)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7726808ea05fd38266546e2c633fe9d6ea5f4864","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"0f89c035_48c093f2","updated":"2025-03-13 15:09:53.000000000","message":"Can we test for it and make it fail? We\u0027ve revisited that so many times and was never able to reproduce.","commit_id":"b6578dc28d6cd35e8b0db2e93fa31ae6c66e2ac9"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"e69ef0ed45353950d0b8b25a9f7c4bc40485c35b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"360ea507_562f63a0","updated":"2026-01-23 07:50:45.000000000","message":"lets see for another solution: https://review.opendev.org/c/openstack/kolla-ansible/+/974386","commit_id":"b6578dc28d6cd35e8b0db2e93fa31ae6c66e2ac9"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"eeaf94309dcb7e9fd4e5ba6773ed1a8f890db243","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e3650c88_a6363afe","in_reply_to":"0f89c035_48c093f2","updated":"2025-03-13 22:53:14.000000000","message":"You mean testing by hand? The way to reproduce the issue is well described in the bug report.\nOr do you want to check what happens when saslpasswd is executed twice?","commit_id":"b6578dc28d6cd35e8b0db2e93fa31ae6c66e2ac9"}],"ansible/roles/nova-cell/handlers/main.yml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4b7f7c605ed90d3190cffd8da6cfdd56516e3be9","unresolved":true,"context_lines":[{"line_number":128,"context_line":"  retries: 10"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"0bfde804_59b62c04","line":131,"range":{"start_line":131,"start_character":51,"end_line":131,"end_character":69},"updated":"2024-04-19 10:14:48.000000000","message":"nit: we don\u0027t seem to check if there is a fqdn so you can omit the \"if host provide it\"\nextra nit: \"if the host provides it\" would be the correct spelling, I guess (also not a native speaker).","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"752889bebbfc7456d1f92062e6f12a82ddc04842","unresolved":false,"context_lines":[{"line_number":128,"context_line":"  retries: 10"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"78fc7c80_74128675","line":131,"range":{"start_line":131,"start_character":51,"end_line":131,"end_character":69},"in_reply_to":"0bfde804_59b62c04","updated":"2024-04-19 14:22:06.000000000","message":"no need to check, because saslpasswd2 didn\u0027t create duplicate records in Berkeley DB file\nsure, \"provides\", thanks)","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4b7f7c605ed90d3190cffd8da6cfdd56516e3be9","unresolved":true,"context_lines":[{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"},{"line_number":135,"context_line":"    cmd: \u003e"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"a0b8ec56_c61b77f1","line":132,"range":{"start_line":132,"start_character":28,"end_line":132,"end_character":32},"updated":"2024-04-19 10:14:48.000000000","message":"nit: \"users\" now :)","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"752889bebbfc7456d1f92062e6f12a82ddc04842","unresolved":false,"context_lines":[{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"},{"line_number":135,"context_line":"    cmd: \u003e"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e5552d2f_306792be","line":132,"range":{"start_line":132,"start_character":28,"end_line":132,"end_character":32},"in_reply_to":"a0b8ec56_c61b77f1","updated":"2024-04-19 14:22:06.000000000","message":"nope, user, single user - nova ;)","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5fbb07b366980a122388fbad96f57872dc1dbbe5","unresolved":true,"context_lines":[{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"},{"line_number":135,"context_line":"    cmd: \u003e"},{"line_number":136,"context_line":"      set -o pipefail \u0026\u0026"},{"line_number":137,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":138,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":139,"context_line":"      saslpasswd2 -c -p -u $(hostname -s) -a libvirt {{ libvirt_sasl_authname }} \u0026\u0026"},{"line_number":140,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":141,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":142,"context_line":"      saslpasswd2 -c -p -u $(hostname -f) -a libvirt {{ libvirt_sasl_authname }}"},{"line_number":143,"context_line":"    executable: /bin/bash"},{"line_number":144,"context_line":"  changed_when: true"},{"line_number":145,"context_line":"  no_log: true"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"- name: Reload libvirtd"},{"line_number":148,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"445f60f0_6ce5ccff","line":145,"range":{"start_line":132,"start_character":0,"end_line":145,"end_character":14},"updated":"2024-04-18 15:27:48.000000000","message":"for the record: I don\u0027t like this task (even the old iteration of it) for these reasons:\n- it\u0027s very racy (needs to exec in a container, which might or might not run/be restarted during the tasks runtime)\n- echoes a password via shell (insecure)\n\na few ideas how to maybe do this better:\n\n- first idea: at least don\u0027t pipe from host to container, the libvirt sasl password should already be available inside the container, no? so move the whole generation inside the container.\n- I\u0027m not sure this even belongs in a handler.\n\nAnyway, assuming we don\u0027t rewrite the whole logic in this changeset this does look okayish.","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"927ec6ddf3229fbb8911aef951d5a1fdd7d33b1a","unresolved":true,"context_lines":[{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"},{"line_number":135,"context_line":"    cmd: \u003e"},{"line_number":136,"context_line":"      set -o pipefail \u0026\u0026"},{"line_number":137,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":138,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":139,"context_line":"      saslpasswd2 -c -p -u $(hostname -s) -a libvirt {{ libvirt_sasl_authname }} \u0026\u0026"},{"line_number":140,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":141,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":142,"context_line":"      saslpasswd2 -c -p -u $(hostname -f) -a libvirt {{ libvirt_sasl_authname }}"},{"line_number":143,"context_line":"    executable: /bin/bash"},{"line_number":144,"context_line":"  changed_when: true"},{"line_number":145,"context_line":"  no_log: true"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"- name: Reload libvirtd"},{"line_number":148,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7aa48793_59f95965","line":145,"range":{"start_line":132,"start_character":0,"end_line":145,"end_character":14},"in_reply_to":"445f60f0_6ce5ccff","updated":"2024-04-18 20:18:09.000000000","message":"1. nope. and the password was here and don\u0027t logged due to \u0027no_log: true\u0027 stanza.\n2. what you\u0027r talking about? a handler?","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"66215015cbb11aaac204e92e19a948cd577434eb","unresolved":false,"context_lines":[{"line_number":129,"context_line":""},{"line_number":130,"context_line":"# The SASL user needs to exist in order for nova-compute to start successfully."},{"line_number":131,"context_line":"# Lets create user for plain hostname and fqdn too if host provide it."},{"line_number":132,"context_line":"- name: Create libvirt SASL user"},{"line_number":133,"context_line":"  become: true"},{"line_number":134,"context_line":"  shell:"},{"line_number":135,"context_line":"    cmd: \u003e"},{"line_number":136,"context_line":"      set -o pipefail \u0026\u0026"},{"line_number":137,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":138,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":139,"context_line":"      saslpasswd2 -c -p -u $(hostname -s) -a libvirt {{ libvirt_sasl_authname }} \u0026\u0026"},{"line_number":140,"context_line":"      echo {{ libvirt_sasl_password }} |"},{"line_number":141,"context_line":"      {{ kolla_container_engine }} exec -i nova_libvirt"},{"line_number":142,"context_line":"      saslpasswd2 -c -p -u $(hostname -f) -a libvirt {{ libvirt_sasl_authname }}"},{"line_number":143,"context_line":"    executable: /bin/bash"},{"line_number":144,"context_line":"  changed_when: true"},{"line_number":145,"context_line":"  no_log: true"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"- name: Reload libvirtd"},{"line_number":148,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"d0c45ec7_6d1f82e3","line":145,"range":{"start_line":132,"start_character":0,"end_line":145,"end_character":14},"in_reply_to":"7aa48793_59f95965","updated":"2024-04-19 14:23:44.000000000","message":"btw the password even didn\u0027t logged in syslog even ;)","commit_id":"cfb25d7746be4d039aad26d1a01ccaba7d53c3c5"}]}