)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d4496f9d86cd4cac32a6a1c2017b3ae37e197e1d","unresolved":true,"context_lines":[{"line_number":13,"context_line":"`copy-certs` task to use the patched `service-cert-copy` role"},{"line_number":14,"context_line":"instead of writing its own to prevent repetition of the code."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/921380"},{"line_number":17,"context_line":"Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/915901"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Change-Id: I0ea0da70e106b11f57b3206f80d63ab030106129"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":14,"id":"b7b4b3bd_52ebdf48","line":17,"range":{"start_line":16,"start_character":0,"end_line":17,"end_character":73},"updated":"2024-08-06 16:57:02.000000000","message":"nit: technically not needed","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"05073f46651ac40632ef455f9842e501f26f9dc3","unresolved":false,"context_lines":[{"line_number":13,"context_line":"`copy-certs` task to use the patched `service-cert-copy` role"},{"line_number":14,"context_line":"instead of writing its own to prevent repetition of the code."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/921380"},{"line_number":17,"context_line":"Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/915901"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Change-Id: I0ea0da70e106b11f57b3206f80d63ab030106129"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":14,"id":"04d1d2fc_51589c4c","line":17,"range":{"start_line":16,"start_character":0,"end_line":17,"end_character":73},"in_reply_to":"b7b4b3bd_52ebdf48","updated":"2024-08-12 09:32:16.000000000","message":"Done","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"c977d9e699a50354ecc69bd8ae25b54beddf51a1","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":4,"id":"08647a2e_e1fee735","updated":"2024-06-07 13:04:07.000000000","message":"regarding Backport-Candidate Voting: We might need to backport this, to facilitate SLURP Upgrades, not sure how we should handle that though. Needs more investigation I\u0027d say. Thus making this \"unresolved\" comment to highlight this imho important topic.","commit_id":"865da622aeea71c9a3306a6a33dc44d8dbde170b"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"12676ff7d17e4f714784673448d00158eb5c3d31","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"0f33b11e_ecc01486","updated":"2024-06-11 08:27:10.000000000","message":"Currently investigating why sometimes the CI jobs rabbitmq startup time seems to be too long.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"8394f3d251c64f7cccd1d3e65b41f775ff5318e3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"d7c1e544_aa65ea7d","updated":"2024-06-26 13:35:47.000000000","message":"I think we\u0027re missing rabbitmq_enable_internode_tls in group_vars/all and globals.yml","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"3a45b8ddd205b1d26e9e2e251a9f9c74e5086b00","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"cbc5c2f6_49aa2b32","updated":"2024-06-26 13:53:34.000000000","message":"thanks for the review","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"3a45b8ddd205b1d26e9e2e251a9f9c74e5086b00","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"7eed2f37_5b164c5e","in_reply_to":"d7c1e544_aa65ea7d","updated":"2024-06-26 13:53:34.000000000","message":"We don\u0027t it\u0027s [here](https://review.opendev.org/c/openstack/kolla-ansible/+/921381/7/ansible/group_vars/all.yml#911)","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d4496f9d86cd4cac32a6a1c2017b3ae37e197e1d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"5e6c28d1_de52250a","updated":"2024-08-06 16:57:02.000000000","message":"most of the code actually LGTM, but largest blockers for me currently are the question if we rather should used advanced.config file instead of CLI parameters - which are both debatable/viable - and the seemingly unrelated changes with regards to fluentd.","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"05073f46651ac40632ef455f9842e501f26f9dc3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"9ce47233_93142dc2","updated":"2024-08-12 09:32:16.000000000","message":"thanks for the review","commit_id":"90ad468c95598532169404e3b69954e5ca13b807"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"568b0eed58f480419ba9b1f96f189f08890b6037","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":21,"id":"732fb786_6f6afcd4","updated":"2024-09-04 16:14:03.000000000","message":"mostly LGTM, want to still investigate some of the CI failures.","commit_id":"b4a7119478c9a256e92f7d987ab9d1c761ada9c3"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"44ec6281818a9a04c05ecf54f423f7215c34c9e0","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":22,"id":"b14d57a7_729b1bff","updated":"2024-09-06 07:53:09.000000000","message":"this failed during deploy-prechecks with the following, thus I rebased on the change removing prometheus, hopefully fixing this:\n\n```\n}\n\nfailed: [primary] (item\u003dprometheus-msteams) \u003d\u003e {\n\n    \"ansible_loop_var\": \"item\",\n\n    \"changed\": false,\n\n    \"item\": {\n\n        \"key\": \"prometheus-msteams\",\n\n        \"value\": {\n\n            \"container_name\": \"prometheus_msteams\",\n\n            \"dimensions\": {},\n\n            \"enabled\": false,\n\n            \"environment\": {\n\n                \"http_proxy\": \"\",\n\n                \"https_proxy\": \"\",\n\n                \"no_proxy\": \"localhost,127.0.0.1,192.0.2.1,192.0.2.10\"\n\n            },\n\n            \"group\": \"prometheus-msteams\",\n\n            \"image\": \"mirror-int.iad.rax.opendev.org:4447/openstack.kolla/prometheus-msteams:2024.1-ubuntu-jammy\",\n\n            \"volumes\": [\n\n                \"/etc/kolla/prometheus-msteams/:/var/lib/kolla/config_files/:ro\",\n\n                \"/etc/localtime:/etc/localtime:ro\",\n\n                \"/etc/timezone:/etc/timezone:ro\",\n\n                \"kolla_logs:/var/log/kolla/\"\n\n            ]\n\n        }\n\n    },\n\n    \"msg\": \"Ansible inventory does not contain the expected group prometheus-msteams for service prometheus-msteams in prometheus.\"\n\n}\n```","commit_id":"8b5517cca97bf2e2dab25271033538915825226a"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"698849c44c99fca3c47047a8641d0f4721cb08f5","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":22,"id":"f8446610_a69191ea","in_reply_to":"b14d57a7_729b1bff","updated":"2024-09-06 11:25:30.000000000","message":"Idk what happend but after this rebase no pipeline works, it fails on deploy.","commit_id":"8b5517cca97bf2e2dab25271033538915825226a"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"1f6b9f6caa2d8036859f7cfd30ec954323af7e72","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":22,"id":"f87b4bc4_5c757d5e","in_reply_to":"e0b7a172_108598d6","updated":"2024-09-06 13:44:13.000000000","message":"sorry, wrong rebase! should be fixed now.","commit_id":"8b5517cca97bf2e2dab25271033538915825226a"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"818bc3b780c0a7fa7c2a9978c78fb653cf066958","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":22,"id":"e0b7a172_108598d6","in_reply_to":"f8446610_a69191ea","updated":"2024-09-06 13:40:53.000000000","message":"it fails (again? I think we hit this failure mode before, as far as I remember) in TASK [rabbitmq : Waiting for rabbitmq to start] \n\nwaiting for the pid file for ages..investigating.","commit_id":"8b5517cca97bf2e2dab25271033538915825226a"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"517529cbb73382ca02b5c309cfcdced0d41f69de","unresolved":true,"context_lines":[{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"no\""},{"line_number":912,"context_line":""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":914,"context_line":"  -pa $ERL_SSL_PATH"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"41d92eb8_6fbb0e15","line":911,"updated":"2024-06-06 10:21:57.000000000","message":"should we default to true when backend tls is enabled?