)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"d750ae141d257956342f10b2cd645900613f8070","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"04213ced_b847f6f2","updated":"2025-04-07 20:35:28.000000000","message":"Since this is some kind of a feature, there is a lack of documentation somewhere in the doc/source/reference/compute, for example.","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"8a3893bc43769080e4f9025e98fb09ad56dd3cad","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"c8c1fa88_d5650594","in_reply_to":"04213ced_b847f6f2","updated":"2025-04-08 07:32:48.000000000","message":"Done in Patchset 4.","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"32ac08d52f41646aeee06fe017e60935861ddb20","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"b257f5f4_0b3811a8","updated":"2025-04-08 07:11:04.000000000","message":"I have also renamed vtpm to swtpm in `enable_` flag, `swtpm_user` and `swtpm_groupz relation with `enable_swtpm` flag is now clear.","commit_id":"0c6cd909a0a31eedc02cb6439712937976f4354d"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"9e1568ea6050ad5ab3ba980cabaa8156d8d7cdc6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"c6daf3c1_4bffb327","updated":"2025-04-08 19:32:12.000000000","message":"As a new related feature, of course.","commit_id":"b8a324c6f1a9927af2ac28a54c99d5fc2e0833d7"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"4c500b239fe25c70077a032ea0a1fbf07e031119","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"08fbbc24_fc2812ea","updated":"2025-04-25 06:39:12.000000000","message":"recheck","commit_id":"b8a324c6f1a9927af2ac28a54c99d5fc2e0833d7"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"9903c47907dcc459f416c15b69f6e23d1c509364","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"ec5a8182_8263bb82","updated":"2025-04-08 19:31:11.000000000","message":"thanks for changes. last question: may be reasonable add \u0027ima-evm-utils\u0027 too ?","commit_id":"b8a324c6f1a9927af2ac28a54c99d5fc2e0833d7"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"b7e471928c09ccf7d5c063e7f30e26ba90f07400","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"7f737fea_ac718648","in_reply_to":"c6daf3c1_4bffb327","updated":"2025-04-09 06:53:11.000000000","message":"`ima-evm-utils` is not installed on `nova_libvirt` Kolla container image currently, so adding this feature would require some work there as well. I would like to keep here strictly to vTPM as together with UEFI (implemented directly in nova, without any special configuration needed on Kolla side) are required for f.e. newest Windows 11 systems [1] to work.\n\n[1] https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-–-a-necessity-for-a-secure-and-future-proof-windows-11/4339066","commit_id":"b8a324c6f1a9927af2ac28a54c99d5fc2e0833d7"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"3b57b469065df2a76099f66e66076f8c6d741e67","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"b42da97e_37b0bd50","updated":"2025-04-30 06:21:45.000000000","message":"Hey @maksim.malchuk@gmail.com would you be able to review it?","commit_id":"a45d29f893dcf4fa1218cf38651251e8c235f09e"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"f3dc61fd94095cd14e01afd8cf6189e0926378ff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"719f9b04_ab3c9586","updated":"2025-05-09 21:06:56.000000000","message":"Hey @mnasiadka@gmail.com would you be able to review this change?","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"ccc5aeff0ef85267a360f0988beae6d8631cbeea","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"9532a623_e50eecfe","updated":"2025-07-31 08:35:35.000000000","message":"Hey, could you have a look into that?","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"8aa1dd8013a421a06ebc7c74765aed64aad1c68b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"77d04b26_97606142","updated":"2025-04-30 13:13:57.000000000","message":"thanks","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"5ab3863905c0eb3829829fa4738cffe1c531845d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"34d7e628_8a64b9bd","updated":"2025-11-24 08:53:58.000000000","message":"Hey @mnasiadka@gmail.com finally got some time to respond, changes were introduced according to your feedback, rebase also done.","commit_id":"73a9ac5f02c7d767a4321ae657a3c0f17db101b4"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"57f510171992f7596ffc3ca88f9b6f1d369114e2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"0201a487_53c9d3ac","updated":"2025-11-24 