)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"308bf671c6dc62c6da42cebb305b3086207c08c8","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3663059e_f826e6db","updated":"2024-11-20 14:14:41.000000000","message":"code itself LGTM but it would imho be required to add some docs. at a minimum add some docs to the release notes, but imho there should be something documented, maybe in the TLS guide on how to use this and what are good and maybe not so good values.","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"a578eaf209a4feaf94254c72e5f2c70da96775eb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6574f12d_0edb1a85","in_reply_to":"3663059e_f826e6db","updated":"2024-11-20 21:26:51.000000000","message":"sure. added minimum docs.","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5b974e825cd53d016f0fbc46395c5cecae1e0e93","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"bd5cc381_09383d1e","updated":"2024-11-25 09:03:14.000000000","message":"LGTM! not sure about backporting though. It\u0027s correct this doesn\u0027t change the defaults, but strictly speaking, it\u0027s a new feature.","commit_id":"8cf91b060118a7687a9bea96b8b1ccea37632fdf"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"8698f082775381b3d706f4483158b587a1eb96fe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"731160cf_f2e811ea","updated":"2024-11-20 21:28:27.000000000","message":"there is the bugreport and its safe to backport this since the defaults not changed.","commit_id":"8cf91b060118a7687a9bea96b8b1ccea37632fdf"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"ff007efb112ef1de7ba27a35e8af98b69a725615","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"453f404c_df517d21","updated":"2024-11-25 10:41:18.000000000","message":"I have a feeling this will encourage people to use this for production...","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"fc2c55744f7bf15c74f6ba3108a1a2f97348d4b3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"b92ce0c9_57582b66","updated":"2024-11-25 10:39:35.000000000","message":"It is a simple change with no visible chance of regression. Any one fine with backport?","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"daaaad35dbcd4ebe394ba18bb51d2a2bf8ee9678","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"4deab71e_6b21a890","updated":"2024-11-25 10:51:05.000000000","message":"btw: bugreport is open, later we will rewrite this to be even more stable and configurable","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"58cf195bc589a1de372a106bb38942d4d70906ea","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"616b940d_f1049a9a","updated":"2024-11-25 10:49:53.000000000","message":"this is a plan","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"d758449e3aa46fbe1c459ddd1aea2ee13cf83a2e","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"7d47d5da_d630abea","in_reply_to":"14240274_ba47d9d0","updated":"2024-11-26 09:38:53.000000000","message":"They should, but they should generate own certificates against trusted CA in their company. Not generate random testing root CA.\n\nPeople in company have global root ca already imported in their browsers by it department.\n\nOr they are using public trusted CA.\n\nTLDR - not use kolla-ansible certificates ..but provide their properly generated certs and CAs ..not Kolla random testing SSL stuff.","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"36b21d0f73311eee03020197f67f914e3561401b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"afee54d5_413b249e","in_reply_to":"3b7ae8ad_a1351788","updated":"2024-11-25 12:56:56.000000000","message":"It\u0027s already in quick-start https://github.com/openstack/kolla-ansible/blob/1cec85d680f2528a817e827c0f0a8c89cd276bdf/doc/source/admin/tls.rst?plain\u003d1#L36-L44","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"d02021531e8047061d84175d8dd00759f962523f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"3b7ae8ad_a1351788","in_reply_to":"453f404c_df517d21","updated":"2024-11-25 12:54:31.000000000","message":"okay, I think I see where you\u0027re coming from and I think I agree:\nWe should probably put in some wording that you should not use kolla generated certificates for production usage, something like that?","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"dee2b50ade159d83b11b371235ea9091b4832ad7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"de43f54f_904b740c","in_reply_to":"afee54d5_413b249e","updated":"2024-11-25 15:54:43.000000000","message":"Just saying that allowing easily to configure some aspects of certificates is going to make people use that for production ;-)","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"bafcc4432759a07a800de028ec9015fb97b1366f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"14240274_ba47d9d0","in_reply_to":"de43f54f_904b740c","updated":"2024-11-25 20:31:00.000000000","message":"is this bad practice? shouldn\u0027t all users use https?","commit_id":"9dda653191e32f34ea1feaf21d06b2b1aef957b7"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"d39fe6127113c911d877b7a66e45df7704429025","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"8952a6fa_59870df9","updated":"2024-12-10 11:41:27.000000000","message":"Agreed on the meeting to rather make the role harder to use, instead of making it easy to use on production environments - see https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-11-27-14.00.log.html#l-243","commit_id":"545d63bd41af242f7ea59d7a5f57262e582b1ba1"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"c11569e712959eab21836545072d1a99b08d580f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"e108cdc3_9d87f7d2","updated":"2024-11-26 12:15:17.000000000","message":"you right. but anyway where is review?","commit_id":"545d63bd41af242f7ea59d7a5f57262e582b1ba1"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"6899b15155951e80336d00e182feeb0680c70598","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"5882861c_20867b61","in_reply_to":"8952a6fa_59870df9","updated":"2024-12-10 13:04:33.000000000","message":"Done","commit_id":"545d63bd41af242f7ea59d7a5f57262e582b1ba1"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"fb273ca842675824c6db4885deb9484ccab56f6e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"73bfdc02_c81aa59a","updated":"2024-12-10 