a416ff352db2caf2e7b1bd3","unresolved":false,"context_lines":[{"line_number":56,"context_line":"    sudo echo \"[i] Download CA root and Intermediate Certificates from  https://127.0.0.1:15000/roots/0\" \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":57,"context_line":"    curl -k -s -o /etc/kolla/certificates/ca/pebble.crt -v https://127.0.0.1:15000/roots/0 \u0026\u003e\u003e /tmp/logs/ansible/letsencrypt-scenario"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."}],"source_content_type":"text/x-sh","patch_set":215,"id":"34abbb6d_ab3155a1","line":60,"range":{"start_line":59,"start_character":34,"end_line":60,"end_character":6},"in_reply_to":"117d9c14_db09876b","updated":"2023-07-17 17:57:56.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-sh","patch_set":215,"id":"648f9e67_d19f4296","line":61,"range":{"start_line":61,"start_character":58,"end_line":61,"end_character":62},"updated":"2023-07-17 13:28:22.000000000","message":"has","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-sh","patch_set":215,"id":"b9379b29_d7d2019b","line":61,"range":{"start_line":61,"start_character":58,"end_line":61,"end_character":62},"in_reply_to":"648f9e67_d19f4296","updated":"2023-07-17 14:15:37.000000000","message":"ack","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ce27516f768e3480a416ff352db2caf2e7b1bd3","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    # Combine ca certs to one file "},{"line_number":60,"context_line":"    # "},{"line_number":61,"context_line":"    # NOTE (kevko): Normally this is not needed, but zuul have a test-dashboard.sh"},{"line_number":62,"context_line":"    # script to verify dashboard, as I don\u0027t want to modify test-dashboard.sh script"},{"line_number":63,"context_line":"    # and add conditional which cacert should be used, let\u0027s just combine these cacerts."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-sh","patch_set":215,"id":"7607864e_1d63bf43","line":61,"range":{"start_line":61,"start_character":58,"end_line":61,"end_character":62},"in_reply_to":"b9379b29_d7d2019b","updated":"2023-07-17 17:57:56.000000000","message":"Done","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"}],"tests/deploy.sh":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function init_pebble {"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"d59d1a55_bca3f4ec","line":11,"updated":"2023-07-28 11:16:21.000000000","message":"echo \"whatever\" | sudo tee ...","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"7e9d3e51e2f6265d084f32bad7974ed5984af84a","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function init_pebble {"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"30064cf6_25d42c41","line":11,"in_reply_to":"65f3e0d6_2ff2f48c","updated":"2023-08-09 14:15:15.000000000","message":"this is bash. echo is a shell builtin. can\u0027t be used with sudo. it works only because of /usr/bin/echo installed by coreutils. which can be not installed/removed.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function init_pebble {"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"65f3e0d6_2ff2f48c","line":11,"in_reply_to":"d59d1a55_bca3f4ec","updated":"2023-08-09 12:13:36.000000000","message":"Why I should change code style of this script ? I know that tee exist, but someone before me used \u0026\u003e\u003e aproach as it is on line 66 and below. I would prefer to stay with currently used \u0026\u003e instead of mixing two approaches.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"076cbc4f_4de6d0f6","line":14,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"4ba44361_142817ee","line":14,"in_reply_to":"076cbc4f_4de6d0f6","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"91eb4774_71f51ef4","line":17,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"e2ba89e7_d39c8482","line":17,"in_reply_to":"91eb4774_71f51ef4","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":21,"context_line":"    # wait until pebble starts"},{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"}],"source_content_type":"text/x-sh","patch_set":222,"id":"ceb734dd_565354dc","line":20,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":21,"context_line":"    # wait until pebble starts"},{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"}],"source_content_type":"text/x-sh","patch_set":222,"id":"d325b0ab_690d548b","line":20,"in_reply_to":"ceb734dd_565354dc","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"},{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"53a6fec3_fea6ca02","line":25,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"},{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"}],"source_content_type":"text/x-sh","patch_set":222,"id":"2e18fc08_5f12fd25","line":25,"in_reply_to":"53a6fec3_fea6ca02","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"bfa8900e_aacd26a0","line":27,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"2d42ecef_d8aa37c0","line":27,"in_reply_to":"bfa8900e_aacd26a0","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":49,"context_line":"    fi"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    #TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there"},{"line_number":52,"context_line":"    sudo chmod -R 777 /etc/kolla"},{"line_number":53,"context_line":"}"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"4b8af248_9009d67c","line":52,"updated":"2023-07-28 11:16:21.000000000","message":"this is very bad, but ok for tests for while, until correctly fixed","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    fi"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    #TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there"},{"line_number":52,"context_line":"    sudo chmod -R 777 /etc/kolla"},{"line_number":53,"context_line":"}"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"56647236_c3b69bd1","line":52,"in_reply_to":"4b8af248_9009d67c","updated":"2023-08-09 12:13:36.000000000","message":"This is not my change, feel free to fix as you like and I will rebase this patch against your proposed change.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"7e9d3e51e2f6265d084f32bad7974ed5984af84a","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    fi"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    #TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there"},{"line_number":52,"context_line":"    sudo chmod -R 777 /etc/kolla"},{"line_number":53,"context_line":"}"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"671bacd4_58ecbb37","line":52,"in_reply_to":"56647236_c3b69bd1","updated":"2023-08-09 14:15:15.000000000","message":"understand. will need to fix all things here in separate change.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":59,"context_line":"    source $KOLLA_ANSIBLE_VENV_PATH/bin/activate"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"    #TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there"},{"line_number":62,"context_line":"    sudo chmod -R 777 /etc/kolla"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    certificates"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"ae1f0095_3e70949a","line":62,"updated":"2023-07-28 11:16:21.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"1f8630255a162af40d6ddc71b8b2823a2b2ddcd5","unresolved":false,"context_lines":[{"line_number":59,"context_line":"    source $KOLLA_ANSIBLE_VENV_PATH/bin/activate"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"    #TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there"},{"line_number":62,"context_line":"    sudo chmod -R 777 /etc/kolla"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    certificates"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-sh","patch_set":222,"id":"6f68254b_870496bd","line":62,"in_reply_to":"ae1f0095_3e70949a","updated":"2023-08-09 12:13:36.000000000","message":"ditto","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function init_pebble {"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":21,"context_line":"    # wait until pebble starts"},{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"},{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"function pebble_cacert {"}],"source_content_type":"text/x-sh","patch_set":227,"id":"810b45da_82783749","line":28,"range":{"start_line":11,"start_character":4,"end_line":28,"end_character":62},"updated":"2023-09-18 09:13:21.000000000","message":"any reason we can\u0027t use `/var/log/` here instead of `/tmp/`?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function init_pebble {"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates"},{"line_number":12,"context_line":"    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":15,"context_line":"    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":18,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":21,"context_line":"    # wait until pebble starts"},{"line_number":22,"context_line":"    while ! sudo docker logs pebble | grep -q \"Listening on\"; do"},{"line_number":23,"context_line":"        sleep 1"},{"line_number":24,"context_line":"    done"},{"line_number":25,"context_line":"    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":28,"context_line":"    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"function pebble_cacert {"}],"source_content_type":"text/x-sh","patch_set":227,"id":"cdd3e59d_6ec2aafb","line":28,"range":{"start_line":11,"start_character":4,"end_line":28,"end_character":62},"in_reply_to":"810b45da_82783749","updated":"2023-09-18 10:13:57.000000000","message":"Yeah, the reason is that CI is built that way - that is just fact that logs from CI tests are saved to /tmp location. If you have the ambition to rewrite all CI tests, feel free to do it, but not in this patchset. For now, this is standard location.