14:14:13.000000000","message":"@mnasiadka@gmail.com should be good now","commit_id":"7dc35d54f5ee09e1b3a1233095b8e3e0ebcf1450"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"a7593aad16c6dfc3d5d3863ae205467cef1928c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"4a8acd1d_f12a8dc1","updated":"2025-11-24 09:30:59.000000000","message":"added","commit_id":"7dc35d54f5ee09e1b3a1233095b8e3e0ebcf1450"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"7203170a9db1f448c7563026299456de59b7e3cb","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"e409de04_95046776","updated":"2025-12-12 09:27:18.000000000","message":"I think it\u0027s missing configuration in nova.conf ?\n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#libvirt.swtpm_enabled\n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#libvirt.swtpm_user\n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#libvirt.swtpm_group","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"b57f2ea0fd0125993e8a3f67d187734314b5f7f1","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"79078e0c_f3de2f3b","updated":"2025-12-12 09:54:55.000000000","message":"default user (that exists in the images) is tss. I think it should be used rather than swtpm (which might break stuff because it doesn\u0027t exist).","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"325405e1d30295733ad7efc173024756929120f3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"2c4a536f_7eaa671b","in_reply_to":"00c5f973_e32bb794","updated":"2025-12-15 11:21:46.000000000","message":"This looks better, thanks !","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"63024d8b44dc292beace989a104a364ed7a06a25","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"a9e0a613_1ce2a981","in_reply_to":"17ca77e3_25763955","updated":"2025-12-12 11:36:58.000000000","message":"The fact remains that this `swtpm` user does not exist in most images built upstream, and people would need to create it themselves.\n\n```\npodman run --entrypoint \"\" -it -u root quay.io/openstack.kolla/nova-libvirt:2025.2-debian-bookworm id swtpm\nid: ‘swtpm’: no such user\n\npodman run --entrypoint \"\" -it -u root quay.io/openstack.kolla/nova-libvirt:2025.2-ubuntu-noble id swtpm\nuid\u003d103(swtpm) gid\u003d105(swtpm) groups\u003d105(swtpm)\n\npodman run --entrypoint \"\" -it -u root quay.io/openstack.kolla/nova-libvirt:2025.1-rocky-10 id swtpm\nid: ‘swtpm’: no such user\n```\n\nThe user created when installing the swtpm and swtpm-tools packages is `tss` on Debian and Rocky, so the username/group should at least be os-dependent","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"5a87717883f2f033572510a1fa6b03d106095756","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"346500ba_5a018ce1","in_reply_to":"5c257f56_cdeac18f","updated":"2025-12-12 09:28:42.000000000","message":"nevermind, I can\u0027t read","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"9c82d77e80e5f8c7d5cb9634fb4d84447a63fe30","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"00c5f973_e32bb794","in_reply_to":"6f7a7ae6_42ce2668","updated":"2025-12-15 09:31:06.000000000","message":"@bertrand.lanson@infomaniak.com should be good now, please check","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"4572e295f5f1459c8577e78a44e7017a89589061","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"945a6138_71187db5","in_reply_to":"79078e0c_f3de2f3b","updated":"2025-12-12 10:41:02.000000000","message":"Actually no, kolla containers are installing `swtpm` as package from repository and not building from scratch. According to release notes for 0.6.1-0ubuntu3 [1] user `tss` shouldn\u0027t be used for `swtpm`. Also there are multiple reports of errors produced by incorrect permissions of user `tss` (f.e. [2]). On top of that there\u0027s \ndescription on how it\u0027s configured in Charm [3] (BTW they support this since Yoga!), and my own testing proofing that `tss` user could be used, but additional permissions changes are required inside the container, and the `swtpm` user has all what\u0027s needed and just works out of the box.