)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":36702,"name":"Roman Krcek","display_name":"Roman Krček","email":"roman.krcek@tietoevry.com","username":"r-krcek"},"change_message_id":"5b00c2da21f80e39106d1560a9e6a94678f4bde0","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":4,"id":"dcb40fc5_b0fdd2e4","updated":"2024-09-24 07:18:23.000000000","message":"So far, the test have been failing due to SSL errors. These errors are because of the fact that Zuul appears not to be checking out the sister patch of kolla-ansible on the same topic. After looking at the docs [1], it is discouraged to create circular `Depends-On:` My question would be - how to get Zuul to use specific patch of kolla-ansible to make sure the tests pass?\n\n[1] - https://docs.opendev.org/opendev/infra-manual/latest/developers.html#cross-repository-dependencies","commit_id":"2c8596cbae44bc22f0266b8b4214b31d4cecc062"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"ccc45ca87aaf8e94cfeb638ec90c941d7b5321a7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"449346d6_02647f1d","updated":"2024-12-01 17:48:13.000000000","message":"recheck give me fresh logs","commit_id":"2c8596cbae44bc22f0266b8b4214b31d4cecc062"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"da0b24905c6d39ef4a6b4553148d79c1a246795c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"20979e39_c4f34a9b","in_reply_to":"dcb40fc5_b0fdd2e4","updated":"2024-12-01 21:13:50.000000000","message":"This should be fixed now.","commit_id":"2c8596cbae44bc22f0266b8b4214b31d4cecc062"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"0e5958e964f5c89031314cb069fef0bd7f6751ad","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"df2bb003_136a9a1d","updated":"2024-12-02 04:33:50.000000000","message":"recheck","commit_id":"5b37125a63ee64a32d204936fed0bb562b8aea07"}],"docker/base/copy_cacerts.sh":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"519cfd3ac50eb4b83c4a890295f57ff5553a0c24","unresolved":true,"context_lines":[{"line_number":7,"context_line":"rm -f /usr/local/share/ca-certificates/kolla-customca-* \\"},{"line_number":8,"context_line":"        /etc/pki/ca-trust/source/anchors/kolla-customca-*"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"if [[ -d /usr/share/kolla ]] \u0026\u0026 \\"},{"line_number":11,"context_line":"        [[ ! -z \"$(ls -A /usr/share/kolla/)\" ]]; then"},{"line_number":12,"context_line":"    if [[ -e /etc/debian_version ]]; then"},{"line_number":13,"context_line":"        # Debian, Ubuntu"}],"source_content_type":"text/x-sh","patch_set":2,"id":"b81d82a1_8b34a482","line":10,"range":{"start_line":10,"start_character":9,"end_line":10,"end_character":25},"updated":"2024-09-17 09:00:32.000000000","message":"/var/lib/kolla/share ?","commit_id":"a61ac1cd0d7b258225a543d35e0bf89aa468e59f"},{"author":{"_account_id":36702,"name":"Roman Krcek","display_name":"Roman Krček","email":"roman.krcek@tietoevry.com","username":"r-krcek"},"change_message_id":"dae4702aaa558110c742955ad1554d38360dd2b8","unresolved":true,"context_lines":[{"line_number":7,"context_line":"rm -f /usr/local/share/ca-certificates/kolla-customca-* \\"},{"line_number":8,"context_line":"        /etc/pki/ca-trust/source/anchors/kolla-customca-*"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"if [[ -d /usr/share/kolla ]] \u0026\u0026 \\"},{"line_number":11,"context_line":"        [[ ! -z \"$(ls -A /usr/share/kolla/)\" ]]; then"},{"line_number":12,"context_line":"    if [[ -e /etc/debian_version ]]; then"},{"line_number":13,"context_line":"        # Debian, Ubuntu"}],"source_content_type":"text/x-sh","patch_set":2,"id":"d96b2ce3_d165d710","line":10,"range":{"start_line":10,"start_character":9,"end_line":10,"end_character":25},"in_reply_to":"02388f7e_3706a3ce","updated":"2024-09-23 16:48:24.000000000","message":"Done","commit_id":"a61ac1cd0d7b258225a543d35e0bf89aa468e59f"},{"author":{"_account_id":36702,"name":"Roman Krcek","display_name":"Roman Krček","email":"roman.krcek@tietoevry.com","username":"r-krcek"},"change_message_id":"89d84c6bca9006e9657277390b404753c55385ce","unresolved":true,"context_lines":[{"line_number":7,"context_line":"rm -f /usr/local/share/ca-certificates/kolla-customca-* \\"},{"line_number":8,"context_line":"        /etc/pki/ca-trust/source/anchors/kolla-customca-*"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"if [[ -d /usr/share/kolla ]] \u0026\u0026 \\"},{"line_number":11,"context_line":"        [[ ! -z \"$(ls -A /usr/share/kolla/)\" ]]; then"},{"line_number":12,"context_line":"    if [[ -e /etc/debian_version ]]; then"},{"line_number":13,"context_line":"        # Debian, Ubuntu"}],"source_content_type":"text/x-sh","patch_set":2,"id":"02388f7e_3706a3ce","line":10,"range":{"start_line":10,"start_character":9,"end_line":10,"end_character":25},"in_reply_to":"b81d82a1_8b34a482","updated":"2024-09-17 20:34:29.000000000","message":"See Sven\u0027s comment chain.