\n\n\ntests/pre.yml:    logs_dir: \"/tmp/logs\"\ntests/pre.yml:    - name: Ensure /tmp/logs/ dir\ntests/pre.yml:    - name: Ensure /tmp/logs/pre dir\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks --skip-tags rabbitmq-ha-precheck \u0026\u003e /tmp/logs/ansible/upgrade-prechecks\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv pull \u0026\u003e /tmp/logs/ansible/pull-upgrade\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv stop --tags $SERVICE_TAGS --yes-i-really-really-mean-it \u0026\u003e /tmp/logs/ansible/stop\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv genconfig \u0026\u003e /tmp/logs/ansible/genconfig\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv reconfigure --tags rabbitmq \u0026\u003e /tmp/logs/ansible/reconfigure-rabbitmq\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv rabbitmq-reset-state \u0026\u003e /tmp/logs/ansible/rabbitmq-reset-state\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade \u0026\u003e /tmp/logs/ansible/upgrade\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy --tags keystone \u0026\u003e /tmp/logs/ansible/upgrade-deploy\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/upgrade-post-deploy\ntests/upgrade.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv validate-config \u0026\u003e /tmp/logs/ansible/validate-config\ntests/test-masakari.sh:    test_hacluster_logged $1 \u003e /tmp/logs/ansible/test-hacluster 2\u003e\u00261\ntests/test-masakari.sh:    test_masakari_logged \u003e /tmp/logs/ansible/test-masakari 2\u003e\u00261\ntests/deploy-tenks.sh:    deploy_tenks_logged $1 \u003e /tmp/logs/ansible/deploy-tenks 2\u003e\u00261\ntests/run.yml:        logs_dir: \"/tmp/logs\"\ntests/run.yml:        logs_dir: /tmp/logs/build\ntests/run.yml:        cmd: \"{{ kolla_ansible_venv_path }}/bin/ansible all -i {{ kolla_inventory_path }} -m setup \u003e /tmp/logs/ansible/initial-setup\"\ntests/deploy-bifrost.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy-bifrost \u0026\u003e /tmp/logs/ansible/deploy-bifrost\ntests/setup_gate.sh:    mkdir -p /tmp/logs/build\ntests/setup_gate.sh:kolla-ansible -i ${RAW_INVENTORY} -vvv bootstrap-servers \u0026\u003e /tmp/logs/ansible/bootstrap-servers\ntests/test-swift.sh:    log_file\u003d/tmp/logs/ansible/test-swift\ntests/test-mariadb.sh:    test_mariadb_logged \u003e /tmp/logs/ansible/test-mariadb 2\u003e\u00261\ntests/check-logs.sh:    all_file\u003d/tmp/logs/kolla/all-${level}.log\ntests/check-logs.sh:fluentd_error_summary_file\u003d/tmp/logs/kolla/fluentd-error.log\ntests/test-magnum.sh:    kolla-ansible -i ${RAW_INVENTORY} --tags designate -vvv reconfigure \u0026\u003e /tmp/logs/ansible/reconfigure-designate\ntests/test-magnum.sh:    test_magnum_logged \u003e /tmp/logs/ansible/test-magnum 2\u003e\u00261\ntests/test-ironic.sh:    test_ironic_logged \u003e /tmp/logs/ansible/test-ironic 2\u003e\u00261\ntests/test-prometheus-opensearch.sh:    test_prometheus_opensearch_logged \u003e /tmp/logs/ansible/test-prometheus-opensearch 2\u003e\u00261\ntests/test-ovn.sh:    test_ovn_logged \u0026\u003e /tmp/logs/ansible/test-ovn\ntests/reconfigure.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks \u0026\u003e /tmp/logs/ansible/reconfigure-prechecks\ntests/reconfigure.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv reconfigure \u0026\u003e /tmp/logs/ansible/reconfigure\ntests/upgrade-bifrost.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy-bifrost \u0026\u003e /tmp/logs/ansible/upgrade-bifrost\ntests/init-core-openstack.sh:    KOLLA_DEBUG\u003d1 tools/init-runonce |\u0026 gawk \u0027{ print strftime(\"%F %T\"), $0; }\u0027 \u0026\u003e /tmp/logs/ansible/init-runonce\ntests/test-scenario-nfv.sh:    test_scenario_nfv_logged \u003e /tmp/logs/ansible/test-scenario-nfv 2\u003e\u00261\ntests/test-venus.sh:    test_venus_scenario_logged \u003e /tmp/logs/ansible/test-venus-scenario 2\u003e\u00261\ntests/test-dashboard.sh:    log_file\u003d/tmp/logs/ansible/test-dashboard\ntests/post.yml:    logs_dir: \"/tmp/logs\"\ntests/post.yml:      shell: \"iptables-save \u003e /tmp/logs/iptables\"\ntests/post.yml:        creates: /tmp/logs/iptables\ntests/post.yml:    - name: Download /tmp/logs file to executor\ntests/post.yml:        src: \"/tmp/logs\"\ntests/test-core-openstack.sh:    log_file\u003d/tmp/logs/ansible/test-core-openstack\ntests/test-zun.sh:    log_file\u003d/tmp/logs/ansible/test-zun\ntests/deploy.sh:    sudo echo \"[i] Pulling letsencrypt/pebble\" \u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo docker pull letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo echo \"[i] Force removing old pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo docker rm -f pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo echo \"[i] Run new pebble container\" \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo echo \"[i] Wait for pebble container be up\" \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo echo \"[i] Wait for pebble container done\" \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo echo \"[i] Pebble container logs\" \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    sudo docker logs pebble \u0026\u003e\u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:        kolla-ansible -i ${RAW_INVENTORY} -vvv certificates \u003e /tmp/logs/ansible/certificates\ntests/deploy.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks \u0026\u003e /tmp/logs/ansible/deploy-prechecks\ntests/deploy.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv pull \u0026\u003e /tmp/logs/ansible/pull\ntests/deploy.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy \u0026\u003e /tmp/logs/ansible/deploy\ntests/deploy.sh:    kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy \u0026\u003e /tmp/logs/ansible/post-deploy\ntests/deploy.sh:        kolla-ansible -i ${RAW_INVENTORY} -vvv validate-config \u0026\u003e /tmp/logs/ansible/validate-config\ntests/test-octavia.sh:    test_octavia_logged \u003e /tmp/logs/ansible/test-octavia 2\u003e\u00261\ntests/init-swift.sh:    init_swift_logged \u0026\u003e /tmp/logs/ansible/init-swift\ntests/get_logs.sh:    LOG_DIR\u003d${LOG_DIR:-/tmp/logs}","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"tests/post.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":2,"context_line":"- hosts: all"},{"line_number":3,"context_line":"  vars:"},{"line_number":4,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":5,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":6,"context_line":"  tasks:"},{"line_number":7,"context_line":"    - name: Print all facts"},{"line_number":8,"context_line":"      copy:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"e9338aa4_cc2de7a2","line":5,"range":{"start_line":5,"start_character":3,"end_line":5,"end_character":116},"updated":"2021-04-06 13:08:28.000000000","message":"What is this for?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":2,"context_line":"- hosts: all"},{"line_number":3,"context_line":"  vars:"},{"line_number":4,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":5,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":6,"context_line":"  tasks:"},{"line_number":7,"context_line":"    - name: Print all facts"},{"line_number":8,"context_line":"      copy:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"4ee9a37c_ede9db8b","line":5,"range":{"start_line":5,"start_character":3,"end_line":5,"end_character":116},"in_reply_to":"e9338aa4_cc2de7a2","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":51,"context_line":"          - \"--quiet\""},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- hosts: primary"},{"line_number":54,"context_line":"  vars:"},{"line_number":55,"context_line":"  environment:"},{"line_number":56,"context_line":"    PATH: \"{{ ansible_env.HOME + \u0027/.local/bin:\u0027 + ansible_env.PATH }}\""},{"line_number":57,"context_line":"  tasks:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"53434d01_5bfcfdd1","line":54,"range":{"start_line":54,"start_character":0,"end_line":54,"end_character":7},"updated":"2021-04-06 13:08:28.000000000","message":"What happened here?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":51,"context_line":"          - \"--quiet\""},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- hosts: primary"},{"line_number":54,"context_line":"  vars:"},{"line_number":55,"context_line":"  environment:"},{"line_number":56,"context_line":"    PATH: \"{{ ansible_env.HOME + \u0027/.local/bin:\u0027 + ansible_env.PATH }}\""},{"line_number":57,"context_line":"  tasks:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"7e8c3f40_26b8f49f","line":54,"range":{"start_line":54,"start_character":0,"end_line":54,"end_character":7},"in_reply_to":"53434d01_5bfcfdd1","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"tests/pre.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  any_errors_fatal: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":6,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":7,"context_line":"  roles:"},{"line_number":8,"context_line":"    - bindep"},{"line_number":9,"context_line":"    - multi-node-firewall"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"aee1ca4a_c7f14b59","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":116},"updated":"2021-04-06 13:08:28.000000000","message":"?