\n\n[1] https://launchpad.net/ubuntu/jammy/+source/swtpm/+changelog\n[2] https://github.com/stefanberger/swtpm/issues/572\n[3] https://specs.openstack.org/openstack/charm-specs/specs/yoga/implemented/vtpm-support.html#configuration-files","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"72b7742864dc2a81f6a1227e90b526f9fbff1a9d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"17ca77e3_25763955","in_reply_to":"945a6138_71187db5","updated":"2025-12-12 10:46:18.000000000","message":"Here\u0027s also the change itself: https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/411755","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"e75db04323c614e68ba7a05efb9e0bdc1a41208f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"6f7a7ae6_42ce2668","in_reply_to":"a9e0a613_1ce2a981","updated":"2025-12-12 11:53:48.000000000","message":"okey, that might be vaild case, I\u0027ll set configuring users as variable based on used system","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"cb28c8eeef62be91f956ee848fa98768ab324a2c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"5c257f56_cdeac18f","in_reply_to":"e409de04_95046776","updated":"2025-12-12 09:28:07.000000000","message":"Done","commit_id":"5b45312cf3d75a074593afc6c5b300accb958504"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"22d603ca9f4beb4d0c30f05caa5a3cbfce40bc49","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"ee254156_287ee01a","updated":"2025-12-18 10:09:32.000000000","message":"@bartosz@stackhpc.com could you have a look?","commit_id":"3d0fbfe65c687060529b92e7abf351277dcd99b2"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"d750ae141d257956342f10b2cd645900613f8070","unresolved":true,"context_lines":[{"line_number":1219,"context_line":"nova_safety_upgrade: \"no\""},{"line_number":1220,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":""},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"af7b87d8_b297fec6","line":1222,"updated":"2025-04-07 20:35:28.000000000","message":"nit: replace an empty line with comment","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"32ac08d52f41646aeee06fe017e60935861ddb20","unresolved":false,"context_lines":[{"line_number":1219,"context_line":"nova_safety_upgrade: \"no\""},{"line_number":1220,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":""},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"11fdde04_9f45484a","line":1222,"in_reply_to":"af7b87d8_b297fec6","updated":"2025-04-08 07:11:04.000000000","message":"Done","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"d750ae141d257956342f10b2cd645900613f8070","unresolved":true,"context_lines":[{"line_number":1222,"context_line":""},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":"#######################"},{"line_number":1226,"context_line":"# Nova Database"},{"line_number":1227,"context_line":"#######################"},{"line_number":1228,"context_line":"nova_database_shard_id: \"{{ mariadb_default_database_shard_id | int }}\""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e0fd6cd7_e9aa5444","line":1225,"updated":"2025-04-07 20:35:28.000000000","message":"nit: lack of the empty line","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"32ac08d52f41646aeee06fe017e60935861ddb20","unresolved":false,"context_lines":[{"line_number":1222,"context_line":""},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":"#######################"},{"line_number":1226,"context_line":"# Nova Database"},{"line_number":1227,"context_line":"#######################"},{"line_number":1228,"context_line":"nova_database_shard_id: \"{{ mariadb_default_database_shard_id | int }}\""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"a1238cb9_4b84f8fc","line":1225,"in_reply_to":"e0fd6cd7_e9aa5444","updated":"2025-04-08 07:11:04.000000000","message":"Done","commit_id":"7f76265e816913ccde20598702f977b93c0b37a0"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"f46171f5c43d206be5a44c77a3dc6f5a19938d53","unresolved":true,"context_lines":[{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":"# User and group to be used for swtpm process, activated by enable_swtpm"},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":""},{"line_number":1226,"context_line":"#######################"},{"line_number":1227,"context_line":"# Nova Database"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"0ed03832_dce9afdf","line":1224,"range":{"start_line":1224,"start_character":14,"end_line":1224,"end_character":18},"updated":"2025-04-30 11:14:56.000000000","message":"are you sure ? JFYI we\u0027re running qemu/libvirt in kolla container","commit_id":"a45d29f893dcf4fa1218cf38651251e8c235f09e"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"28b90cb13c564e02d6dd84660a41fcc015e9c6bf","unresolved":true,"context_lines":[{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":"# User and group to be used for swtpm process, activated by