)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"ab17573136949882fe1606e47ac1bf662d7db1b7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"7c4ff22e_4f11a111","updated":"2025-12-11 09:48:53.000000000","message":"Needs some docs in doc/source/reference/high-availability (or a similar place)","commit_id":"1c459f436dfb2af0ff0eb4f28039e44e4328adf2"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"b855894f9f9bd7207bc80d7cf3f4e348eb4a2a31","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"9348cac2_5e9248a3","in_reply_to":"7c4ff22e_4f11a111","updated":"2025-12-11 09:58:32.000000000","message":"Done","commit_id":"1c459f436dfb2af0ff0eb4f28039e44e4328adf2"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"b855894f9f9bd7207bc80d7cf3f4e348eb4a2a31","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"a08ef8e9_4ec05f7d","updated":"2025-12-11 09:58:32.000000000","message":"Added","commit_id":"37f71cc03e616a036b841ebada637a729b2dbe00"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"85e57909758fe7d3837a4bb62d102ed756bb3f23","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"0de4dc3d_520dc614","updated":"2025-12-23 13:24:02.000000000","message":"@","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"015f890a68df2f6d80f2a553e1a27f019e338a05","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"9cbb5dce_d7ed9d45","updated":"2025-12-25 17:39:36.000000000","message":"Needs input validation, and maybe better defaults than empty strings.\n\nOtherwise I can see the usefulness of this.","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"ee83938532e087549221445fab9cd17014b2e245","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3f0deffa_e00391c2","updated":"2025-12-11 12:50:54.000000000","message":"recheck","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"138247a618bf7b7ad565ede4a8e7e50e4e64cbd1","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"a92d08ab_5b3d9b90","updated":"2026-01-15 10:39:05.000000000","message":"I don\u0027t understand the usecase for this, can you explain it in detail? I\u0027m sceptical about adding support for a very rarely used scenario that cannot be tested in the CI, which will be a burden to future maintainers","commit_id":"18f11f179cf9cd6c4b13cc11268a6109f857bf01"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"31850cb59d52c686b26d86d078c34fc6d781218e","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"f0db355b_56d1b798","in_reply_to":"a92d08ab_5b3d9b90","updated":"2026-01-15 15:11:01.000000000","message":"Use case: Splitting OpenStack external traffic routing from internal one.\n\nIssues with current configuration fixed with this feature:\n\n- Broken Internal Routing: Host dependencies (LDAP, monitoring, registries) on routed internal networks are not reachable as traffic is forced out the public interface.\n- Asymmetric Routing: Ingress traffic on the internal interface attempts to return via the external gateway, dropping connections.\n- Security Compliance: Prevents strict internal connection setups where the host OS must remain isolated from the public internet (no public default route).","commit_id":"18f11f179cf9cd6c4b13cc11268a6109f857bf01"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"3e3d0e0d3d91af4c4641e88c2ebe4f703f8c93b4","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"f8eaab9c_5222a58c","in_reply_to":"f0db355b_56d1b798","updated":"2026-02-03 06:51:25.000000000","message":"tbh I still don\u0027t understand this, maybe using dedicated loadbalancer hosts could be a better solution?\n\nmy current pov is that this shouldn\u0027t be implemented upstream, but I won\u0027t block it if other cores disagree","commit_id":"18f11f179cf9cd6c4b13cc11268a6109f857bf01"}],"ansible/group_vars/all/common.yml":[{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"015f890a68df2f6d80f2a553e1a27f019e338a05","unresolved":true,"context_lines":[{"line_number":169,"context_line":"kolla_external_vip_address: \"{{ kolla_internal_vip_address }}\""},{"line_number":170,"context_line":"kolla_same_external_internal_vip: \"{{ kolla_external_vip_address | ansible.utils.ipaddr(\u0027address\u0027) \u003d\u003d kolla_internal_vip_address | ansible.utils.ipaddr(\u0027address\u0027) }}\""},{"line_number":171,"context_line":"kolla_external_fqdn: \"{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}\""},{"line_number":172,"context_line":"kolla_external_network_address: \"\""},{"line_number":173,"context_line":"kolla_external_network_gateway: \"\""},{"line_number":174,"context_line":"kolla_external_network_vip_prefix: \"\""},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"kolla_dev_repos_directory: \"/opt/stack/\""},{"line_number":177,"context_line":"kolla_dev_repos_git: \"https://opendev.org/openstack\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"86be1ecf_8245af42","line":174,"range":{"start_line":172,"start_character":0,"end_line":174,"end_character":37},"updated":"2025-12-25 17:39:36.000000000","message":"I feel like these should be validated better ? This looks like a very easy way to break keepalived deployments.","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"bd4554d3728e28e37411246d75d9b332873a1aee","unresolved":true,"context_lines":[{"line_number":169,"context_line":"kolla_external_vip_address: \"{{ kolla_internal_vip_address }}\""},{"line_number":170,"context_line":"kolla_same_external_internal_vip: \"{{ kolla_external_vip_address | ansible.utils.ipaddr(\u0027address\u0027) \u003d\u003d kolla_internal_vip_address | ansible.utils.ipaddr(\u0027address\u0027) }}\""},{"line_number":171,"context_line":"kolla_external_fqdn: \"{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}\""},{"line_number":172,"context_line":"kolla_external_network_address: \"\""},{"line_number":173,"context_line":"kolla_external_network_gateway: \"\""},{"line_number":174,"context_line":"kolla_external_network_vip_prefix: \"\""},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"kolla_dev_repos_directory: \"/opt/stack/\""},{"line_number":177,"context_line":"kolla_dev_repos_git: \"https://opendev.org/openstack\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"f520bcf1_f36fc109","line":174,"range":{"start_line":172,"start_character":0,"end_line":174,"end_character":37},"in_reply_to":"86be1ecf_8245af42","updated":"2025-12-31 07:40:46.000000000","message":"I have just added examples in globals.yml, `keepalived_virtual_routing` flag will be now automatically set if all required variables are defined.","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"fa59dfb0cee3851fbac07a0cdfc79c0e690525bb","unresolved":false,"context_lines":[{"line_number":169,"context_line":"kolla_external_vip_address: \"{{ kolla_internal_vip_address }}\""},{"line_number":170,"context_line":"kolla_same_external_internal_vip: \"{{ kolla_external_vip_address | ansible.utils.ipaddr(\u0027address\u0027) \u003d\u003d kolla_internal_vip_address | ansible.utils.ipaddr(\u0027address\u0027) }}\""},{"line_number":171,"context_line":"kolla_external_fqdn: \"{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}\""},{"line_number":172,"context_line":"kolla_external_network_address: \"\""},{"line_number":173,"context_line":"kolla_external_network_gateway: \"\""},{"line_number":174,"context_line":"kolla_external_network_vip_prefix: \"\""},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"kolla_dev_repos_directory: \"/opt/stack/\""},{"line_number":177,"context_line":"kolla_dev_repos_git: \"https://opendev.org/openstack\""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"1ee3a203_20ccf5b8","line":174,"range":{"start_line":172,"start_character":0,"end_line":174,"end_character":37},"in_reply_to":"f520bcf1_f36fc109","updated":"2026-01-07 21:45:40.000000000","message":"Done","commit_id":"939cf5d5ffbf10e0e1f9f748af7729bda47518c5"}],"ansible/group_vars/all/keepalived.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c9fb7a7dd235090aeee56195c58dc1f76b797dc9","unresolved":true,"context_lines":[{"line_number":8,"context_line":"keepalived_virtual_router_id: \"51\""},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# Enable keepalived virtual routing when the default route is set to a network different from the external network."},{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"34d88f7b_1f535c77","line":11,"updated":"2025-12-31 18:18:44.000000000","message":"```suggestion\nkeepalived_virtual_routing: \"{{ kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway }}\"\n```","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"fa59dfb0cee3851fbac07a0cdfc79c0e690525bb","unresolved":true,"context_lines":[{"line_number":8,"context_line":"keepalived_virtual_router_id: \"51\""},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"# Enable keepalived virtual routing when the default route is set to a network different from the external network."