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  any_errors_fatal: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":6,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":7,"context_line":"  roles:"},{"line_number":8,"context_line":"    - bindep"},{"line_number":9,"context_line":"    - multi-node-firewall"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"59d152d6_6ba17002","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":116},"in_reply_to":"aee1ca4a_c7f14b59","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  any_errors_fatal: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":6,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":7,"context_line":"  roles:"},{"line_number":8,"context_line":"    - bindep"},{"line_number":9,"context_line":"    - multi-node-firewall"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"09bd7686_b29cdc6e","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":116},"updated":"2021-04-08 10:19:33.000000000","message":"Remove?","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  any_errors_fatal: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    logs_dir: \"/tmp/logs\""},{"line_number":6,"context_line":"    kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":7,"context_line":"  roles:"},{"line_number":8,"context_line":"    - bindep"},{"line_number":9,"context_line":"    - multi-node-firewall"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"e77a4f09_7a1508dc","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":116},"in_reply_to":"09bd7686_b29cdc6e","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"}],"tests/reconfigure-lets-encrypt.sh":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"76862a17d8d599c843f805462bb5df5473b0fe40","unresolved":true,"context_lines":[{"line_number":13,"context_line":"    # TODO(jeffrey4l): make some configure file change and"},{"line_number":14,"context_line":"    # trigger a real reconfigure"},{"line_number":15,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks \u0026\u003e /tmp/logs/ansible/reconfigure-prechecks"},{"line_number":16,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\" reconfigure \u0026\u003e /tmp/logs/ansible/reconfigure"},{"line_number":17,"context_line":"}"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""}],"source_content_type":"text/x-sh","patch_set":153,"id":"3fbe1721_89b985f2","line":16,"updated":"2022-05-18 11:38:23.000000000","message":"ditto from deploy","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":13,"context_line":"    # TODO(jeffrey4l): make some configure file change and"},{"line_number":14,"context_line":"    # trigger a real reconfigure"},{"line_number":15,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks \u0026\u003e /tmp/logs/ansible/reconfigure-prechecks"},{"line_number":16,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv -e \"enable_loadbalancer\u003dfalse\" -e \"enable_letsencrypt\u003dfalse\" reconfigure \u0026\u003e /tmp/logs/ansible/reconfigure"},{"line_number":17,"context_line":"}"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""}],"source_content_type":"text/x-sh","patch_set":153,"id":"e2c734fc_371048b6","line":16,"in_reply_to":"3fbe1721_89b985f2","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"c1d287493935741f6420164c1b4d3c4865b3261d"}],"tests/run.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"    # Deploy control plane. For upgrade jobs this is the previous release."},{"line_number":344,"context_line":"    - block:"},{"line_number":345,"context_line":"        - name: Run start-pebble.sh script"},{"line_number":346,"context_line":"          script:"},{"line_number":347,"context_line":"            cmd: start-pebble.sh"},{"line_number":348,"context_line":"            executable: /bin/bash"},{"line_number":349,"context_line":"            chdir: \"{{ kolla_ansible_src_dir }}\""},{"line_number":350,"context_line":"          when: scenario \u003d\u003d \"lets-encrypt\""},{"line_number":351,"context_line":""},{"line_number":352,"context_line":"        - name: Run deploy.sh script"},{"line_number":353,"context_line":"          script:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"f3d6d5ce_639276ca","line":350,"range":{"start_line":345,"start_character":0,"end_line":350,"end_character":42},"updated":"2021-04-06 13:08:28.000000000","message":"nit: move above block, since this is test infrastructure.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":342,"context_line":""},{"line_number":343,"context_line":"    # Deploy control plane. For upgrade jobs this is the previous release."},{"line_number":344,"context_line":"    - block:"},{"line_number":345,"context_line":"        - name: Run start-pebble.sh script"},{"line_number":346,"context_line":"          script:"},{"line_number":347,"context_line":"            cmd: start-pebble.sh"},{"line_number":348,"context_line":"            executable: /bin/bash"},{"line_number":349,"context_line":"            chdir: \"{{ kolla_ansible_src_dir }}\""},{"line_number":350,"context_line":"          when: scenario \u003d\u003d \"lets-encrypt\""},{"line_number":351,"context_line":""},{"line_number":352,"context_line":"        - name: Run deploy.sh script"},{"line_number":353,"context_line":"          script:"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"0eea4051_c64b0cec","line":350,"range":{"start_line":345,"start_character":0,"end_line":350,"end_character":42},"in_reply_to":"f3d6d5ce_639276ca","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":21,"context_line":"        build_image_tag: \"change_{{ zuul.change | default(\u0027none\u0027) }}\""},{"line_number":22,"context_line":"        openstack_core_enabled: \"{{ openstack_core_enabled }}\""},{"line_number":23,"context_line":"        openstack_core_tested: \"{{ scenario in [\u0027core\u0027, \u0027ceph-ansible\u0027, \u0027zun\u0027, \u0027cells\u0027, \u0027swift\u0027, \u0027linuxbridge\u0027, \u0027ovn\u0027] }}\""},{"line_number":24,"context_line":"        kolla_internal_fqdn: \"test.domain\""},{"line_number":25,"context_line":"        kolla_internal_vip_address: \"192.0.2.10\""},{"line_number":26,"context_line":"        dashboard_enabled: \"{{ openstack_core_enabled or scenario in [\u0027monasca\u0027] }}\""},{"line_number":27,"context_line":"        upper_constraints_file: \"{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"40ca0077_8f6665ef","line":24,"range":{"start_line":24,"start_character":30,"end_line":24,"end_character":41},"updated":"2021-04-08 10:19:33.000000000","message":"kolla.example.com?","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":21,"context_line":"        build_image_tag: \"change_{{ zuul.change | default(\u0027none\u0027) }}\""},{"line_number":22,"context_line":"        openstack_core_enabled: \"{{ openstack_core_enabled }}\""},{"line_number":23,"context_line":"        openstack_core_tested: \"{{ scenario in [\u0027core\u0027, \u0027ceph-ansible\u0027, \u0027zun\u0027, \u0027cells\u0027, \u0027swift\u0027, \u0027linuxbridge\u0027, \u0027ovn\u0027] }}\""},{"line_number":24,"context_line":"        kolla_internal_fqdn: \"test.domain\""},{"line_number":25,"context_line":"        kolla_internal_vip_address: \"192.0.2.10\""},{"line_number":26,"context_line":"        dashboard_enabled: \"{{ openstack_core_enabled or scenario in [\u0027monasca\u0027] }}\""},{"line_number":27,"context_line":"        upper_constraints_file: \"{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"f9fd87bb_4918c901","line":24,"range":{"start_line":24,"start_character":30,"end_line":24,"end_character":41},"in_reply_to":"40ca0077_8f6665ef","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":22,"context_line":"        openstack_core_enabled: \"{{ openstack_core_enabled }}\""},{"line_number":23,"context_line":"        openstack_core_tested: \"{{ scenario in [\u0027core\u0027, \u0027ceph-ansible\u0027, \u0027zun\u0027, \u0027cells\u0027, \u0027swift\u0027, \u0027linuxbridge\u0027, \u0027ovn\u0027] }}\""},{"line_number":24,"context_line":"        kolla_internal_fqdn: \"test.domain\""},{"line_number":25,"context_line":"        kolla_internal_vip_address: \"192.0.2.10\""},{"line_number":26,"context_line":"        dashboard_enabled: \"{{ openstack_core_enabled or scenario in [\u0027monasca\u0027] }}\""},{"line_number":27,"context_line":"        upper_constraints_file: \"{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt\""},{"line_number":28,"context_line":"        docker_image_tag_suffix: \"{{ \u0027-aarch64\u0027 if ansible_architecture \u003d\u003d \u0027aarch64\u0027 else \u0027\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"82c7e84e_4312fc78","line":25,"range":{"start_line":25,"start_character":8,"end_line":25,"end_character":48},"updated":"2021-04-08 10:19:33.000000000","message":"This one is already defined in zuul.d/base.yaml","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":22,"context_line":"        openstack_core_enabled: \"{{ openstack_core_enabled }}\""},{"line_number":23,"context_line":"        openstack_core_tested: \"{{ scenario in [\u0027core\u0027, \u0027ceph-ansible\u0027, \u0027zun\u0027, \u0027cells\u0027, \u0027swift\u0027, \u0027linuxbridge\u0027, \u0027ovn\u0027] }}\""},{"line_number":24,"context_line":"        kolla_internal_fqdn: \"test.domain\""},{"line_number":25,"context_line":"        kolla_internal_vip_address: \"192.0.2.10\""},{"line_number":26,"context_line":"        dashboard_enabled: \"{{ openstack_core_enabled or scenario in [\u0027monasca\u0027] }}\""},{"line_number":27,"context_line":"        upper_constraints_file: \"{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt\""},{"line_number":28,"context_line":"        docker_image_tag_suffix: \"{{ \u0027-aarch64\u0027 if ansible_architecture \u003d\u003d \u0027aarch64\u0027 else \u0027\u0027 }}\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"7cdb80bd_e08c2b76","line":25,"range":{"start_line":25,"start_character":8,"end_line":25,"end_character":48},"in_reply_to":"82c7e84e_4312fc78","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":48,"context_line":"      vars:"},{"line_number":49,"context_line":"        disk_type: \"{{ \u0027ceph-lvm\u0027 if scenario in [\u0027cephadm\u0027] else scenario }}\""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    - name: Update /etc/hosts with pebble domain name"},{"line_number":52,"context_line":"      blockinfile:"},{"line_number":53,"context_line":"        dest: /etc/hosts"},{"line_number":54,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"04d662c4_f4b21618","line":51,"range":{"start_line":51,"start_character":35,"end_line":51,"end_character":53},"updated":"2021-04-08 10:19:33.000000000","message":"internal API FQDN","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":48,"context_line":"      vars:"},{"line_number":49,"context_line":"        disk_type: \"{{ \u0027ceph-lvm\u0027 if scenario in [\u0027cephadm\u0027] else scenario }}\""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    - name: Update /etc/hosts with pebble domain name"},{"line_number":52,"context_line":"      blockinfile:"},{"line_number":53,"context_line":"        dest: /etc/hosts"},{"line_number":54,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""}],"source_content_type":"text/x-yaml","patch_set":111,"id":"7d16740d_308c840d","line":51,"range":{"start_line":51,"start_character":35,"end_line":51,"end_character":53},"in_reply_to":"04d662c4_f4b21618","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":51,"context_line":"    - name: Update /etc/hosts with pebble domain name"},{"line_number":52,"context_line":"      blockinfile:"},{"line_number":53,"context_line":"        dest: /etc/hosts"},{"line_number":54,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""},{"line_number":55,"context_line":"        block: |"},{"line_number":56,"context_line":"          {{ kolla_internal_vip_address }} {{ kolla_internal_fqdn }}"},{"line_number":57,"context_line":"      become: True"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"6bfc97a1_fbaa33d8","line":54,"range":{"start_line":54,"start_character":44,"end_line":54,"end_character":55},"updated":"2021-04-08 10:19:33.000000000","message":"internal API FQDN","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    - name: Update /etc/hosts with pebble domain name"},{"line_number":52,"context_line":"      blockinfile:"},{"line_number":53,"context_line":"        dest: /etc/hosts"},{"line_number":54,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""},{"line_number":55,"context_line":"        block: |"},{"line_number":56,"context_line":"          {{ kolla_internal_vip_address }} {{ kolla_internal_fqdn }}"},{"line_number":57,"context_line":"      become: True"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"20f72d40_99260528","line":54,"range":{"start_line":54,"start_character":44,"end_line":54,"end_character":55},"in_reply_to":"6bfc97a1_fbaa33d8","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":354,"context_line":""},{"line_number":355,"context_line":"    # Deploy control plane. For upgrade jobs this is the previous release."},{"line_number":356,"context_line":"    - block:"},{"line_number":357,"context_line":"        - name: Run start-pebble.sh script"},{"line_number":358,"context_line":"          script:"},{"line_number":359,"context_line":"            cmd: start-pebble.sh"},{"line_number":360,"context_line":"            executable: /bin/bash"},{"line_number":361,"context_line":"            chdir: \"{{ kolla_ansible_src_dir }}\""},{"line_number":362,"context_line":"          when: scenario \u003d\u003d \"lets-encrypt\""},{"line_number":363,"context_line":""},{"line_number":364,"context_line":"        - name: Run deploy.sh script"},{"line_number":365,"context_line":"          script:"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"b69192e0_988fc10e","line":362,"range":{"start_line":357,"start_character":0,"end_line":362,"end_character":42},"updated":"2021-04-08 10:19:33.000000000","message":"nit: move above block, since this is test infrastructure.","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":354,"context_line":""},{"line_number":355,"context_line":"    # Deploy control plane. For upgrade jobs this is the previous release."},{"line_number":356,"context_line":"    - block:"},{"line_number":357,"context_line":"        - name: Run start-pebble.sh script"},{"line_number":358,"context_line":"          script:"},{"line_number":359,"context_line":"            cmd: start-pebble.sh"},{"line_number":360,"context_line":"            executable: /bin/bash"},{"line_number":361,"context_line":"            chdir: \"{{ kolla_ansible_src_dir }}\""},{"line_number":362,"context_line":"          when: scenario \u003d\u003d \"lets-encrypt\""},{"line_number":363,"context_line":""},{"line_number":364,"context_line":"        - name: Run deploy.sh script"},{"line_number":365,"context_line":"          script:"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"674a8e2b_c53788c1","line":362,"range":{"start_line":357,"start_character":0,"end_line":362,"end_character":42},"in_reply_to":"b69192e0_988fc10e","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":690,"context_line":"- hosts: all"},{"line_number":691,"context_line":"  any_errors_fatal: true"},{"line_number":692,"context_line":"  tasks:"},{"line_number":693,"context_line":"    - name: Update /etc/hosts to remove pebble domain name"},{"line_number":694,"context_line":"      blockinfile:"},{"line_number":695,"context_line":"        dest: /etc/hosts"},{"line_number":696,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""},{"line_number":697,"context_line":"        block: \"\""},{"line_number":698,"context_line":"      become: True"},{"line_number":699,"context_line":"      when:"},{"line_number":700,"context_line":"        - scenario \u003d\u003d \"lets-encrypt\""},{"line_number":701,"context_line":""},{"line_number":702,"context_line":"    - name: Post-reconfigure sanity checks"},{"line_number":703,"context_line":"      block:"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"bccbd5b8_acc153d0","line":700,"range":{"start_line":693,"start_character":0,"end_line":700,"end_character":36},"updated":"2021-04-08 10:19:33.000000000","message":"If we\u0027ve configured the control plane to use the FQDN we should keep it in /etc/hosts.","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":690,"context_line":"- hosts: all"},{"line_number":691,"context_line":"  any_errors_fatal: true"},{"line_number":692,"context_line":"  tasks:"},{"line_number":693,"context_line":"    - name: Update /etc/hosts to remove pebble domain name"},{"line_number":694,"context_line":"      blockinfile:"},{"line_number":695,"context_line":"        dest: /etc/hosts"},{"line_number":696,"context_line":"        marker: \"# {mark} ANSIBLE GENERATED PEBBLE HOST\""},{"line_number":697,"context_line":"        block: \"\""},{"line_number":698,"context_line":"      become: True"},{"line_number":699,"context_line":"      when:"},{"line_number":700,"context_line":"        - scenario \u003d\u003d \"lets-encrypt\""},{"line_number":701,"context_line":""},{"line_number":702,"context_line":"    - name: Post-reconfigure sanity checks"},{"line_number":703,"context_line":"      block:"}],"source_content_type":"text/x-yaml","patch_set":111,"id":"4a11b435_0956dc70","line":700,"range":{"start_line":693,"start_character":0,"end_line":700,"end_character":36},"in_reply_to":"bccbd5b8_acc153d0","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":694,"context_line":"      when:"},{"line_number":695,"context_line":"        - not is_upgrade"},{"line_number":696,"context_line":"        - scenario !\u003d \"bifrost\""},{"line_number":697,"context_line":"        - scenario !\u003d \"lets-encrypt\""},{"line_number":698,"context_line":""},{"line_number":699,"context_line":"# NOTE(yoctozepto): each host checks itself"},{"line_number":700,"context_line":"- hosts: all"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"8334c09b_3af1b140","line":697,"range":{"start_line":697,"start_character":10,"end_line":697,"end_character":36},"updated":"2022-02-15 11:25:43.000000000","message":"hmm, why?","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":694,"context_line":"      when:"},{"line_number":695,"context_line":"        - not is_upgrade"},{"line_number":696,"context_line":"        - scenario !\u003d \"bifrost\""},{"line_number":697,"context_line":"        - scenario !\u003d \"lets-encrypt\""},{"line_number":698,"context_line":""},{"line_number":699,"context_line":"# NOTE(yoctozepto): each host checks itself"},{"line_number":700,"context_line":"- hosts: all"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"2e2bc6cc_25218a5e","line":697,"range":{"start_line":697,"start_character":10,"end_line":697,"end_character":36},"in_reply_to":"3d51505e_04f822f1","updated":"2023-07-17 11:49:26.000000000","message":"yes, done in tests , for official letsencrypt not needed.","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":true,"context_lines":[{"line_number":694,"context_line":"      when:"},{"line_number":695,"context_line":"        - not is_upgrade"},{"line_number":696,"context_line":"        - scenario !\u003d \"bifrost\""},{"line_number":697,"context_line":"        - scenario !