enable_swtpm"},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":""},{"line_number":1226,"context_line":"#######################"},{"line_number":1227,"context_line":"# Nova Database"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"6cec70c6_5e4fd8f2","line":1224,"range":{"start_line":1224,"start_character":14,"end_line":1224,"end_character":18},"in_reply_to":"0ed03832_dce9afdf","updated":"2025-04-30 12:00:25.000000000","message":"I have followed here the ownership of `/var/lib/swtpm-localca` created with `swtpm` installation, but with user and group set to `swtpm` it seems to be also working fine.","commit_id":"a45d29f893dcf4fa1218cf38651251e8c235f09e"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"bffdd27cf830722dd4af98bd023737b6b62da901","unresolved":false,"context_lines":[{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":"# User and group to be used for swtpm process, activated by enable_swtpm"},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"root\""},{"line_number":1225,"context_line":""},{"line_number":1226,"context_line":"#######################"},{"line_number":1227,"context_line":"# Nova Database"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"37e0af67_a0399398","line":1224,"range":{"start_line":1224,"start_character":14,"end_line":1224,"end_character":18},"in_reply_to":"6cec70c6_5e4fd8f2","updated":"2025-04-30 12:02:10.000000000","message":"Done","commit_id":"a45d29f893dcf4fa1218cf38651251e8c235f09e"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"fd256eef3a82c0abe8cd6dca4846f27e5794b8bf","unresolved":true,"context_lines":[{"line_number":941,"context_line":"enable_proxysql: \"yes\""},{"line_number":942,"context_line":"enable_redis: \"no\""},{"line_number":943,"context_line":"enable_skyline: \"no\""},{"line_number":944,"context_line":"enable_swtpm: \"no\""},{"line_number":945,"context_line":"enable_tacker: \"no\""},{"line_number":946,"context_line":"enable_telegraf: \"no\""},{"line_number":947,"context_line":"enable_trove: \"no\""}],"source_content_type":"text/x-yaml","patch_set":6,"id":"8efa8462_d3945e5a","line":944,"updated":"2025-08-05 16:59:42.000000000","message":"if it\u0027s only used by nova_cell role please move it to this role defaults, probably changing the name to enable_nova_swtpm would make more sense as well","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"5ab3863905c0eb3829829fa4738cffe1c531845d","unresolved":false,"context_lines":[{"line_number":941,"context_line":"enable_proxysql: \"yes\""},{"line_number":942,"context_line":"enable_redis: \"no\""},{"line_number":943,"context_line":"enable_skyline: \"no\""},{"line_number":944,"context_line":"enable_swtpm: \"no\""},{"line_number":945,"context_line":"enable_tacker: \"no\""},{"line_number":946,"context_line":"enable_telegraf: \"no\""},{"line_number":947,"context_line":"enable_trove: \"no\""}],"source_content_type":"text/x-yaml","patch_set":6,"id":"ca0b6df4_a1670d1d","line":944,"in_reply_to":"8efa8462_d3945e5a","updated":"2025-11-24 08:53:58.000000000","message":"Done","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"fd256eef3a82c0abe8cd6dca4846f27e5794b8bf","unresolved":true,"context_lines":[{"line_number":1220,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":"# User and group to be used for swtpm process, activated by enable_swtpm"},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"swtpm\""},{"line_number":1225,"context_line":""},{"line_number":1226,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"8319ff45_30093727","line":1223,"updated":"2025-08-05 16:59:42.000000000","message":"ditto","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"5ab3863905c0eb3829829fa4738cffe1c531845d","unresolved":false,"context_lines":[{"line_number":1220,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":1221,"context_line":"nova_console: \"novnc\""},{"line_number":1222,"context_line":"# User and group to be used for swtpm process, activated by enable_swtpm"},{"line_number":1223,"context_line":"swtpm_user: \"swtpm\""},{"line_number":1224,"context_line":"swtpm_group: \"swtpm\""},{"line_number":1225,"context_line":""},{"line_number":1226,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"a6239ffc_c985d58a","line":1223,"in_reply_to":"8319ff45_30093727","updated":"2025-11-24 08:53:58.000000000","message":"Done","commit_id":"8f26f82b6d378e1ec78417ca85ecb99350794b5d"}],"ansible/group_vars/all/nova.