},{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"258dce3e_4e10e035","line":11,"in_reply_to":"34d88f7b_1f535c77","updated":"2026-01-07 21:45:40.000000000","message":"Number of variables was reduced even more, \"if\" statement is executed in jinja template directly.","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c9fb7a7dd235090aeee56195c58dc1f76b797dc9","unresolved":true,"context_lines":[{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"a51c5001_8ef7c48b","line":14,"updated":"2025-12-31 18:18:44.000000000","message":"Do we need to validate in prechecks that this table does not exist to not break anything?","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"1c63edd9c7bb84ce7c3869d5024f83e0cac99286","unresolved":true,"context_lines":[{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"f718cf07_7b118cbf","line":14,"in_reply_to":"0c987631_48bd7b2d","updated":"2026-01-09 08:09:57.000000000","message":"This is not always required it only makes sense if Keepalived uses policy routing to isolate VIP traffic from the main table.\nAlso, the routing table (104) does not need to exist beforehand if it’s not actually used\n\u0027\u0027ip route show table 104\u0027\u0027\nwill be empty, so for a simple VIP this setting is unnecessary and can be removed.","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"db66fc847f3db92a3a0742ebe555606b4f1f2c89","unresolved":true,"context_lines":[{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"0c987631_48bd7b2d","line":14,"in_reply_to":"a51c5001_8ef7c48b","updated":"2026-01-09 07:30:49.000000000","message":"I\u0027m not sure if it\u0027s necessary here","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"52314e1af2ef2ea3e86858392765e93750e588ea","unresolved":true,"context_lines":[{"line_number":11,"context_line":"keepalived_virtual_routing: \"{{ true if (kolla_external_network_vip_prefix and kolla_external_network_address and kolla_external_network_gateway) else false }}\""},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"# Routing table used for keepalived virtual routing. Tables with ID 0, 253, 254, and 255 are reserved."},{"line_number":14,"context_line":"keepalived_virtual_routing_table: \"104\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"8634e9f2_5fe249e1","line":14,"in_reply_to":"f718cf07_7b118cbf","updated":"2026-01-09 08:13:44.000000000","message":"@vurmil@gmail.com Michal asked here if precheck for this table is needed, and not table itself. Without separate table it wouldn\u0027t work like proposed.","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"}],"ansible/roles/loadbalancer/templates/keepalived/keepalived.conf.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"c9fb7a7dd235090aeee56195c58dc1f76b797dc9","unresolved":true,"context_lines":[{"line_number":50,"context_line":"{% if keepalived_virtual_routing | bool %}"},{"line_number":51,"context_line":"    virtual_routes {"},{"line_number":52,"context_line":"       default via {{ kolla_external_network_gateway }} table {{ keepalived_virtual_routing_table }}"},{"line_number":53,"context_line":"       to {{ kolla_external_network_address }}/{{ kolla_external_network_vip_prefix }} dev {{ kolla_external_vip_interface }} table {{ keepalived_virtual_routing_table }}"},{"line_number":54,"context_line":"    }"},{"line_number":55,"context_line":"    virtual_rules {"},{"line_number":56,"context_line":"       from {{ kolla_external_network_address }}/{{ kolla_external_network_vip_prefix }} table {{ keepalived_virtual_routing_table }}"}],"source_content_type":"text/x-jinja2","patch_set":4,"id":"ca88a779_94e481ab","line":53,"updated":"2025-12-31 18:18:44.000000000","message":"we could use ipaddr filter to get network addr from gateway and prefix","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"},{"author":{"_account_id":34034,"name":"Franciszek Przewoźny","display_name":"Franciszek Przewozny","email":"przewozny.franciszek@gmail.com","username":"fprzewozn","status":"OpenStack Engineer / SRE @ Opera Software"},"change_message_id":"fa59dfb0cee3851fbac07a0cdfc79c0e690525bb","unresolved":false,"context_lines":[{"line_number":50,"context_line":"{% if keepalived_virtual_routing | bool %}"},{"line_number":51,"context_line":"    virtual_routes {"},{"line_number":52,"context_line":"       default via {{ kolla_external_network_gateway }} table {{ keepalived_virtual_routing_table }}"},{"line_number":53,"context_line":"       to {{ kolla_external_network_address }}/{{ kolla_external_network_vip_prefix }} dev {{ kolla_external_vip_interface }} table {{ keepalived_virtual_routing_table }}"},{"line_number":54,"context_line":"    }"},{"line_number":55,"context_line":"    virtual_rules {"},{"line_number":56,"context_line":"       from {{ kolla_external_network_address }}/{{ kolla_external_network_vip_prefix }} table {{ keepalived_virtual_routing_table }}"}],"source_content_type":"text/x-jinja2","patch_set":4,"id":"834436b9_7fc0eff8","line":53,"in_reply_to":"ca88a779_94e481ab","updated":"2026-01-07 21:45:40.000000000","message":"Done","commit_id":"89f73b08f10c628cb713d82e1e85bab3e76072b8"}]}