\nWhy those vars need to be in globals?","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"6be2dc73b7389f3bfb20e591c0b9d954286c2e0f","unresolved":true,"context_lines":[{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"no\""},{"line_number":912,"context_line":""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":914,"context_line":"  -pa $ERL_SSL_PATH"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"fa562986_4e4c054f","line":911,"in_reply_to":"41d92eb8_6fbb0e15","updated":"2024-06-06 13:40:49.000000000","message":"They are not client-server TLS `rabbitmq_enable_tls: \"no\"`, so I did the same for internode. I agree that it should the default for both:\n```yaml\nrabbitmq_enable_tls: \"{{ kolla_enable_tls_backend }}\"\nrabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\"\n```","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"eca681956495c8d423521e4a879a84993deced6b","unresolved":false,"context_lines":[{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"no\""},{"line_number":912,"context_line":""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":914,"context_line":"  -pa $ERL_SSL_PATH"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"86e797c4_ba864297","line":911,"in_reply_to":"fa562986_4e4c054f","updated":"2024-06-07 15:09:11.000000000","message":"Done","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"0e6e3373859ab5f3abbaedafc589e10c35c71d26","unresolved":true,"context_lines":[{"line_number":907,"context_line":"# CA certificate bundle in RabbitMQ container."},{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_erl_ssl_path: \"/usr/lib64/erlang/lib/ssl-11.1.4/ebin\""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"fbceabb0_b8f71f73","line":910,"updated":"2024-06-26 13:59:32.000000000","message":"Now the question actually is - do we need those here or can those be in rabbitmq role defaults? (e.g. if any other role than rabbitmq needs those vars)","commit_id":"babf12d987b523b425ba57f76ad4b6b1928af851"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"19a874a1df438769dafaccf00af4fbb775d8992f","unresolved":false,"context_lines":[{"line_number":907,"context_line":"# CA certificate bundle in RabbitMQ container."},{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_erl_ssl_path: \"/usr/lib64/erlang/lib/ssl-11.1.4/ebin\""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"fabac374_47d0cedd","line":910,"in_reply_to":"8558a570_c6d0db6c","updated":"2024-07-09 11:18:58.000000000","message":"Acknowledged","commit_id":"babf12d987b523b425ba57f76ad4b6b1928af851"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"58266e6950f4cd78fdbe6a2e6713f8eebef7e2c2","unresolved":true,"context_lines":[{"line_number":907,"context_line":"# CA certificate bundle in RabbitMQ container."},{"line_number":908,"context_line":"rabbitmq_cacert: \"/etc/ssl/certs/{{ \u0027ca-certificates.crt\u0027 if kolla_base_distro in [\u0027debian\u0027, \u0027ubuntu\u0027] else \u0027ca-bundle.trust.crt\u0027 }}\""},{"line_number":909,"context_line":"rabbitmq_datadir_volume: \"rabbitmq\""},{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_erl_ssl_path: \"/usr/lib64/erlang/lib/ssl-11.1.4/ebin\""},{"line_number":913,"context_line":"rabbitmq_internode_tls_server_args: \u003e"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"8558a570_c6d0db6c","line":910,"in_reply_to":"fbceabb0_b8f71f73","updated":"2024-06-27 08:06:19.000000000","message":"`rabbitmq_internode_tls_cli_args` is used in both rabbitmq and kolla toolbox role.","commit_id":"babf12d987b523b425ba57f76ad4b6b1928af851"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d4496f9d86cd4cac32a6a1c2017b3ae37e197e1d","unresolved":true,"context_lines":[{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":913,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":914,"context_line":"  -proto_dist inet_tls"},{"line_number":915,"context_line":"  -ssl_dist_opt server_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":916,"context_line":"  -ssl_dist_opt server_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":917,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":918,"context_line":"  -ssl_dist_opt server_verify verify_peer"},{"line_number":919,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":920,"context_line":""},{"line_number":921,"context_line":"rabbitmq_internode_tls_cli_args: \u003e"},{"line_number":922,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":923,"context_line":"  -proto_dist inet_tls"},{"line_number":924,"context_line":"  -ssl_dist_opt client_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":925,"context_line":"  -ssl_dist_opt client_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":926,"context_line":"  -ssl_dist_opt client_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":927,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":928,"context_line":"  -ssl_dist_opt client_verify verify_peer"},{"line_number":929,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":930,"context_line":""},{"line_number":931,"context_line":"####################"},{"line_number":932,"context_line":"# HAProxy options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"2d863d0c_a9961795","line":929,"range":{"start_line":913,"start_character":0,"end_line":929,"end_character":77},"updated":"2024-08-06 16:57:02.000000000","message":"I\u0027m not sure we want to hardcode all these paths\u0027 and arguments, there also seems to be the option to supply these settings via the rabbitmq `advanced.config` file, what do you think, which solution would work better for us?\n\nWe already have the template here: https://opendev.org/openstack/kolla-ansible/src/branch/master/ansible/roles/rabbitmq/templates/advanced.config.j2\n\nSee: https://www.rabbitmq.com/docs/clustering-ssl#linux-strategy-two (advanced.config)\nand https://www.rabbitmq.com/docs/clustering-ssl#linux-strategy-one (individual flags, currently used approach in this Patchset).