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c01ed5a7eebed42e1c4482948e0278ba011f6beb","unresolved":true,"context_lines":[{"line_number":4,"context_line":"enable_nova_libvirt_container: \"{{ nova_compute_virt_type in [\u0027kvm\u0027, \u0027qemu\u0027] }}\""},{"line_number":5,"context_line":"enable_nova_serialconsole_proxy: false"},{"line_number":6,"context_line":"enable_nova_ssh: true"},{"line_number":7,"context_line":"enable_nova_swtpm: false"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"#######################"},{"line_number":10,"context_line":"# Nova options"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"3abea23a_b5253d1f","line":7,"updated":"2025-12-09 13:10:26.000000000","message":"Does it need to be here? Can it be defined in defaults for nova-cell role?","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"d77de14f183aeb47135fe6e4fb07d28b40817592","unresolved":true,"context_lines":[{"line_number":4,"context_line":"enable_nova_libvirt_container: \"{{ nova_compute_virt_type in [\u0027kvm\u0027, \u0027qemu\u0027] }}\""},{"line_number":5,"context_line":"enable_nova_serialconsole_proxy: false"},{"line_number":6,"context_line":"enable_nova_ssh: true"},{"line_number":7,"context_line":"enable_nova_swtpm: false"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"#######################"},{"line_number":10,"context_line":"# Nova options"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"57217095_a62a7f45","line":7,"in_reply_to":"3abea23a_b5253d1f","updated":"2025-12-11 07:29:09.000000000","message":"Isn\u0027t that how feature default state are defined? In defaults for nova-cell role are mostly variables mappings, not boolean selectors.","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"62743fad3fc26143d4ea43765d0ecf7c806395c5","unresolved":false,"context_lines":[{"line_number":4,"context_line":"enable_nova_libvirt_container: \"{{ nova_compute_virt_type in [\u0027kvm\u0027, \u0027qemu\u0027] }}\""},{"line_number":5,"context_line":"enable_nova_serialconsole_proxy: false"},{"line_number":6,"context_line":"enable_nova_ssh: true"},{"line_number":7,"context_line":"enable_nova_swtpm: false"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"#######################"},{"line_number":10,"context_line":"# Nova options"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"57e9be12_de1d5acf","line":7,"in_reply_to":"48cf979d_9588a6b6","updated":"2025-12-12 07:52:23.000000000","message":"Done","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"b732d774d57242d1dc884c9cb0a6919f9a49fe2b","unresolved":true,"context_lines":[{"line_number":4,"context_line":"enable_nova_libvirt_container: \"{{ nova_compute_virt_type in [\u0027kvm\u0027, \u0027qemu\u0027] }}\""},{"line_number":5,"context_line":"enable_nova_serialconsole_proxy: false"},{"line_number":6,"context_line":"enable_nova_ssh: true"},{"line_number":7,"context_line":"enable_nova_swtpm: false"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"#######################"},{"line_number":10,"context_line":"# Nova options"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"48cf979d_9588a6b6","line":7,"in_reply_to":"57217095_a62a7f45","updated":"2025-12-12 07:48:48.000000000","message":"No, in theory in group_vars we only need variables that are shared between the roles, but somehow we have all of this junk in here - so I\u0027d prefer to not put things into group_vars if not needed.","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c01ed5a7eebed42e1c4482948e0278ba011f6beb","unresolved":true,"context_lines":[{"line_number":17,"context_line":"nova_safety_upgrade: false"},{"line_number":18,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":19,"context_line":"nova_console: \"novnc\""},{"line_number":20,"context_line":"# User and group to be used for swtpm process, activated by enable_nova_swtpm"},{"line_number":21,"context_line":"nova_swtpm_user: \"swtpm\""},{"line_number":22,"context_line":"nova_swtpm_group: \"swtpm\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"#######################"},{"line_number":25,"context_line":"# Nova Database"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"13f7660c_58a5a912","line":22,"range":{"start_line":20,"start_character":0,"end_line":22,"end_character":25},"updated":"2025-12-09 13:10:26.000000000","message":"Does this need to be configurable?