\n\nhttps://review.opendev.org/c/openstack/kolla-ansible/+/924651/comments/cab98d4e_458e172f","commit_id":"a61ac1cd0d7b258225a543d35e0bf89aa468e59f"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"da0b24905c6d39ef4a6b4553148d79c1a246795c","unresolved":false,"context_lines":[{"line_number":7,"context_line":"rm -f /usr/local/share/ca-certificates/kolla-customca-* \\"},{"line_number":8,"context_line":"        /etc/pki/ca-trust/source/anchors/kolla-customca-*"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"if [[ -d /usr/share/kolla ]] \u0026\u0026 \\"},{"line_number":11,"context_line":"        [[ ! -z \"$(ls -A /usr/share/kolla/)\" ]]; then"},{"line_number":12,"context_line":"    if [[ -e /etc/debian_version ]]; then"},{"line_number":13,"context_line":"        # Debian, Ubuntu"}],"source_content_type":"text/x-sh","patch_set":2,"id":"5b0413e8_5a6b3bc4","line":10,"range":{"start_line":10,"start_character":9,"end_line":10,"end_character":25},"in_reply_to":"d96b2ce3_d165d710","updated":"2024-12-01 21:13:50.000000000","message":"Done","commit_id":"a61ac1cd0d7b258225a543d35e0bf89aa468e59f"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"3088a514f1242f37bf7d97177858f8b6b4f78601","unresolved":true,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"fb3f5cb8_e272f09e","line":6,"updated":"2024-12-02 09:14:56.000000000","message":"Isn\u0027t KOLLA_BASE_DISTRO an env variable we can use?","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e7289c8d9d9f278e8ca1474cc7333a84813b976d","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"6e4124d4_a443be0a","line":6,"in_reply_to":"58a8ab29_fbdaec14","updated":"2024-12-02 12:33:48.000000000","message":"Regarding /etc/os-release \n\nNot all Linux systems have the /etc/os-release file. This file is part of the freedesktop.org standard and was introduced with systemd, so its presence depends on the use of modern distributions and their implementation of systemd.\n\nThe files /etc/debian-version and /etc/redhat-release are always present for these two families, and since we only use these two, it is much simpler to check the file than to parse /etc/os-release.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"21fadb0e214528d3307283aa669abfe1e21e69f4","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"f93d2e55_8f8d2e39","line":6,"in_reply_to":"6e4124d4_a443be0a","updated":"2024-12-02 13:49:09.000000000","message":"ack","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"d39111cdfdc850e4a3dee2abca88389f77d35c10","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"58a8ab29_fbdaec14","line":6,"in_reply_to":"d5222375_a54af7b5","updated":"2024-12-02 10:53:10.000000000","message":"Well, this is, of course, up for discussion, but I honestly don’t see any real reason to have an ENV variable in the container. From inside the container, you can determine the distro in many ways — you can even write a simple script that tells you the system you’re on and bake it into the image as your helper. From the outside in kolla-ansible, you can check the TAG, for instance, or even better, set a LABEL for the image.\n\nI don’t know — I always try to simplify things, and this feels unnecessary in the long run.\n\nAnyway, please let’s focus on this review as it is. The way it’s written was already in place before and is not part of this patch — I’d prefer to handle this in a separate patch - if you will say you want it.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"3bc4532016401861ec0269836ff26a9d9b936c10","unresolved":true,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"d5222375_a54af7b5","line":6,"in_reply_to":"da706d46_16b0e549","updated":"2024-12-02 10:37:30.000000000","message":"Well, if we don\u0027t want this - we could at least use /etc/os-release","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"705bdf8e19f34dff1116c055c0dda515541d08a1","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"da706d46_16b0e549","line":6,"in_reply_to":"ed2c2c30_734c8bae","updated":"2024-12-02 10:34:45.000000000","message":"Yes, it is – but my opinion is that it shouldn\u0027t be used. Why? Because there\u0027s absolutely no reason for it. It\u0027s an image, and the script is embedded in the image. The script can determine on its own which distro it\u0027s running on.