\n\nthe deployment guide mentions that both strategies are supported and implementers are encouraged to choose the strategy which works best for us:\n\nhttps://www.rabbitmq.com/docs/clustering-ssl\n\nI currently tend to think the advanced.config solution might be better, but I\u0027m not 100% sure.","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"05073f46651ac40632ef455f9842e501f26f9dc3","unresolved":true,"context_lines":[{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":913,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":914,"context_line":"  -proto_dist inet_tls"},{"line_number":915,"context_line":"  -ssl_dist_opt server_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":916,"context_line":"  -ssl_dist_opt server_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":917,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":918,"context_line":"  -ssl_dist_opt server_verify verify_peer"},{"line_number":919,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":920,"context_line":""},{"line_number":921,"context_line":"rabbitmq_internode_tls_cli_args: \u003e"},{"line_number":922,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":923,"context_line":"  -proto_dist inet_tls"},{"line_number":924,"context_line":"  -ssl_dist_opt client_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":925,"context_line":"  -ssl_dist_opt client_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":926,"context_line":"  -ssl_dist_opt client_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":927,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":928,"context_line":"  -ssl_dist_opt client_verify verify_peer"},{"line_number":929,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":930,"context_line":""},{"line_number":931,"context_line":"####################"},{"line_number":932,"context_line":"# HAProxy options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"c13536ed_f46c24f8","line":929,"range":{"start_line":913,"start_character":0,"end_line":929,"end_character":77},"in_reply_to":"2d863d0c_a9961795","updated":"2024-08-12 09:32:16.000000000","message":"I didn\u0027t manage to get https://www.rabbitmq.com/docs/clustering-ssl#linux-strategy-two  working neither in Kolla nor in pure rabbitmq (two instances on cloud running rabbitmq). That\u0027s why I have chosen https://www.rabbitmq.com/docs/clustering-ssl#linux-strategy-one  and I had to modify it slightly in Kolla to make it work","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"40b9c0ac941640169943ac5d036327294b1bcc6a","unresolved":false,"context_lines":[{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":913,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":914,"context_line":"  -proto_dist inet_tls"},{"line_number":915,"context_line":"  -ssl_dist_opt server_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":916,"context_line":"  -ssl_dist_opt server_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":917,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":918,"context_line":"  -ssl_dist_opt server_verify verify_peer"},{"line_number":919,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":920,"context_line":""},{"line_number":921,"context_line":"rabbitmq_internode_tls_cli_args: \u003e"},{"line_number":922,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":923,"context_line":"  -proto_dist inet_tls"},{"line_number":924,"context_line":"  -ssl_dist_opt client_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":925,"context_line":"  -ssl_dist_opt client_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":926,"context_line":"  -ssl_dist_opt client_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":927,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":928,"context_line":"  -ssl_dist_opt client_verify verify_peer"},{"line_number":929,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":930,"context_line":""},{"line_number":931,"context_line":"####################"},{"line_number":932,"context_line":"# HAProxy options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"353960b9_bc2db405","line":929,"range":{"start_line":913,"start_character":0,"end_line":929,"end_character":77},"in_reply_to":"50c3f651_d458de1f","updated":"2024-09-04 16:14:38.000000000","message":"Done","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"b25fcf297ad3579aa211ce0fe802b4e620a4d374","unresolved":true,"context_lines":[{"line_number":910,"context_line":"# Whether to enable TLS encryption for RabbitMQ node-to-node communication."},{"line_number":911,"context_line":"rabbitmq_enable_internode_tls: \"{{ kolla_enable_tls_backend }}\""},{"line_number":912,"context_line":"rabbitmq_internode_tls_server_args: \u003e"},{"line_number":913,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":914,"context_line":"  -proto_dist inet_tls"},{"line_number":915,"context_line":"  -ssl_dist_opt server_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":916,"context_line":"  -ssl_dist_opt server_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":917,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":918,"context_line":"  -ssl_dist_opt server_verify verify_peer"},{"line_number":919,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":920,"context_line":""},{"line_number":921,"context_line":"rabbitmq_internode_tls_cli_args: \u003e"},{"line_number":922,"context_line":"  -pa $ERL_SSL_PATH"},{"line_number":923,"context_line":"  -proto_dist inet_tls"},{"line_number":924,"context_line":"  -ssl_dist_opt client_certfile /etc/rabbitmq/certs/rabbitmq-internode-cert.pem"},{"line_number":925,"context_line":"  -ssl_dist_opt client_keyfile /etc/rabbitmq/certs/rabbitmq-internode-key.pem"},{"line_number":926,"context_line":"  -ssl_dist_opt client_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":927,"context_line":"  -ssl_dist_opt server_cacertfile /etc/rabbitmq/certs/ca-certificates.pem"},{"line_number":928,"context_line":"  -ssl_dist_opt client_verify verify_peer"},{"line_number":929,"context_line":"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"},{"line_number":930,"context_line":""},{"line_number":931,"context_line":"####################"},{"line_number":932,"context_line":"# HAProxy options"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"50c3f651_d458de1f","line":929,"range":{"start_line":913,"start_character":0,"end_line":929,"end_character":77},"in_reply_to":"c13536ed_f46c24f8","updated":"2024-08-12 12:56:03.000000000","message":"Ok, I managed to get it to work using strategy two now. I may upload the patch, but I see both strategies as equal in our case.","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"}],"ansible/roles/common/tasks/config.yml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d4496f9d86cd4cac32a6a1c2017b3ae37e197e1d","unresolved":true,"context_lines":[{"line_number":39,"context_line":"  command: systemd-tmpfiles --create"},{"line_number":40,"context_line":"  when: kolla_container_engine \u003d\u003d \u0027podman\u0027"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"- name: Ensure fluentd image is present for label check"},{"line_number":43,"context_line":"  vars:"},{"line_number":44,"context_line":"    service_name: \"fluentd\""},{"line_number":45,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":46,"context_line":"  become: true"},{"line_number":47,"context_line":"  kolla_container:"},{"line_number":48,"context_line":"    action: \"ensure_image\""},{"line_number":49,"context_line":"    common_options: \"{{ docker_common_options }}\""},{"line_number":50,"context_line":"    image: \"{{ service.image }}\""},{"line_number":51,"context_line":"  when: enable_fluentd | bool"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- name: Fetch fluentd Docker image labels"},{"line_number":54,"context_line":"  vars:"},{"line_number":55,"context_line":"    service_name: \"fluentd\""},{"line_number":56,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":57,"context_line":"  become: true"},{"line_number":58,"context_line":"  docker_image_info:"},{"line_number":59,"context_line":"    name: \"{{ service.image }}\""},{"line_number":60,"context_line":"  register: fluentd_labels_docker"},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":63,"context_line":"    - enable_fluentd | bool"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"- name: Set fluentd facts"},{"line_number":66,"context_line":"  set_fact:"},{"line_number":67,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_binary | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_binary) | default(\u0027td-agent\u0027) }}\""},{"line_number":68,"context_line":"    fluentd_user: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_user | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_user) | default(\u0027td-agent\u0027) }}\""},{"line_number":69,"context_line":"  when:"},{"line_number":70,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":71,"context_line":"    - enable_fluentd | bool"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"- name: Fetch fluentd Podman image labels"},{"line_number":74,"context_line":"  vars:"},{"line_number":75,"context_line":"    service_name: \"fluentd\""},{"line_number":76,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":77,"context_line":"  become: true"},{"line_number":78,"context_line":"  podman_image_info:"},{"line_number":79,"context_line":"    name: \"{{ service.image }}\""},{"line_number":80,"context_line":"  register: fluentd_labels_podman"},{"line_number":81,"context_line":"  when:"},{"line_number":82,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":83,"context_line":"    - enable_fluentd | bool"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"- name: Set fluentd facts"},{"line_number":86,"context_line":"  set_fact:"},{"line_number":87,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_binary | default(\u0027td-agent\u0027) }}\""},{"line_number":88,"context_line":"    fluentd_user: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_user | default(\u0027td-agent\u0027) }}\""},{"line_number":89,"context_line":"  when:"},{"line_number":90,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":91,"context_line":"    - enable_fluentd | bool"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"- name: Get info on RabbitMQ container"},{"line_number":94,"context_line":"  become: True"},{"line_number":95,"context_line":"  kolla_container_facts:"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"8638f683_4776d222","line":92,"range":{"start_line":42,"start_character":0,"end_line":92,"end_character":1},"updated":"2024-08-06 16:57:02.000000000","message":"I\u0027m not sure how these fluentd changes are related to internode rabbitmq tls?\nIs this due to a rebase gone wrong, or is this actually needed? I don\u0027t quite understand it, tbh.","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"27afe3a36f41b38c55481491924b8f799400a94c","unresolved":false,"context_lines":[{"line_number":39,"context_line":"  command: systemd-tmpfiles --create"},{"line_number":40,"context_line":"  when: kolla_container_engine \u003d\u003d \u0027podman\u0027"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"- name: Ensure fluentd image is present for label check"},{"line_number":43,"context_line":"  vars:"},{"line_number":44,"context_line":"    service_name: \"fluentd\""},{"line_number":45,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":46,"context_line":"  become: true"},{"line_number":47,"context_line":"  kolla_container:"},{"line_number":48,"context_line":"    action: \"ensure_image\""},{"line_number":49,"context_line":"    common_options: \"{{ docker_common_options }}\""},{"line_number":50,"context_line":"    image: \"{{ service.image }}\""},{"line_number":51,"context_line":"  when: enable_fluentd | bool"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- name: Fetch fluentd Docker image labels"},{"line_number":54,"context_line":"  vars:"},{"line_number":55,"context_line":"    service_name: \"fluentd\""},{"line_number":56,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":57,"context_line":"  become: true"},{"line_number":58,"context_line":"  docker_image_info:"},{"line_number":59,"context_line":"    name: \"{{ service.image }}\""},{"line_number":60,"context_line":"  register: fluentd_labels_docker"},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":63,"context_line":"    - enable_fluentd | bool"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"- name: Set fluentd facts"},{"line_number":66,"context_line":"  set_fact:"},{"line_number":67,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_binary | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_binary) | default(\u0027td-agent\u0027) }}\""},{"line_number":68,"context_line":"    fluentd_user: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_user | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_user) | default(\u0027td-agent\u0027) }}\""},{"line_number":69,"context_line":"  when:"},{"line_number":70,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":71,"context_line":"    - enable_fluentd | bool"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"- name: Fetch fluentd Podman image labels"},{"line_number":74,"context_line":"  vars:"},{"line_number":75,"context_line":"    service_name: \"fluentd\""},{"line_number":76,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":77,"context_line":"  become: true"},{"line_number":78,"context_line":"  podman_image_info:"},{"line_number":79,"context_line":"    name: \"{{ service.image }}\""},{"line_number":80,"context_line":"  register: fluentd_labels_podman"},{"line_number":81,"context_line":"  when:"},{"line_number":82,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":83,"context_line":"    - enable_fluentd | bool"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"- name: Set fluentd facts"},{"line_number":86,"context_line":"  set_fact:"},{"line_number":87,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_binary | default(\u0027td-agent\u0027) }}\""},{"line_number":88,"context_line":"    fluentd_user: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_user | default(\u0027td-agent\u0027) }}\""},{"line_number":89,"context_line":"  when:"},{"line_number":90,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":91,"context_line":"    - enable_fluentd | bool"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"- name: Get info on RabbitMQ container"},{"line_number":94,"context_line":"  become: True"},{"line_number":95,"context_line":"  kolla_container_facts:"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"7c32701f_26170f4f","line":92,"range":{"start_line":42,"start_character":0,"end_line":92,"end_character":1},"in_reply_to":"5e8da757_0ecea3f3","updated":"2024-08-12 