\u003d \"lets-encrypt\""},{"line_number":698,"context_line":""},{"line_number":699,"context_line":"# NOTE(yoctozepto): each host checks itself"},{"line_number":700,"context_line":"- hosts: all"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"89f42b6f_5db6cac7","line":697,"range":{"start_line":697,"start_character":10,"end_line":697,"end_character":36},"in_reply_to":"8334c09b_3af1b140","updated":"2022-02-18 01:59:07.000000000","message":"deployment will not work since the pebble CA certs are not fetched and the deployed containers are using the pebble certificates. Therefore deployment fails with \"certificate verify failed: unable to get local issuer certificate\"","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":true,"context_lines":[{"line_number":694,"context_line":"      when:"},{"line_number":695,"context_line":"        - not is_upgrade"},{"line_number":696,"context_line":"        - scenario !\u003d \"bifrost\""},{"line_number":697,"context_line":"        - scenario !\u003d \"lets-encrypt\""},{"line_number":698,"context_line":""},{"line_number":699,"context_line":"# NOTE(yoctozepto): each host checks itself"},{"line_number":700,"context_line":"- hosts: all"}],"source_content_type":"text/x-yaml","patch_set":131,"id":"3d51505e_04f822f1","line":697,"range":{"start_line":697,"start_character":10,"end_line":697,"end_character":36},"in_reply_to":"89f42b6f_5db6cac7","updated":"2022-02-23 10:17:14.000000000","message":"Can we not add the pebble CA cert to the certs to copy into the containers?","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":13,"context_line":"        openstack_core_enabled: \"{{ scenario not in [\u0027bifrost\u0027, \u0027mariadb\u0027, \u0027prometheus-opensearch\u0027, \u0027venus\u0027] }}\""},{"line_number":14,"context_line":"      set_fact:"},{"line_number":15,"context_line":"        kolla_inventory_path: \"/etc/kolla/inventory\""},{"line_number":16,"context_line":"        logs_dir: \"/tmp/logs\""},{"line_number":17,"context_line":"        ansible_collection_kolla_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/ansible-collection-kolla\""},{"line_number":18,"context_line":"        kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":19,"context_line":"        kolla_ansible_local_src_dir: \"{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"d15071ab_74a12118","line":16,"range":{"start_line":16,"start_character":19,"end_line":16,"end_character":28},"updated":"2023-09-18 09:13:21.000000000","message":"what is wrong with `/var/log`?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":13,"context_line":"        openstack_core_enabled: \"{{ scenario not in [\u0027bifrost\u0027, \u0027mariadb\u0027, \u0027prometheus-opensearch\u0027, \u0027venus\u0027] }}\""},{"line_number":14,"context_line":"      set_fact:"},{"line_number":15,"context_line":"        kolla_inventory_path: \"/etc/kolla/inventory\""},{"line_number":16,"context_line":"        logs_dir: \"/tmp/logs\""},{"line_number":17,"context_line":"        ansible_collection_kolla_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/ansible-collection-kolla\""},{"line_number":18,"context_line":"        kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":19,"context_line":"        kolla_ansible_local_src_dir: \"{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""}],"source_content_type":"text/x-yaml","patch_set":227,"id":"9ff1681e_6138745c","line":16,"range":{"start_line":16,"start_character":19,"end_line":16,"end_character":28},"in_reply_to":"d15071ab_74a12118","updated":"2023-09-18 10:13:57.000000000","message":"This question is not relevant for this patchset, probably nothing. If you have ambition to rewrite all tests, go for it and propose change, that\u0027s quite a big change.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6e877a6e972c05777769e29bb80cf79ab8eeb24c","unresolved":true,"context_lines":[{"line_number":65,"context_line":"    kolla_build_config:"},{"line_number":66,"context_line":"      DEFAULT:"},{"line_number":67,"context_line":"        profile: gate"},{"line_number":68,"context_line":"        logs_dir: /tmp/logs/build"},{"line_number":69,"context_line":"        quiet: true"},{"line_number":70,"context_line":"        # NOTE(yoctozepto): we cannot build and push at the same time on debian"},{"line_number":71,"context_line":"        # buster see https://github.com/docker/for-linux/issues/711."}],"source_content_type":"text/x-yaml","patch_set":227,"id":"e6f33e8e_cc6159c1","line":68,"range":{"start_line":68,"start_character":19,"end_line":68,"end_character":22},"updated":"2023-09-18 09:13:21.000000000","message":"see above","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"f508ffd53b43fc87a280cc582e432653141aad4e","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    kolla_build_config:"},{"line_number":66,"context_line":"      DEFAULT:"},{"line_number":67,"context_line":"        profile: gate"},{"line_number":68,"context_line":"        logs_dir: /tmp/logs/build"},{"line_number":69,"context_line":"        quiet: true"},{"line_number":70,"context_line":"        # NOTE(yoctozepto): we cannot build and push at the same time on debian"},{"line_number":71,"context_line":"        # buster see https://github.com/docker/for-linux/issues/711."}],"source_content_type":"text/x-yaml","patch_set":227,"id":"897b9186_eb908a07","line":68,"range":{"start_line":68,"start_character":19,"end_line":68,"end_character":22},"in_reply_to":"e6f33e8e_cc6159c1","updated":"2023-09-18 10:13:57.000000000","message":"see above","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"tests/start-pebble.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" --net\u003dhost letsencrypt/pebble"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    # need to wait for pebble to fully start"},{"line_number":15,"context_line":"    sleep 1"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo docker logs pebble"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-sh","patch_set":103,"id":"64e79e11_846422d6","line":15,"range":{"start_line":14,"start_character":0,"end_line":15,"end_character":11},"updated":"2021-04-06 13:08:28.000000000","message":"Is there something we can poll rather than just sleeping?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" --net\u003dhost letsencrypt/pebble"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    # need to wait for pebble to fully start"},{"line_number":15,"context_line":"    sleep 1"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo docker logs pebble"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-sh","patch_set":103,"id":"1e018edc_662d6bd4","line":15,"range":{"start_line":14,"start_character":0,"end_line":15,"end_character":11},"in_reply_to":"64e79e11_846422d6","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":19,"context_line":"    curl -k -s -o /tmp/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":20,"context_line":"    curl -k -s -o /tmp/intermediate.crt https://127.0.0.1:15000/intermediates/0"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    sudo cat /tmp/root.crt /tmp/intermediate.crt \u003e /tmp/pebble_cacert.pem"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    sudo cat /tmp/pebble_cacert.pem"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    sudo rm /tmp/root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    sudo rm /tmp/intermediate.crt"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"function init_pebble {"}],"source_content_type":"text/x-sh","patch_set":103,"id":"02ea3bee_bee23580","line":28,"range":{"start_line":22,"start_character":0,"end_line":28,"end_character":33},"updated":"2021-04-06 13:08:28.000000000","message":"nit: do these need sudo?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":false,"context_lines":[{"line_number":19,"context_line":"    curl -k -s -o /tmp/root.crt -v https://127.0.0.1:15000/roots/0"},{"line_number":20,"context_line":"    curl -k -s -o /tmp/intermediate.crt https://127.0.0.1:15000/intermediates/0"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    sudo cat /tmp/root.crt /tmp/intermediate.crt \u003e /tmp/pebble_cacert.pem"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    sudo cat /tmp/pebble_cacert.pem"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    sudo rm /tmp/root.crt"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    sudo rm /tmp/intermediate.crt"},{"line_number":29,"context_line":"}"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"function init_pebble {"}],"source_content_type":"text/x-sh","patch_set":103,"id":"c8d15477_df658b27","line":28,"range":{"start_line":22,"start_character":0,"end_line":28,"end_character":33},"in_reply_to":"02ea3bee_bee23580","updated":"2022-02-15 11:25:43.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":12,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    # wait until pebble starts"},{"line_number":15,"context_line":"    ( sudo docker logs -f pebble \u0026 ) | grep -q \"Listening on\""},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo docker logs pebble"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-sh","patch_set":111,"id":"6515529f_3a8ba2dd","line":15,"range":{"start_line":15,"start_character":7,"end_line":15,"end_character":32},"updated":"2021-04-08 10:19:33.000000000","message":"Will this stay running in the background?\n\nkill %1?","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"06bf67471f09eaf45addb393cade1849e1d99102","unresolved":false,"context_lines":[{"line_number":12,"context_line":"    sudo docker run --name pebble --rm -d -e \"PEBBLE_VA_NOSLEEP\u003d1\" -e \"PEBBLE_VA_ALWAYS_VALID\u003d1\" --net\u003dhost letsencrypt/pebble"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    # wait until pebble starts"},{"line_number":15,"context_line":"    ( sudo docker logs -f pebble \u0026 ) | grep -q \"Listening on\""},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"    sudo docker logs pebble"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-sh","patch_set":111,"id":"39ee772e_453da27b","line":15,"range":{"start_line":15,"start_character":7,"end_line":15,"end_character":32},"in_reply_to":"6515529f_3a8ba2dd","updated":"2021-04-08 16:14:39.