\nIf it does - does it need to be here? Can it be defined in defaults for nova-cell role?","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"d77de14f183aeb47135fe6e4fb07d28b40817592","unresolved":false,"context_lines":[{"line_number":17,"context_line":"nova_safety_upgrade: false"},{"line_number":18,"context_line":"# Valid options are [ none, novnc, spice ]"},{"line_number":19,"context_line":"nova_console: \"novnc\""},{"line_number":20,"context_line":"# User and group to be used for swtpm process, activated by enable_nova_swtpm"},{"line_number":21,"context_line":"nova_swtpm_user: \"swtpm\""},{"line_number":22,"context_line":"nova_swtpm_group: \"swtpm\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"#######################"},{"line_number":25,"context_line":"# Nova Database"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"707aefbb_d6d9402b","line":22,"range":{"start_line":20,"start_character":0,"end_line":22,"end_character":25},"in_reply_to":"13f7660c_58a5a912","updated":"2025-12-11 07:29:09.000000000","message":"Done","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"}],"doc/source/reference/compute/nova-guide.rst":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"4b97171d1adfad5a9e13603cc6be20e27646fc70","unresolved":true,"context_lines":[{"line_number":121,"context_line":"If you choose to undefine `nova_cell_compute_provider_config` on a host, you must"},{"line_number":122,"context_line":"manually remove the generated config from inside the container, or recreate the"},{"line_number":123,"context_line":"container."},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"Emulated virtual Trusted Platform Module (vTPM)"},{"line_number":126,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":127,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"4870cf49_de2ae402","line":124,"updated":"2025-11-24 08:58:02.000000000","message":"I\u0027d say we also need a link to https://docs.openstack.org/nova/latest/admin/emulated-tpm.html#limitations so users are aware","commit_id":"9640cfa9bcba69204a71899dd5cd06fbed7c87ca"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"a7593aad16c6dfc3d5d3863ae205467cef1928c1","unresolved":false,"context_lines":[{"line_number":121,"context_line":"If you choose to undefine `nova_cell_compute_provider_config` on a host, you must"},{"line_number":122,"context_line":"manually remove the generated config from inside the container, or recreate the"},{"line_number":123,"context_line":"container."},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"Emulated virtual Trusted Platform Module (vTPM)"},{"line_number":126,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":127,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"aee822e9_a710cb32","line":124,"in_reply_to":"4870cf49_de2ae402","updated":"2025-11-24 09:30:59.000000000","message":"Done","commit_id":"9640cfa9bcba69204a71899dd5cd06fbed7c87ca"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c01ed5a7eebed42e1c4482948e0278ba011f6beb","unresolved":true,"context_lines":[{"line_number":128,"context_line":"Nova supports adding an emulated virtual Trusted Platform Module (vTPM) to"},{"line_number":129,"context_line":"instances. This feature is implemented with the SWTPM (Software TPM Emulator)"},{"line_number":130,"context_line":"package. To enable this feature, set ``enable_nova_swtpm`` to ``true``."},{"line_number":131,"context_line":"Beware of `limitations`__ that comes with this solution."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  __ https://docs.openstack.org/nova/latest/admin/emulated-tpm.html#limitations"}],"source_content_type":"text/x-rst","patch_set":12,"id":"36009241_98228ba8","line":131,"range":{"start_line":131,"start_character":31,"end_line":131,"end_character":36},"updated":"2025-12-09 13:10:26.000000000","message":"nit: come (limitations is plural)","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"d77de14f183aeb47135fe6e4fb07d28b40817592","unresolved":false,"context_lines":[{"line_number":128,"context_line":"Nova supports adding an emulated virtual Trusted Platform Module (vTPM) to"},{"line_number":129,"context_line":"instances. This feature is implemented with the SWTPM (Software TPM Emulator)"},{"line_number":130,"context_line":"package. To enable this feature, set ``enable_nova_swtpm`` to ``true``."},{"line_number":131,"context_line":"Beware of `limitations`__ that comes with this solution."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  __ https://docs.openstack.org/nova/latest/admin/emulated-tpm.html#limitations"}],"source_content_type":"text/x-rst","patch_set":12,"id":"030919fb_7ce6f0c2","line":131,"range":{"start_line":131,"start_character":31,"end_line":131,"end_character":36},"in_reply_to":"36009241_98228ba8","updated":"2025-12-11 07:29:09.000000000","message":"Done","commit_id":"914d68a880a70d57c07991c10b5374fd0619547d"}]}