09:35:45.000000000","message":"Done","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"05073f46651ac40632ef455f9842e501f26f9dc3","unresolved":true,"context_lines":[{"line_number":39,"context_line":"  command: systemd-tmpfiles --create"},{"line_number":40,"context_line":"  when: kolla_container_engine \u003d\u003d \u0027podman\u0027"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"- name: Ensure fluentd image is present for label check"},{"line_number":43,"context_line":"  vars:"},{"line_number":44,"context_line":"    service_name: \"fluentd\""},{"line_number":45,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":46,"context_line":"  become: true"},{"line_number":47,"context_line":"  kolla_container:"},{"line_number":48,"context_line":"    action: \"ensure_image\""},{"line_number":49,"context_line":"    common_options: \"{{ docker_common_options }}\""},{"line_number":50,"context_line":"    image: \"{{ service.image }}\""},{"line_number":51,"context_line":"  when: enable_fluentd | bool"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"- name: Fetch fluentd Docker image labels"},{"line_number":54,"context_line":"  vars:"},{"line_number":55,"context_line":"    service_name: \"fluentd\""},{"line_number":56,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":57,"context_line":"  become: true"},{"line_number":58,"context_line":"  docker_image_info:"},{"line_number":59,"context_line":"    name: \"{{ service.image }}\""},{"line_number":60,"context_line":"  register: fluentd_labels_docker"},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":63,"context_line":"    - enable_fluentd | bool"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"- name: Set fluentd facts"},{"line_number":66,"context_line":"  set_fact:"},{"line_number":67,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_binary | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_binary) | default(\u0027td-agent\u0027) }}\""},{"line_number":68,"context_line":"    fluentd_user: \"{{ fluentd_labels_docker.images[0].Config.Labels.fluentd_user | default(fluentd_labels_docker.images[0].ContainerConfig.Labels.fluentd_user) | default(\u0027td-agent\u0027) }}\""},{"line_number":69,"context_line":"  when:"},{"line_number":70,"context_line":"    - kolla_container_engine \u003d\u003d \"docker\""},{"line_number":71,"context_line":"    - enable_fluentd | bool"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"- name: Fetch fluentd Podman image labels"},{"line_number":74,"context_line":"  vars:"},{"line_number":75,"context_line":"    service_name: \"fluentd\""},{"line_number":76,"context_line":"    service: \"{{ common_services[service_name] }}\""},{"line_number":77,"context_line":"  become: true"},{"line_number":78,"context_line":"  podman_image_info:"},{"line_number":79,"context_line":"    name: \"{{ service.image }}\""},{"line_number":80,"context_line":"  register: fluentd_labels_podman"},{"line_number":81,"context_line":"  when:"},{"line_number":82,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":83,"context_line":"    - enable_fluentd | bool"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"- name: Set fluentd facts"},{"line_number":86,"context_line":"  set_fact:"},{"line_number":87,"context_line":"    fluentd_cmd: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_binary | default(\u0027td-agent\u0027) }}\""},{"line_number":88,"context_line":"    fluentd_user: \"{{ fluentd_labels_podman.images[0].Config.Labels.fluentd_user | default(\u0027td-agent\u0027) }}\""},{"line_number":89,"context_line":"  when:"},{"line_number":90,"context_line":"    - kolla_container_engine \u003d\u003d \"podman\""},{"line_number":91,"context_line":"    - enable_fluentd | bool"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"- name: Get info on RabbitMQ container"},{"line_number":94,"context_line":"  become: True"},{"line_number":95,"context_line":"  kolla_container_facts:"}],"source_content_type":"text/x-yaml","patch_set":14,"id":"5e8da757_0ecea3f3","line":92,"range":{"start_line":42,"start_character":0,"end_line":92,"end_character":1},"in_reply_to":"8638f683_4776d222","updated":"2024-08-12 09:32:16.000000000","message":"was a rebase gone wrong, it\u0027s removed now","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"568b0eed58f480419ba9b1f96f189f08890b6037","unresolved":true,"context_lines":[{"line_number":254,"context_line":"  when:"},{"line_number":255,"context_line":"    - item.key !\u003d \"kolla-toolbox\""},{"line_number":256,"context_line":"  with_dict: \"{{ common_services | select_services_enabled_and_mapped_to_host }}\""},{"line_number":257,"context_line":"- name: Copy Advanced rabbitmq config for kolla-toolbox"},{"line_number":258,"context_line":"  template:"},{"line_number":259,"context_line":"    src: \"{{ item }}\""},{"line_number":260,"context_line":"    dest: \"{{ node_config_directory }}/kolla-toolbox/advanced.config\""}],"source_content_type":"text/x-yaml","patch_set":21,"id":"d27b4301_1dde32e5","line":257,"range":{"start_line":257,"start_character":0,"end_line":257,"end_character":2},"updated":"2024-09-04 16:14:03.000000000","message":"nit: missing empty line\n```suggestion\n\n- name: Copy Advanced rabbitmq config for kolla-toolbox\n```","commit_id":"b4a7119478c9a256e92f7d987ab9d1c761ada9c3"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"5aafb304911074bae4c0f28293c1f5a40c2ce52d","unresolved":false,"context_lines":[{"line_number":254,"context_line":"  when:"},{"line_number":255,"context_line":"    - item.key !\u003d \"kolla-toolbox\""},{"line_number":256,"context_line":"  with_dict: \"{{ common_services | select_services_enabled_and_mapped_to_host }}\""},{"line_number":257,"context_line":"- name: Copy Advanced rabbitmq config for kolla-toolbox"},{"line_number":258,"context_line":"  template:"},{"line_number":259,"context_line":"    src: \"{{ item }}\""},{"line_number":260,"context_line":"    dest: \"{{ node_config_directory }}/kolla-toolbox/advanced.config\""}],"source_content_type":"text/x-yaml","patch_set":21,"id":"bd9534b8_6dc43f10","line":257,"range":{"start_line":257,"start_character":0,"end_line":257,"end_character":2},"in_reply_to":"d27b4301_1dde32e5","updated":"2024-09-05 13:54:39.000000000","message":"Done","commit_id":"b4a7119478c9a256e92f7d987ab9d1c761ada9c3"}],"ansible/roles/common/templates/kolla-toolbox.json.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"517529cbb73382ca02b5c309cfcdced0d41f69de","unresolved":true,"context_lines":[{"line_number":27,"context_line":"            \"perm\": \"0644\""},{"line_number":28,"context_line":"        },"},{"line_number":29,"context_line":"        {"},{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/rabbitmq-internode-cert.