15:33:39.000000000","message":"That still makes it configurable, which is not what we want to do - people should be using proper CA - unless it\u0027s a short lived dev env.","commit_id":"6a8ac0023ac1647f384d545432b95d72bf5cb134"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"ce3f68da088183a2da7013b56cabc1ef97d5bf1a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"24e7df69_1323baf5","updated":"2024-12-10 20:10:47.000000000","message":"facepalm","commit_id":"6a8ac0023ac1647f384d545432b95d72bf5cb134"}],"ansible/roles/certificates/defaults/main.yml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"308bf671c6dc62c6da42cebb305b3086207c08c8","unresolved":true,"context_lines":[{"line_number":20,"context_line":"req_certificate_organizational_unit: \"kolla\""},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"# Number of days to make a certificates valid for."},{"line_number":23,"context_line":"root_certificate_days: 1095     # 3 years"},{"line_number":24,"context_line":"external_certificate_days: 365  # 1 year"},{"line_number":25,"context_line":"internal_certificate_days: 365  # 1 year"},{"line_number":26,"context_line":"backend_certificate_days: 365   # 1 year"},{"line_number":27,"context_line":"libvirt_certificate_days: 365   # 1 year"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"d15977a5_62bef8bf","line":27,"range":{"start_line":23,"start_character":0,"end_line":27,"end_character":40},"updated":"2024-11-20 14:14:41.000000000","message":"these comments are all wrong, as a year doesn\u0027t necessarily have 365 days (leap days exists).\nSo, please be careful with your assumptions about dates, times and timeranges.\n\nYou might want to read e.g. https://gist.github.com/timvisee/fcda9bbdff88d45cc9061606b4b923ca (Falsehoods programmers believe about time)\nwhich is both entertaining and educational. :)","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"a578eaf209a4feaf94254c72e5f2c70da96775eb","unresolved":false,"context_lines":[{"line_number":20,"context_line":"req_certificate_organizational_unit: \"kolla\""},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"# Number of days to make a certificates valid for."},{"line_number":23,"context_line":"root_certificate_days: 1095     # 3 years"},{"line_number":24,"context_line":"external_certificate_days: 365  # 1 year"},{"line_number":25,"context_line":"internal_certificate_days: 365  # 1 year"},{"line_number":26,"context_line":"backend_certificate_days: 365   # 1 year"},{"line_number":27,"context_line":"libvirt_certificate_days: 365   # 1 year"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"cbfecc99_518d4a39","line":27,"range":{"start_line":23,"start_character":0,"end_line":27,"end_character":40},"in_reply_to":"d15977a5_62bef8bf","updated":"2024-11-20 21:26:51.000000000","message":"comments removed. thanks for interesting reading.","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"}],"doc/source/admin/tls.rst":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"5b974e825cd53d016f0fbc46395c5cecae1e0e93","unresolved":true,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"  kolla-ansible -i ~/multinode certificates"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"All the test certificates generated with this defaults which can be changed"},{"line_number":78,"context_line":"in ``globals.yml``:"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":4,"id":"2ba0f778_da90d811","line":77,"range":{"start_line":77,"start_character":0,"end_line":77,"end_character":2},"updated":"2024-11-25 09:03:14.000000000","message":"nit:\n```suggestion\nAll the test certificates are generated with these defaults, which can be changed\n```","commit_id":"8cf91b060118a7687a9bea96b8b1ccea37632fdf"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"a0e24cbff66c77281b90b2e0bdc5382679897167","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"  kolla-ansible -i ~/multinode certificates"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"All the test certificates generated with this defaults which can be changed"},{"line_number":78,"context_line":"in ``globals.yml``:"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":4,"id":"138d28af_f657c4fe","line":77,"range":{"start_line":77,"start_character":0,"end_line":77,"end_character":2},"in_reply_to":"2ba0f778_da90d811","updated":"2024-11-25 09:44:47.000000000","message":"Fix applied.","commit_id":"8cf91b060118a7687a9bea96b8b1ccea37632fdf"}],"releasenotes/notes/make-certificates-configurable-c56d00362c863aa9.yaml":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"308bf671c6dc62c6da42cebb305b3086207c08c8","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Now the role \u0027certificates\u0027 a bit more configurable. You can change the"},{"line_number":5,"context_line":"    certificates defaults via globals.yml."},{"line_number":6,"context_line":"    `LP#2087707 \u003chttps://bugs.launchpad.net/kolla-ansible/+bug/2087707\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"d8dee6a3_7af95d78","line":6,"range":{"start_line":2,"start_character":0,"end_line":6,"end_character":74},"updated":"2024-11-20 14:14:41.000000000","message":"imho this either needs an `upgrades` section (not sure, depends on how our code handles this during upgrades) or at least should mention which variables could be set, as these are nowhere else documented.","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"a578eaf209a4feaf94254c72e5f2c70da96775eb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Now the role \u0027certificates\u0027 a bit more configurable. You can change the"},{"line_number":5,"context_line":"    certificates defaults via globals.yml."},{"line_number":6,"context_line":"    `LP#2087707 \u003chttps://bugs.launchpad.net/kolla-ansible/+bug/2087707\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"b6bd99ee_9e8b3679","line":6,"range":{"start_line":2,"start_character":0,"end_line":6,"end_character":74},"in_reply_to":"d8dee6a3_7af95d78","updated":"2024-11-20 21:26:51.000000000","message":"no needs for an upgrade section since default values retain as is","commit_id":"79e6d26e7f89573b43b7311cf1386d67f527a918"}]}