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    cat /tmp/root.crt /tmp/intermediate.crt \u003e /tmp/pebble_cacert.pem"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    cat /tmp/pebble_cacert.pem"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    rm /tmp/root.crt"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-sh","patch_set":135,"id":"a816e17a_ea42eb24","line":26,"range":{"start_line":26,"start_character":8,"end_line":26,"end_character":30},"updated":"2022-02-23 10:17:14.000000000","message":"So we have the CA cert here. Can\u0027t we add it to the trust store?","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e0775ec5d81758c0f7e80ad8ffe4eef1fbda6660","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    cat /tmp/root.crt /tmp/intermediate.crt \u003e /tmp/pebble_cacert.pem"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    cat /tmp/pebble_cacert.pem"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    rm /tmp/root.crt"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-sh","patch_set":135,"id":"b557e927_7b637d42","line":26,"range":{"start_line":26,"start_character":8,"end_line":26,"end_character":30},"in_reply_to":"a816e17a_ea42eb24","updated":"2022-03-07 15:56:49.000000000","message":"/etc/kolla/certificates/ca/","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    cat /tmp/root.crt /tmp/intermediate.crt \u003e /tmp/pebble_cacert.pem"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    cat /tmp/pebble_cacert.pem"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    rm /tmp/root.crt"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-sh","patch_set":135,"id":"90e2b788_42130174","line":26,"range":{"start_line":26,"start_character":8,"end_line":26,"end_character":30},"in_reply_to":"b557e927_7b637d42","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"55e40a11c9ed14f3e29748afc1257f1c185c14c2"}],"tests/templates/globals-default.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"514ff3ecaff8b97fb208b3a76885c565f5cd7adb","unresolved":true,"context_lines":[{"line_number":194,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":195,"context_line":"letsencrypt_email: \"test@openstack.org\""},{"line_number":196,"context_line":"letsencrypt_pebble_server: \"primary\""},{"line_number":197,"context_line":"kolla_internal_fqdn: \"test.domain\""},{"line_number":198,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":111,"id":"f479e4d2_257c7433","line":197,"range":{"start_line":197,"start_character":22,"end_line":197,"end_character":34},"updated":"2021-04-08 10:19:33.000000000","message":"{{ kolla_internal_fqdn }}","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"6b500247ced5cfa08f770277239ed29e6dc53eea","unresolved":false,"context_lines":[{"line_number":194,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":195,"context_line":"letsencrypt_email: \"test@openstack.org\""},{"line_number":196,"context_line":"letsencrypt_pebble_server: \"primary\""},{"line_number":197,"context_line":"kolla_internal_fqdn: \"test.domain\""},{"line_number":198,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":111,"id":"fe47a660_90e2ac09","line":197,"range":{"start_line":197,"start_character":22,"end_line":197,"end_character":34},"in_reply_to":"f479e4d2_257c7433","updated":"2022-02-23 10:17:14.000000000","message":"Done","commit_id":"5573c037d838b35024292398cde659c9780278af"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"ecc7f8a6b2b6ebe2f7e65ab1bfdfecdf8d8e3e15","unresolved":true,"context_lines":[{"line_number":210,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":211,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":212,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":213,"context_line":"letsencrypt_email: \"kevko@openstack.org\""},{"line_number":214,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":215,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":216,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"853cbc27_20caab4f","line":213,"range":{"start_line":213,"start_character":20,"end_line":213,"end_character":39},"updated":"2023-07-17 13:28:22.000000000","message":"not sure if this should be a personal mail account.\n\nin case of misbehaviour this address needs to be monitored.\n\nmaybe add some mail from infra?","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"bd4fc70a2b6f83cb2022eb5c7b3d6e97323cbeaf","unresolved":true,"context_lines":[{"line_number":210,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":211,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":212,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":213,"context_line":"letsencrypt_email: \"kevko@openstack.org\""},{"line_number":214,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":215,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":216,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"d908caa9_8dbe7d9c","line":213,"range":{"start_line":213,"start_character":20,"end_line":213,"end_character":39},"in_reply_to":"853cbc27_20caab4f","updated":"2023-07-17 14:15:37.000000000","message":"again, this was for fun as i know this is not the final revision ..but this is for testing purposes ..","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"94189ecf3ecb819296a614ab799191975f2716db","unresolved":false,"context_lines":[{"line_number":210,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":211,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":212,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":213,"context_line":"letsencrypt_email: \"kevko@openstack.org\""},{"line_number":214,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":215,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":216,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":215,"id":"122b9a78_fb93e4e8","line":213,"range":{"start_line":213,"start_character":20,"end_line":213,"end_character":39},"in_reply_to":"d908caa9_8dbe7d9c","updated":"2023-07-17 22:18:05.000000000","message":"https://en.wikipedia.org/wiki/.test changed","commit_id":"0c769aeff555bc36f0ede62240e1640c5e1b4bcb"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"744fa5f6_55f47c2c","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"updated":"2023-07-28 11:16:21.000000000","message":"lol) may be user@example.com ?","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"51769a6180a7654f4b072f7750baa8c8cdcafcd4","unresolved":false,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"49174897_f404c770","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"012b5f19_8e2ff4da","updated":"2023-08-10 11:01:54.000000000","message":"Why ? \n\nBecause of RFC \n\nhttps://datatracker.ietf.org/doc/html/rfc2606\n\n\nExample.com can be potentionaly owned ....\n\nmichalarbet@pixla:~/ultimum/git/upstream/kolla$ dig NS example.com\n\n; \u003c\u003c\u003e\u003e DiG 9.18.12-1ubuntu1.1-Ubuntu \u003c\u003c\u003e\u003e NS example.com\n;; global options: +cmd\n;; Got answer:\n;; -\u003e\u003eHEADER\u003c\u003c- opcode: QUERY, status: NOERROR, id: 44697\n;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;example.com.\t\t\tIN\tNS\n\n;; ANSWER SECTION:\nexample.com.\t\t21247\tIN\tNS\tb.iana-servers.net.\nexample.com.\t\t21247\tIN\tNS\ta.iana-servers.net.\n\n;; ADDITIONAL SECTION:\na.iana-servers.net.\t155766\tIN\tAAAA\t2001:500:8f::53\nb.iana-servers.net.\t155766\tIN\tAAAA\t2001:500:8d::53\n\n;; Query time: 4 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)\n;; WHEN: Thu Aug 10 12:59:50 CEST 2023\n;; MSG SIZE  rcvd: 144\n\nmichalarbet@pixla:~/ultimum/git/upstream/kolla$ dig NS example.example\n\n; \u003c\u003c\u003e\u003e DiG 9.18.12-1ubuntu1.1-Ubuntu \u003c\u003c\u003e\u003e NS example.example\n;; global options: +cmd\n;; Got answer:\n;; -\u003e\u003eHEADER\u003c\u003c- opcode: QUERY, status: NXDOMAIN, id: 28174\n;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;example.example.\t\tIN\tNS\n\n;; AUTHORITY SECTION:\n.\t\t\t10800\tIN\tSOA\ta.root-servers.net. nstld.verisign-grs.com. 2023081000 1800 900 604800 86400\n\n;; Query time: 28 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)\n;; WHEN: Thu Aug 10 12:59:58 CEST 2023\n;; MSG SIZE  rcvd: 119\n\nmichalarbet@pixla:~/ultimum/git/upstream/kolla$ dig NS example.test\n\n; \u003c\u003c\u003e\u003e DiG 9.18.12-1ubuntu1.1-Ubuntu \u003c\u003c\u003e\u003e NS example.test\n;; global options: +cmd\n;; Got answer:\n;; -\u003e\u003eHEADER\u003c\u003c- opcode: QUERY, status: NXDOMAIN, id: 51692\n;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;example.test.\t\t\tIN\tNS\n\n;; AUTHORITY SECTION:\n.\t\t\t10800\tIN\tSOA\ta.root-servers.net. nstld.verisign-grs.com. 2023081000 1800 900 604800 86400\n\n;; Query time: 20 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)\n;; WHEN: Thu Aug 10 13:01:28 CEST 2023\n;; MSG SIZE  rcvd: 116","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"e9ca8dbdb22e765e46fcf149e47929b4b9122b8c","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"57df76cf_646892f6","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"3dbf1faa_8c395689","updated":"2023-08-11 09:18:16.000000000","message":"okay I forgot, you will say: \"but Sven, this is just in a test template\".\n\nwell yeah, users will happily copy and paste stupid stuff from docs or test examples just to make their deployment work without them understanding what they are doing.