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/rabbitmq/certs/rabbitmq-internode-cert.pem\","},{"line_number":32,"context_line":"            \"owner\": \"rabbitmq\","},{"line_number":33,"context_line":"            \"perm\": \"0644\""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"a65e7a87_fe9c0592","line":30,"updated":"2024-06-06 10:21:57.000000000","message":"why do we need those certs in kolla_toolbox?","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"eca681956495c8d423521e4a879a84993deced6b","unresolved":false,"context_lines":[{"line_number":27,"context_line":"            \"perm\": \"0644\""},{"line_number":28,"context_line":"        },"},{"line_number":29,"context_line":"        {"},{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/rabbitmq-internode-cert.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/rabbitmq/certs/rabbitmq-internode-cert.pem\","},{"line_number":32,"context_line":"            \"owner\": \"rabbitmq\","},{"line_number":33,"context_line":"            \"perm\": \"0644\""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"7540afcf_b054bd26","line":30,"in_reply_to":"0ae7ade2_206fff3b","updated":"2024-06-07 15:09:11.000000000","message":"Acknowledged","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"c977d9e699a50354ecc69bd8ae25b54beddf51a1","unresolved":true,"context_lines":[{"line_number":27,"context_line":"            \"perm\": \"0644\""},{"line_number":28,"context_line":"        },"},{"line_number":29,"context_line":"        {"},{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/rabbitmq-internode-cert.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/rabbitmq/certs/rabbitmq-internode-cert.pem\","},{"line_number":32,"context_line":"            \"owner\": \"rabbitmq\","},{"line_number":33,"context_line":"            \"perm\": \"0644\""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"6944f8b4_0ed66c86","line":30,"in_reply_to":"4e2e90f5_3921b45c","updated":"2024-06-07 13:04:07.000000000","message":"I don\u0027t think we should disable peer verification as that sort of defeats the purpose of using TLS in the first place.\n\nTo spell it out: You encrypt traffic because you think there might be an adversary spying on your traffic. Thus you need to authenticate the endpoint you are talking to, making sure it\u0027s not the adversary. Usually this is done by verifying certificates against a known list of \"good\" certs/CAs.\n\nIf we blindly accept any certificate, which is the case if you disable certificate validation,  the adversary can just present their own - invalid - cert and we accept it, thus defeating the purpose why we used TLS in the first place.","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"e49b8f103c0f8c983f0707a6a50dadd68f8f712d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"            \"perm\": \"0644\""},{"line_number":28,"context_line":"        },"},{"line_number":29,"context_line":"        {"},{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/rabbitmq-internode-cert.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/rabbitmq/certs/rabbitmq-internode-cert.pem\","},{"line_number":32,"context_line":"            \"owner\": \"rabbitmq\","},{"line_number":33,"context_line":"            \"perm\": \"0644\""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"0ae7ade2_206fff3b","line":30,"in_reply_to":"6944f8b4_0ed66c86","updated":"2024-06-07 13:29:14.000000000","message":"So that means that these certs are needed in kolla_toolbox as well and we may resolve this comment.","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"6be2dc73b7389f3bfb20e591c0b9d954286c2e0f","unresolved":true,"context_lines":[{"line_number":27,"context_line":"            \"perm\": \"0644\""},{"line_number":28,"context_line":"        },"},{"line_number":29,"context_line":"        {"},{"line_number":30,"context_line":"            \"source\": \"{{ container_config_directory }}/rabbitmq-internode-cert.pem\","},{"line_number":31,"context_line":"            \"dest\": \"/etc/rabbitmq/certs/rabbitmq-internode-cert.pem\","},{"line_number":32,"context_line":"            \"owner\": \"rabbitmq\","},{"line_number":33,"context_line":"            \"perm\": \"0644\""}],"source_content_type":"text/x-jinja2","patch_set":2,"id":"4e2e90f5_3921b45c","line":30,"in_reply_to":"a65e7a87_fe9c0592","updated":"2024-06-06 13:40:49.000000000","message":"Because the certificates are also used by rabbitmqctl and kolla_toolbox uses rabbitmqctl. We may disable peer verification, in that case the certs are not needed.","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"}],"ansible/roles/rabbitmq/defaults/main.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"8394f3d251c64f7cccd1d3e65b41f775ff5318e3","unresolved":true,"context_lines":[{"line_number":37,"context_line":"rabbitmq_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":38,"context_line":"rabbitmq_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":39,"context_line":"rabbitmq_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_rabbitmq\"]"},{"line_number":40,"context_line":"rabbitmq_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":41,"context_line":"rabbitmq_healthcheck:"},{"line_number":42,"context_line":"  interval: \"{{ rabbitmq_healthcheck_interval }}\""},{"line_number":43,"context_line":"  retries: \"{{ rabbitmq_healthcheck_retries }}\""}],"source_content_type":"text/x-yaml","patch_set":7,"id":"9d667966_ad0cb9e1","line":40,"updated":"2024-06-26 13:35:47.000000000","message":"that should go in separate patch","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"7eb085fe52dd512d1d4e21a7704294e24ccadc82","unresolved":false,"context_lines":[{"line_number":37,"context_line":"rabbitmq_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":38,"context_line":"rabbitmq_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":39,"context_line":"rabbitmq_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_rabbitmq\"]"},{"line_number":40,"context_line":"rabbitmq_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":41,"context_line":"rabbitmq_healthcheck:"},{"line_number":42,"context_line":"  interval: \"{{ rabbitmq_healthcheck_interval }}\""},{"line_number":43,"context_line":"  retries: \"{{ rabbitmq_healthcheck_retries }}\""}],"source_content_type":"text/x-yaml","patch_set":7,"id":"0677b7a7_155c4877","line":40,"in_reply_to":"122aaa26_e5ce4c55","updated":"2024-06-26 13:53:50.000000000","message":"Acknowledged","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"3a45b8ddd205b1d26e9e2e251a9f9c74e5086b00","unresolved":true,"context_lines":[{"line_number":37,"context_line":"rabbitmq_healthcheck_retries: \"{{ default_container_healthcheck_retries }}\""},{"line_number":38,"context_line":"rabbitmq_healthcheck_start_period: \"{{ default_container_healthcheck_start_period }}\""},{"line_number":39,"context_line":"rabbitmq_healthcheck_test: [\"CMD-SHELL\", \"healthcheck_rabbitmq\"]"},{"line_number":40,"context_line":"rabbitmq_healthcheck_timeout: \"{{ default_container_healthcheck_timeout }}\""},{"line_number":41,"context_line":"rabbitmq_healthcheck:"},{"line_number":42,"context_line":"  interval: \"{{ rabbitmq_healthcheck_interval }}\""},{"line_number":43,"context_line":"  retries: \"{{ rabbitmq_healthcheck_retries }}\""}],"source_content_type":"text/x-yaml","patch_set":7,"id":"122aaa26_e5ce4c55","line":40,"in_reply_to":"9d667966_ad0cb9e1","updated":"2024-06-26 13:53:34.000000000","message":"I removed it entirely","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"}],"ansible/roles/rabbitmq/tasks/config.