\n\nAnd if you can convince me of the benefits of KOLLA_BASE_DISTRO, then we can change it everywhere in another patch – because right now, it\u0027s used inconsistently in various places.\n\nAdditionally, the original version also doesn\u0027t use KOLLA_BASE_DISTRO.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"1c8a8601bdd1d98429b349ca4759df59e99df329","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"3d433730_d5779606","line":6,"in_reply_to":"f93d2e55_8f8d2e39","updated":"2024-12-02 15:27:11.000000000","message":"I\u0027ve checked and /etc/os-release is on all distros that we build - but yeah, we could think of unifying that across all scripts","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c2a1ce47ca299001ffc4f8192871b23a63a583bb","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Copy custom CA certificates to system trusted CA certificates folder"},{"line_number":4,"context_line":"# and run CA update utility"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"if [[ -e \"/etc/debian_version\" ]]; then"},{"line_number":7,"context_line":"    ca_dst_path\u003d\"/usr/local/share/ca-certificates\""},{"line_number":8,"context_line":"    update_command\u003d\"update-ca-certificates\""},{"line_number":9,"context_line":"elif [[ -e \"/etc/redhat-release\" ]]; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"ed2c2c30_734c8bae","line":6,"in_reply_to":"fb3f5cb8_e272f09e","updated":"2024-12-02 09:55:40.000000000","message":"This is just sticking to the existing logic, it might be possible to change it, but that should be done in a dedicated patch.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c2a1ce47ca299001ffc4f8192871b23a63a583bb","unresolved":true,"context_lines":[{"line_number":18,"context_line":"update_needed\u003d\"false\""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"# Remove old certificates"},{"line_number":21,"context_line":"if find /etc/ssl/certs/ \\"},{"line_number":22,"context_line":"        /usr/local/share/ca-certificates/ \\"},{"line_number":23,"context_line":"        /etc/pki/ca-trust/source/anchors/ \\"},{"line_number":24,"context_line":"        -name \u0027kolla*\u0027 -exec rm -f {} + 2\u003e/dev/null; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"4cccf967_315a4091","line":21,"range":{"start_line":21,"start_character":8,"end_line":21,"end_character":23},"updated":"2024-12-02 09:55:40.000000000","message":"can you explain where this directory is coming from/why it is needed to be cleaned?","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"dafb8a594c103bfca595da2d8dc13dfeee7c68f4","unresolved":false,"context_lines":[{"line_number":18,"context_line":"update_needed\u003d\"false\""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"# Remove old certificates"},{"line_number":21,"context_line":"if find /etc/ssl/certs/ \\"},{"line_number":22,"context_line":"        /usr/local/share/ca-certificates/ \\"},{"line_number":23,"context_line":"        /etc/pki/ca-trust/source/anchors/ \\"},{"line_number":24,"context_line":"        -name \u0027kolla*\u0027 -exec rm -f {} + 2\u003e/dev/null; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"e726ac29_3ccd115b","line":21,"range":{"start_line":21,"start_character":8,"end_line":21,"end_character":23},"in_reply_to":"4cccf967_315a4091","updated":"2024-12-02 10:24:17.000000000","message":"This is how debian/ubuntu works, user\u0027s certs are copied from /usr/local/share/ca-certificates/user.crt\n\nAnd update-ca-certificates is copying to /ets/ssl/certs, that\u0027s how it works.\nSo, it\u0027s system PATH debian specific ... and what script is doing is just cleanup (original script currently working in kolla just didn\u0027t take into account this path - /ets/ssl/certs ...this patch correctly adding it).\n\nExample below (debian):\n\n```\n[root@controller0 /]# find /usr/local/share/ | grep kolla\n[root@controller0 /]# find /etc/ssl/ | grep kolla\n[root@controller0 /]# cp -av /var/lib/kolla/config_files/ca-certificates/root.crt /usr/local/share/ca-certificates/kolla-customca-root.crt\n\u0027/var/lib/kolla/config_files/ca-certificates/root.crt\u0027 -\u003e \u0027/usr/local/share/ca-certificates/kolla-customca-root.crt\u0027\n[root@controller0 /]# update-ca-certificates \nUpdating certificates in /etc/ssl/certs...\nrehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL\n1 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n[root@controller0 /]# find /etc/ssl/ | grep kolla\n/etc/ssl/certs/kolla-customca-root.pem\n[root@controller0 /]# find /usr/local/share/ | grep kolla\n/usr/local/share/ca-certificates/kolla-customca-root.crt\n```\n\nSo, debuntu two paths:\n\n```\n(proxysql)[root@controller0 /]# find / -name \u0027kolla-customca*\u0027 2\u003e/dev/null\n/usr/local/share/ca-certificates/kolla-customca-root.crt\n/etc/ssl/certs/kolla-customca-root.pem\n```\n\nRHEL systems it\u0027s only one path:\n\n```\n[root@controller1 /]# find / -name \u0027kolla-customca*\u0027\n/etc/pki/ca-trust/source/anchors/kolla-customca-root.crt\n\n```\n\nAlso, if find worked and removed something - so RC is 0 ..it will register update_needed, if nothing was removed, register not happened.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"21fadb0e214528d3307283aa669abfe1e21e69f4","unresolved":false,"context_lines":[{"line_number":18,"context_line":"update_needed\u003d\"false\""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"# Remove old certificates"},{"line_number":21,"context_line":"if find /etc/ssl/certs/ \\"},{"line_number":22,"context_line":"        /usr/local/share/ca-certificates/ \\"},{"line_number":23,"context_line":"        /etc/pki/ca-trust/source/anchors/ \\"},{"line_number":24,"context_line":"        -name \u0027kolla*\u0027 -exec rm -f {} + 2\u003e/dev/null; then"}],"source_content_type":"text/x-sh","patch_set":8,"id":"c6186734_b730fbe2","line":21,"range":{"start_line":21,"start_character":8,"end_line":21,"end_character":23},"in_reply_to":"e726ac29_3ccd115b","updated":"2024-12-02 13:49:09.000000000","message":"ah, ok, thx for explaining","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c2a1ce47ca299001ffc4f8192871b23a63a583bb","unresolved":true,"context_lines":[{"line_number":33,"context_line":"fi"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"# Check if the source path exists and is not empty"},{"line_number":36,"context_line":"if [[ -d ${ca_src_path} \u0026\u0026 $(ls -A \"${ca_src_path}\" 2\u003e/dev/null) ]]; then"},{"line_number":37,"context_line":"    # Copy certificates and update CA"},{"line_number":38,"context_line":"    for cert in \"${ca_src_path}\"/*; do"},{"line_number":39,"context_line":"        file\u003d$(basename \"${cert}\")"}],"source_content_type":"text/x-sh","patch_set":8,"id":"69934026_d607a581","line":36,"updated":"2024-12-02 09:55:40.000000000","message":"why is this check needed? won\u0027t kolla be broken if we don\u0027t copy the certs?","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"d37520ac229b97b59c3c872f4c929a7d580a71e4","unresolved":false,"context_lines":[{"line_number":33,"context_line":"fi"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"# Check if the source path exists and is not empty"},{"line_number":36,"context_line":"if [[ -d ${ca_src_path} \u0026\u0026 $(ls -A \"${ca_src_path}\" 2\u003e/dev/null) ]]; then"},{"line_number":37,"context_line":"    # Copy certificates and update CA"},{"line_number":38,"context_line":"    for cert in \"${ca_src_path}\"/*; do"},{"line_number":39,"context_line":"        file\u003d$(basename \"${cert}\")"}],"source_content_type":"text/x-sh","patch_set":8,"id":"0b25ce06_53e318e9","line":36,"in_reply_to":"69934026_d607a581","updated":"2024-12-02 10:43:56.000000000","message":"No, it won\u0027t break. Why should it? Not copying certificates is a completely valid state. After all, you don’t have to have TLS enabled, and even if you do, you don’t need to have your own CA – meaning you don’t need to import it.\n\nHowever, consider the following scenario:\n\nThe user had TLS enabled in the past and then disabled it – in this case, things would break if there wasn’t a check. Why? Let me explain below.\n\nTLS enabled -\u003e /var/lib/kolla/share exists.\nTLS disabled -\u003e /var/lib/kolla/share doesn’t exist (thanks to review [1], anything not in config.json is correctly removed).\n\nBut since /var/lib/kolla/share already exists in the state file, it means the new system ( path /var/lib/kolla/share) was being used. However, because TLS isn’t currently enabled, it also needs to be checked for existence – otherwise, it would fail to copy the files - as even directory not exist.\n\n[1] https://review.opendev.org/c/openstack/kolla/+/915440\n\nNOTE: Grepping state file is mainly because we want to pass KOLLA \u003c-\u003e KOLLA_ANSIBLE circular dependency and handle it in proper way. Before certs were copied everytime which is bad (kolla-ansible is not cleaning /etc/kolla/service ..so /var/lib/kolla/config_files/ca-certificates were mounted every time)\n\nBut, it\u0027s nice and clear why it\u0027s written as it is.","commit_id":"d22245c71125c8c1c053fa772a362f0446467d0b"}]}