\n\nso prevent that from the beginning by not using values that might harm mail admins ;)","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"fb6edbdbc3f5e9aefd267d7489c9eed11792cb2e","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"ab9e7e6f_d359d655","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"42fab220_936fa5a3","updated":"2023-08-14 09:06:17.000000000","message":"for my part of the discussion, this is resolved.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"5fcadbac4b23308f6a465ff25378bde9e82e3ca4","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"600c41da_c9f50a01","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"49174897_f404c770","updated":"2023-08-10 20:24:16.000000000","message":"I\u0027m not convinced.\nwhat\u0027s wrong? why did you dig for NS records the domain used only for documentation purposes?","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"822ebfa0f5400bce031832283731e6d740dfddc9","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"42fab220_936fa5a3","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"57df76cf_646892f6","updated":"2023-08-11 09:26:05.000000000","message":"Sven, this is just in a test template)\nand if some stupid users will copy this value from the CI template, there is no matter which email will be there.","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"495efda01ac136a9eb8d663cd940b605ab0a6097","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"784a4d5e_087ee3ef","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"600c41da_c9f50a01","updated":"2023-08-11 08:58:29.000000000","message":"from the RFC\n\n\u003e    \".test\" is recommended for use in testing of current or new DNS\n      related code.\n\n\u003e      \".example\" is recommended for use in documentation or as examples.\n\nI\u0027d argue that this is not DNS related code, having worked with e.g. powerdns code myself.\n\nimho the canonical example to use would be test@example.example.\n\nBut in the end .test TLD would also work, and I don\u0027t want to make the discussion much longer (I fear I failed with that already).","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"17afb970c4fadc6728d84176f6265f42b91862e2","unresolved":false,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"b05e5612_cb492764","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"744fa5f6_55f47c2c","updated":"2023-08-09 13:08:11.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"bde77483539ff98ff7c48423c9773c0d92805764","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"ddedc09f_b87fb434","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"784a4d5e_087ee3ef","updated":"2023-08-11 09:09:22.000000000","message":"ok then, if this should be some king of working email and could be pretty to reading in the code only because it CI related, why not use here something like noreply@opendev.org or noreply@openstack.org ?","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d5395935d1bd0a9c93cf27a49849cfe878a6e291","unresolved":false,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"af2f1fac_bec9232a","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"ab9e7e6f_d359d655","updated":"2023-10-23 15:35:24.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"7e9d3e51e2f6265d084f32bad7974ed5984af84a","unresolved":false,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"012b5f19_8e2ff4da","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"b05e5612_cb492764","updated":"2023-08-09 14:15:15.000000000","message":"why not example.com? it is valid for examples in documents: http://example.com/","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"19eff135819cbbe6d5606f4f28f4d4efaeead070","unresolved":true,"context_lines":[{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"kevko@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""},{"line_number":208,"context_line":"kolla_enable_tls_backend: \"no\""}],"source_content_type":"text/x-jinja2","patch_set":222,"id":"3dbf1faa_8c395689","line":205,"range":{"start_line":205,"start_character":20,"end_line":205,"end_character":25},"in_reply_to":"ddedc09f_b87fb434","updated":"2023-08-11 09:16:18.000000000","message":"because people/users tend to do stupid stuff like not changing these \"defaults\" and the openstack mail admins will get spammed with messages (user/mailbox not found spam in mail logs) if you use a real domain, that is why this RFC was crafted in the first place.\n\nso it _is_ important to use a domain that\u0027s never being used on the internet, as per the RFC.\n\nwhich _specific_ domain from the RFC is not that important imho, just not any existing domain on the internet.\n\nlet\u0027s encrypt can easily generate thousands of emails, so this should be taken care of.\n\nHTH \u0026 thanks for your consideration","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"3d6f4c822facd8317f2ad330200a6bc062ef35d7","unresolved":true,"context_lines":[{"line_number":199,"context_line":"keepalived_track_script_enabled: \"no\""},{"line_number":200,"context_line":"{% endif %}"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"usero@openstack.test\""}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"cccf8fdd_6fe2bfa1","line":202,"updated":"2023-08-16 08:00:24.000000000","message":"do we really need to deploy whole openstack to test it? maybe horizon is enough?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ac9f8fcd907576429a6c1c66ad944c9883437c1","unresolved":false,"context_lines":[{"line_number":199,"context_line":"keepalived_track_script_enabled: \"no\""},{"line_number":200,"context_line":"{% endif %}"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"usero@openstack.test\""}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"f7309158_0a3c9d3f","line":202,"in_reply_to":"cccf8fdd_6fe2bfa1","updated":"2023-11-01 20:16:20.000000000","message":"I think it\u0027s better to test all.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"3d6f4c822facd8317f2ad330200a6bc062ef35d7","unresolved":true,"context_lines":[{"line_number":201,"context_line":""},{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"usero@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"6532ebd5_e69f8111","line":204,"range":{"start_line":204,"start_character":0,"end_line":204,"end_character":25},"updated":"2023-08-16 08:00:24.000000000","message":"why?","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ac9f8fcd907576429a6c1c66ad944c9883437c1","unresolved":false,"context_lines":[{"line_number":201,"context_line":""},{"line_number":202,"context_line":"{% if scenario \u003d\u003d \"lets-encrypt\" %}"},{"line_number":203,"context_line":"enable_letsencrypt: \"yes\""},{"line_number":204,"context_line":"rabbitmq_enable_tls: \"no\""},{"line_number":205,"context_line":"letsencrypt_email: \"usero@openstack.test\""},{"line_number":206,"context_line":"letsencrypt_cert_server: \"https://pebble:14000/dir\""},{"line_number":207,"context_line":"kolla_internal_fqdn: \"{{ kolla_internal_fqdn }}\""}],"source_content_type":"text/x-jinja2","patch_set":227,"id":"72764718_59e7ce18","line":204,"range":{"start_line":204,"start_character":0,"end_line":204,"end_character":25},"in_reply_to":"6532ebd5_e69f8111","updated":"2023-11-01 20:16:20.000000000","message":"Yep, it should work i think, let\u0027s check.","commit_id":"89fa7d6ec7ab7a1188b6eda0a7e66e86e7aa62be"}],"tests/templates/inventory.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":808,"context_line":"[ovn-sb-db:children]"},{"line_number":809,"context_line":"ovn-database"},{"line_number":810,"context_line":""},{"line_number":811,"context_line":"[letsencrypt:children]"},{"line_number":812,"context_line":"loadbalancer"},{"line_number":813,"context_line":""},{"line_number":814,"context_line":"[letsencrypt-acme:children]"},{"line_number":815,"context_line":"letsencrypt"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"3f9c83cc_0cf00438","line":812,"range":{"start_line":811,"start_character":0,"end_line":812,"end_character":12},"updated":"2022-02-15 11:25:43.000000000","message":"L292","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":808,"context_line":"[ovn-sb-db:children]"},{"line_number":809,"context_line":"ovn-database"},{"line_number":810,"context_line":""},{"line_number":811,"context_line":"[letsencrypt:children]"},{"line_number":812,"context_line":"loadbalancer"},{"line_number":813,"context_line":""},{"line_number":814,"context_line":"[letsencrypt-acme:children]"},{"line_number":815,"context_line":"letsencrypt"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"21310021_44cff3a6","line":812,"range":{"start_line":811,"start_character":0,"end_line":812,"end_character":12},"in_reply_to":"3f9c83cc_0cf00438","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1fc4891ae6c66d724279ef0f5eb7c9f1f9a714fb","unresolved":true,"context_lines":[{"line_number":817,"context_line":"[letsencrypt-certbot:children]"},{"line_number":818,"context_line":"letsencrypt"},{"line_number":819,"context_line":""},{"line_number":820,"context_line":"[letsencrypt-ssh:children]"},{"line_number":821,"context_line":"letsencrypt"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"fa5a9f2d_46496836","line":821,"range":{"start_line":820,"start_character":0,"end_line":821,"end_character":11},"updated":"2022-02-15 11:25:43.000000000","message":"remove","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"1d417365b9eef924db79c7d88258006fe7888a73","unresolved":false,"context_lines":[{"line_number":817,"context_line":"[letsencrypt-certbot:children]"},{"line_number":818,"context_line":"letsencrypt"},{"line_number":819,"context_line":""},{"line_number":820,"context_line":"[letsencrypt-ssh:children]"},{"line_number":821,"context_line":"letsencrypt"}],"source_content_type":"text/x-jinja2","patch_set":131,"id":"0bffd99b_134ecf35","line":821,"range":{"start_line":820,"start_character":0,"end_line":821,"end_character":11},"in_reply_to":"fa5a9f2d_46496836","updated":"2022-02-18 01:59:07.000000000","message":"Done","commit_id":"04811fdb1e8a4757c3d414575c3325478d328d00"}],"tests/update-ca-cert.