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"517529cbb73382ca02b5c309cfcdced0d41f69de","unresolved":true,"context_lines":[{"line_number":133,"context_line":"  notify:"},{"line_number":134,"context_line":"    - Restart rabbitmq container"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"- include_tasks: copy-certs.yml"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"b980e4da_b4a29b39","line":136,"updated":"2024-06-06 10:21:57.000000000","message":"I think we still need some when statement","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"bb0d4c5b5f7ee6c62e1d9c7905ca9e240e828691","unresolved":false,"context_lines":[{"line_number":133,"context_line":"  notify:"},{"line_number":134,"context_line":"    - Restart rabbitmq container"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"- include_tasks: copy-certs.yml"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1ee01eef_598fcc4b","line":136,"in_reply_to":"a5350706_1d551491","updated":"2024-06-07 15:09:27.000000000","message":"Done","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"6be2dc73b7389f3bfb20e591c0b9d954286c2e0f","unresolved":true,"context_lines":[{"line_number":133,"context_line":"  notify:"},{"line_number":134,"context_line":"    - Restart rabbitmq container"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"- include_tasks: copy-certs.yml"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"a5350706_1d551491","line":136,"in_reply_to":"b980e4da_b4a29b39","updated":"2024-06-06 13:40:49.000000000","message":"There is no condition for `rabbitmq_enable_internode_tls` in copy-certs, I will fix it now.","commit_id":"67c8387885c5c16f73bd1e370b689900eb417b5b"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"8394f3d251c64f7cccd1d3e65b41f775ff5318e3","unresolved":true,"context_lines":[{"line_number":25,"context_line":"  notify:"},{"line_number":26,"context_line":"    - Restart rabbitmq container"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"- name: Retreive ERL SSL path from Kolla toolbox"},{"line_number":29,"context_line":"  become: true"},{"line_number":30,"context_line":"  command: \"{{ kolla_container_engine }} exec kolla_toolbox erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop\""},{"line_number":31,"context_line":"  register: erl_ssl_command_result"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"b14e23cb_0e040d26","line":28,"updated":"2024-06-26 13:35:47.000000000","message":"nit: Retrieve","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"3a45b8ddd205b1d26e9e2e251a9f9c74e5086b00","unresolved":false,"context_lines":[{"line_number":25,"context_line":"  notify:"},{"line_number":26,"context_line":"    - Restart rabbitmq container"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"- name: Retreive ERL SSL path from Kolla toolbox"},{"line_number":29,"context_line":"  become: true"},{"line_number":30,"context_line":"  command: \"{{ kolla_container_engine }} exec kolla_toolbox erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop\""},{"line_number":31,"context_line":"  register: erl_ssl_command_result"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"ee8cd1f9_0ea698f0","line":28,"in_reply_to":"b14e23cb_0e040d26","updated":"2024-06-26 13:53:34.000000000","message":"Done","commit_id":"7eeca3cb5382919ba8fb445ae50e7fbebb8a4f7e"}],"ansible/roles/rabbitmq/templates/rabbitmq-env.conf.j2":[{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"bca9f8f13b2553d9e187b8c77cac867e507c2f11","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"56b11f74_f98925e8","line":1,"updated":"2024-06-18 12:04:24.000000000","message":"This line causes problems with healthcheck and generally slowing things down, because it\u0027s executed every time RabbitMQ CLI is run. \n\nIt also creates a chicken and egg problem, because you need `ERL_SSL_PATH` to configure the container but you need the container running to get  `ERL_SSL_PATH`. We found 3 possible solutions:\n\n1. Using an if statement in bash to run the erl command only if `ERL_SSL_PATH` is undefined\n2. Run the erl commant using a modified docker entrypoint. I don\u0027t know if it\u0027s possible to modify entrypoint using kolla-ansible\n3. Define the variable in Dockerfile, as it does not change unless the container is rebuild. Me and @kieske@osism.tech think this is the best solution, but we decided to move the discussion here.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"ea2b7ed60e8803e2bd165ff126642d001cb15ec1","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"7514183d_f4484d5f","line":1,"in_reply_to":"0c9ffc32_a5b5163e","updated":"2024-06-19 14:10:13.000000000","message":"AFAIK its needed in internode TLS only.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"d9bb9d4408d5c9d5a79168cc2868e8ff96d5cef9","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"c3c30f32_2f23de46","line":1,"in_reply_to":"0dfaff82_7f222d52","updated":"2024-06-28 09:39:38.000000000","message":"I already solved it by changing it from using kolla-toolbox to just draining it with docker exec [here](https://review.opendev.org/c/openstack/kolla-ansible/+/921381/9/ansible/roles/rabbitmq/tasks/restart_services.yml#11). However there\u0027s still this error in Zuul. I can\u0027t reproduce the error in my test environment, making this a bit tricky to resolve","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"3f7b34f53481b1ec533299eef657e78c1dd55378","unresolved":false,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9eacc9c5_c84b4a12","line":1,"in_reply_to":"25b6f6a5_c9c6a6f9","updated":"2024-07-09 11:18:32.000000000","message":"I see the Zuul is working now, i also tested `kolla-ansible upgrade` with \nnon TLS -\u003e TLS and TLS-\u003enon TLS, it runs fine.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"9f24c2c1bb4cb8fa3517236af2f6dad684bb5228","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"709b54e8_c9378c39","line":1,"in_reply_to":"56b11f74_f98925e8","updated":"2024-06-19 07:40:53.000000000","message":"to add some context, this is documented upstream here:\nhttps://www.rabbitmq.com/docs/clustering-ssl#strategy-one-flags\n\nsome of the examples there even hardcode this value as:\n`ERL_SSL_PATH\u003d\"/usr/lib64/erlang/lib/ssl-9.4/ebin\"`\n\nwhich currently would be my favorite solution, to put this env var directly into the dockerfile.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"0819efa7f743a06e344bf9e535b1200a8646c4f1","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"92202261_0804a5f6","line":1,"in_reply_to":"709b54e8_c9378c39","updated":"2024-06-19 09:43:48.000000000","message":"You can of course hardcode it in `rabbitmq-env.conf.j2` template like this `ERL_SSL_PATH\u003d\"/usr/lib64/erlang/lib/ssl-9.4/ebin\"` however the problem is with `9.4` the version number may differ. I think putting \n`ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\"` into Dockerfile so the version/path is retrieved upon image build is the best solution.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"59d79b68d56d617a4bc37d8ac0f5d9c71b498519","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"91b7c180_6bee9289","line":1,"in_reply_to":"7514183d_f4484d5f","updated":"2024-06-20 11:31:58.000000000","message":"Kolla-toolbox needs this path as well, because it uses `rabbitmqctl`, however we may find some workaround for this.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"911242e6b025f1943038e8c29393d54b28064ad2","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9866d2f7_7c24678c","line":1,"in_reply_to":"91b7c180_6bee9289","updated":"2024-06-21 12:50:32.000000000","message":"I found a way to do it, I think is the simplest. The container is healthy on my setup with default timeout.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"f3e412940fcfd4f7fb873a676a0b8e64bb3f8daa","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"0c9ffc32_a5b5163e","line":1,"in_reply_to":"92202261_0804a5f6","updated":"2024-06-19 13:36:01.000000000","message":"decision from the kolla meeting:\n\nwe should add this, if it\u0027s needed, to rabbitmq-env.conf in kolla-ansible, this should be templated out, via a sidecar container (possibly using kolla-toolbox?) which starts with rmq to do the templating once.\n\nnote to myself/volunteers: TODO: does this setting affect other rmq TLS stuff, like external TLS?\n\nIf yes, why didn\u0027t we need to set it previously? If no, do we really need to set it, what is the default behaviour?\n\nIf this is needed also for other TLS connections, not just internode tls, it should be added in a separate patchset.\n\nIf this is only needed for internode TLS it is fine to add it with this same patchset.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"9aefeadd996a92ad3c0103e1e577d37f9b80deb1","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"c139599f_9893967f","line":1,"in_reply_to":"9866d2f7_7c24678c","updated":"2024-06-24 12:44:00.000000000","message":"I investigated why the upgrade pipelines are failing today. I didn\u0027t manage to reproduce upgrade failure on my system, however I discovered that turning internode TLS on or off and then upgrade/deploy creates a problem. The problem are\nthese lines:\n```yaml\n- name: Put RabbitMQ node into maintenance mode\n  kolla_toolbox:\n    container_engine: \"{{ kolla_container_engine }}\"\n    module_name: \"community.rabbitmq.rabbitmq_upgrade\"\n    module_args:\n      action: \"drain\"\n    user: root\n  become: true\n  when: container_info._containers | length \u003e 0\n```\nKolla toolbox container has already updated TLS, but rabbitmq container doesn\u0027t, and that\u0027s why this step fails.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"c9ecefc97a6fa3bc06f6d7670a530aa3d2a6df72","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"0dfaff82_7f222d52","line":1,"in_reply_to":"c139599f_9893967f","updated":"2024-06-27 15:03:17.000000000","message":"nice finding! Do you have an idea already on how to fix this? If you need assistance with this, feel free to ping me - though I also need to think about how to do this.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"a4979faba32448cf0d2e3d55ea8be4fd9ff307e9","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"f668fcc2_b6558c85","line":1,"in_reply_to":"c3c30f32_2f23de46","updated":"2024-06-28 10:57:04.000000000","message":"I tried one more thing and that\u0027s to reconfigure kolla-toolbox together with rabbitmq by adding common tag to the upgrade script. I\u0027m just guessing at this point because I haven\u0027t reproduced the error that Zuul has. My test env gets over that step just fine and it  fails on Enable feature flags","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"},{"author":{"_account_id":36624,"name":"Matúš Jenča","email":"matus.jenca@dnation.cloud","username":"matusjenca"},"change_message_id":"69d351ded16bffda2290a404187f596c6bb44b89","unresolved":true,"context_lines":[{"line_number":1,"context_line":"export ERL_SSL_PATH\u003d\"$(erl -noinput -eval \u0027io:format([filename:dirname(code:which(inet_tls_dist))])\u0027 -s init stop)\""},{"line_number":2,"context_line":"RABBITMQ_NODENAME\u003drabbit@{{ ansible_facts.hostname }}"},{"line_number":3,"context_line":"RABBITMQ_LOG_BASE\u003d/var/log/kolla/{{ project_name }}"},{"line_number":4,"context_line":"RABBITMQ_DIST_PORT\u003d{{ role_rabbitmq_cluster_port }}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"25b6f6a5_c9c6a6f9","line":1,"in_reply_to":"f668fcc2_b6558c85","updated":"2024-07-04 12:51:44.000000000","message":"I solved the Zuul problem. It was because upgrade does not run certificates role, so the certificates from https://review.opendev.org/c/openstack/kolla-ansible/+/921380 were not added.","commit_id":"e860546a15cf8224a6f98b50f52cd1266d6ebec7"}],"tests/upgrade.sh":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d4496f9d86cd4cac32a6a1c2017b3ae37e197e1d","unresolved":true,"context_lines":[{"line_number":38,"context_line":"    kolla-ansible -i /etc/kolla/inventory -vvv certificates"},{"line_number":39,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv stop --tags $SERVICE_TAGS --yes-i-really-really-mean-it \u0026\u003e /tmp/logs/ansible/stop"},{"line_number":40,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv genconfig \u0026\u003e /tmp/logs/ansible/genconfig"},{"line_number":41,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv reconfigure --tags common, rabbitmq \u0026\u003e /tmp/logs/ansible/reconfigure-rabbitmq"},{"line_number":42,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv rabbitmq-reset-state \u0026\u003e /tmp/logs/ansible/rabbitmq-reset-state"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv pull \u0026\u003e /tmp/logs/ansible/pull-upgrade"}],"source_content_type":"text/x-sh","patch_set":14,"id":"b616bd95_3139b317","line":41,"range":{"start_line":41,"start_character":62,"end_line":41,"end_character":68},"updated":"2024-08-06 16:57:02.000000000","message":"note to self: currently not sure if this has some other unwanted side effects, need to investigate.","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"40b9c0ac941640169943ac5d036327294b1bcc6a","unresolved":false,"context_lines":[{"line_number":38,"context_line":"    kolla-ansible -i /etc/kolla/inventory -vvv certificates"},{"line_number":39,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv stop --tags $SERVICE_TAGS --yes-i-really-really-mean-it \u0026\u003e /tmp/logs/ansible/stop"},{"line_number":40,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv genconfig \u0026\u003e /tmp/logs/ansible/genconfig"},{"line_number":41,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv reconfigure --tags common, rabbitmq \u0026\u003e /tmp/logs/ansible/reconfigure-rabbitmq"},{"line_number":42,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv rabbitmq-reset-state \u0026\u003e /tmp/logs/ansible/rabbitmq-reset-state"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"    kolla-ansible -i ${RAW_INVENTORY} -vvv pull \u0026\u003e /tmp/logs/ansible/pull-upgrade"}],"source_content_type":"text/x-sh","patch_set":14,"id":"537510e5_4d370eef","line":41,"range":{"start_line":41,"start_character":62,"end_line":41,"end_character":68},"in_reply_to":"b616bd95_3139b317","updated":"2024-09-04 16:14:38.000000000","message":"Done","commit_id":"fca24a756af589481e6789277f42ee43fd10eb5b"}]}