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":6,"context_line":"function update_ca_cert_logged {"},{"line_number":7,"context_line":"    sudo docker logs pebble"},{"line_number":8,"context_line":"    # update environment variables"},{"line_number":9,"context_line":"    sudo echo \"export OS_CACERT\u003d/tmp/pebble_cacert.pem\" \u003e\u003e /etc/kolla/admin-openrc.sh"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    cat /etc/kolla/admin-openrc.sh"},{"line_number":12,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":103,"id":"7e037b5b_ffaa385c","line":9,"updated":"2021-04-06 13:08:28.000000000","message":"Why not use kolla_admin_openrc_cacert?","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"4ee3249aaa58e178e104637977050d02210db23d","unresolved":false,"context_lines":[{"line_number":6,"context_line":"function update_ca_cert_logged {"},{"line_number":7,"context_line":"    sudo docker logs pebble"},{"line_number":8,"context_line":"    # update environment variables"},{"line_number":9,"context_line":"    sudo echo \"export OS_CACERT\u003d/tmp/pebble_cacert.pem\" \u003e\u003e /etc/kolla/admin-openrc.sh"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    cat /etc/kolla/admin-openrc.sh"},{"line_number":12,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":103,"id":"7db2fa61_710b97bd","line":9,"in_reply_to":"5625fcd1_0021373e","updated":"2023-07-17 11:53:45.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":true,"context_lines":[{"line_number":6,"context_line":"function update_ca_cert_logged {"},{"line_number":7,"context_line":"    sudo docker logs pebble"},{"line_number":8,"context_line":"    # update environment variables"},{"line_number":9,"context_line":"    sudo echo \"export OS_CACERT\u003d/tmp/pebble_cacert.pem\" \u003e\u003e /etc/kolla/admin-openrc.sh"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    cat /etc/kolla/admin-openrc.sh"},{"line_number":12,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":103,"id":"5625fcd1_0021373e","line":9,"in_reply_to":"7e037b5b_ffaa385c","updated":"2021-04-08 03:36:53.000000000","message":"We update the CA cert after deployment + certificate bootstrap.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"zuul.d/base.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"027945be01d93d8c6bf3eb65aea480172461dd1f","unresolved":true,"context_lines":[{"line_number":238,"context_line":"    vars:"},{"line_number":239,"context_line":"      scenario: lets-encrypt"},{"line_number":240,"context_line":"      tls_enabled: true"},{"line_number":241,"context_line":"      enable_letsencrypt: true"},{"line_number":242,"context_line":"      letsencrypt_pebble_enabled: true"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"ccd911ba_aa9deae6","line":242,"range":{"start_line":241,"start_character":6,"end_line":242,"end_character":38},"updated":"2021-03-17 12:35:05.000000000","message":"These are zuul variables, rather than Kolla Ansible variables.","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"71a679389f62bd295358e30da9e2f6cdb6a03fbd","unresolved":false,"context_lines":[{"line_number":238,"context_line":"    vars:"},{"line_number":239,"context_line":"      scenario: lets-encrypt"},{"line_number":240,"context_line":"      tls_enabled: true"},{"line_number":241,"context_line":"      enable_letsencrypt: true"},{"line_number":242,"context_line":"      letsencrypt_pebble_enabled: true"}],"source_content_type":"text/x-yaml","patch_set":40,"id":"99b9735a_ffce5cfd","line":242,"range":{"start_line":241,"start_character":6,"end_line":242,"end_character":38},"in_reply_to":"ccd911ba_aa9deae6","updated":"2021-03-22 19:11:59.000000000","message":"Done","commit_id":"2264a10ff0f86b0a43982487ab8d2b43cf3ec267"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88e859c20ce508eb2f29faf2ef4fad621e39d735","unresolved":true,"context_lines":[{"line_number":232,"context_line":"    files:"},{"line_number":233,"context_line":"      - ^ansible/roles/letsencrypt/"},{"line_number":234,"context_line":"      - ^tests/test-core-openstack.sh"},{"line_number":235,"context_line":"      - ^tests/test-lets-encrypt.sh"},{"line_number":236,"context_line":"    vars:"},{"line_number":237,"context_line":"      scenario: lets-encrypt"},{"line_number":238,"context_line":"      tls_enabled: true"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"a2428446_eb902d9d","line":235,"range":{"start_line":235,"start_character":6,"end_line":235,"end_character":35},"updated":"2021-04-06 13:08:28.000000000","message":"Doesn\u0027t exist. Missing start/stop pebble scripts.","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"268f0f9df58a88d2bfd3754d21122fa43187a605","unresolved":false,"context_lines":[{"line_number":232,"context_line":"    files:"},{"line_number":233,"context_line":"      - ^ansible/roles/letsencrypt/"},{"line_number":234,"context_line":"      - ^tests/test-core-openstack.sh"},{"line_number":235,"context_line":"      - ^tests/test-lets-encrypt.sh"},{"line_number":236,"context_line":"    vars:"},{"line_number":237,"context_line":"      scenario: lets-encrypt"},{"line_number":238,"context_line":"      tls_enabled: true"}],"source_content_type":"text/x-yaml","patch_set":103,"id":"79f35370_11c866ef","line":235,"range":{"start_line":235,"start_character":6,"end_line":235,"end_character":35},"in_reply_to":"a2428446_eb902d9d","updated":"2021-04-08 03:36:53.000000000","message":"Done","commit_id":"40690987a6c7511bb8be7737b939e5a98c0dbe44"}],"zuul.d/jobs.yaml":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"2caa81027da634454302da6672e63a0dc968af26","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    vars:"},{"line_number":8,"context_line":"      base_distro: centos"},{"line_number":9,"context_line":"      tls_enabled: true"},{"line_number":10,"context_line":"      le_enabled: false"},{"line_number":11,"context_line":"      kolla_build_images: true"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"- job:"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"aa12a306_cb674b33","line":10,"updated":"2023-07-28 11:16:21.000000000","message":"really needed? the parent not kolla-ansible-lets-encrypt-base\n\nhere and everywhere below?","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"17afb970c4fadc6728d84176f6265f42b91862e2","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    vars:"},{"line_number":8,"context_line":"      base_distro: centos"},{"line_number":9,"context_line":"      tls_enabled: true"},{"line_number":10,"context_line":"      le_enabled: false"},{"line_number":11,"context_line":"      kolla_build_images: true"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"- job:"}],"source_content_type":"text/x-yaml","patch_set":222,"id":"b57cc3dd_e5907dd3","line":10,"in_reply_to":"aa12a306_cb674b33","updated":"2023-08-09 13:08:11.000000000","message":"Done","commit_id":"d9e04deab773a3d7e85737a9ca3c8fe0a6b2d1f4"}],"zuul.d/project.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e2b6d0cd9df5bf098cbe7f031814bcf346340827","unresolved":true,"context_lines":[{"line_number":11,"context_line":"      - periodic-stable-jobs"},{"line_number":12,"context_line":"    check:"},{"line_number":13,"context_line":"      jobs:"},{"line_number":14,"context_line":"        - kolla-ansible-centos8s-source"},{"line_number":15,"context_line":"        - kolla-ansible-debian-source"},{"line_number":16,"context_line":"        - kolla-ansible-openeuler-source"},{"line_number":17,"context_line":"        - kolla-ansible-rocky8-source"}],"source_content_type":"text/x-yaml","patch_set":158,"id":"11122946_9912373d","line":14,"updated":"2022-06-08 16:11:12.000000000","message":"Let\u0027s not run all these jobs every time - PS158...","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"0b4a18c36929431f1e2453b309845d775b35c079","unresolved":true,"context_lines":[{"line_number":11,"context_line":"      - periodic-stable-jobs"},{"line_number":12,"context_line":"    check:"},{"line_number":13,"context_line":"      jobs:"},{"line_number":14,"context_line":"        - kolla-ansible-centos8s-source"},{"line_number":15,"context_line":"        - kolla-ansible-debian-source"},{"line_number":16,"context_line":"        - kolla-ansible-openeuler-source"},{"line_number":17,"context_line":"        - kolla-ansible-rocky8-source"}],"source_content_type":"text/x-yaml","patch_set":158,"id":"33fed22d_c5f90ebd","line":14,"in_reply_to":"11122946_9912373d","updated":"2022-06-14 04:08:33.000000000","message":"I will comment out while iterating on fixes and restore when working.","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e8226333b1784f6005e605b511278e2e7d390c3e","unresolved":false,"context_lines":[{"line_number":11,"context_line":"      - periodic-stable-jobs"},{"line_number":12,"context_line":"    check:"},{"line_number":13,"context_line":"      jobs:"},{"line_number":14,"context_line":"        - kolla-ansible-centos8s-source"},{"line_number":15,"context_line":"        - kolla-ansible-debian-source"},{"line_number":16,"context_line":"        - kolla-ansible-openeuler-source"},{"line_number":17,"context_line":"        - kolla-ansible-rocky8-source"}],"source_content_type":"text/x-yaml","patch_set":158,"id":"b83575d8_9b7f85b9","line":14,"in_reply_to":"33fed22d_c5f90ebd","updated":"2023-07-17 11:49:26.000000000","message":"Done","commit_id":"3f5132f593b94fe45d3f106970bb42a947ea35d1"}]}