)]}'
{"magnum/api/controllers/v1/certificate.py":[{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"18e769ad335310e391e5095a4f4db8e3871dfde6","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":7,"id":"cb19a9c0_1ae7d42a","line":153,"range":{"start_line":153,"start_character":37,"end_line":153,"end_character":56},"updated":"2020-11-30 08:07:41.000000000","message":"Can you add api-ref and bump api microversion?","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"3e752aa356eea75c26963254496c4947eff610b9","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":7,"id":"3560b4b3_a58afff6","line":153,"range":{"start_line":153,"start_character":37,"end_line":153,"end_character":56},"in_reply_to":"cb19a9c0_1ae7d42a","updated":"2020-11-30 16:45:39.000000000","message":"Very good suggestion. Will do in next patch set.","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"6b60b4f85be7bdb43cb657521602edeaddfcbc87","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"03542af9_495ecb28","line":153,"updated":"2020-12-07 18:29:39.000000000","message":"This is not enough in the end. When we send sign requests with:\nhttps://review.opendev.org/c/openstack/magnum/+/746864/8/magnum/api/controllers/v1/certificate.py#168\n\nWe will always get the main CA.\nhttps://review.opendev.org/plugins/gitiles/openstack/magnum/+/refs/changes/64/746864/8/magnum/conductor/handlers/common/cert_manager.py#217\n\nWe need to pass the type for POST too.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"56633845ad67992a7c007737a06a54500570ab09","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"7e99fd0c_eefa7a38","line":153,"in_reply_to":"03542af9_495ecb28","updated":"2020-12-07 18:31:22.000000000","message":"\u003e This is not enough in the end. When we send sign requests with:\n\u003e https://review.opendev.org/c/openstack/magnum/+/746864/8/magnum/api/controllers/v1/certificate.py#168\n\u003e \n\u003e We will always get the main CA.\n\u003e https://review.opendev.org/plugins/gitiles/openstack/magnum/+/refs/changes/64/746864/8/magnum/conductor/handlers/common/cert_manager.py#217\n\nA side effect of this is that metrics-server doesn\u0027t work since it relies on the front-proxy CA.\n\n\u003e \n\u003e We need to pass the type for POST too.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"2cd29a2f91f59af2794403be1b58cd7a533963ad","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"6d3cd2f8_d0dcfc0e","line":153,"in_reply_to":"1ca35797_b9fe8267","updated":"2021-03-09 18:18:20.000000000","message":"I need to test this again, it doesn\u0027t look fixed.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"3ffbde76a0373201c9c209231f5ab6b97fd90dc2","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"cf4d92d3_abeac9d5","line":153,"in_reply_to":"3eb8a2cc_d6cd7bfa","updated":"2021-03-25 09:23:28.000000000","message":"[root@kube-zopgdjw2xyc7-master-0 core]# kubectl -n kube-system logs magnum-metrics-server-6ccbd7c7df-qvvvp\nI0324 13:34:24.137794       1 serving.go:312] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key)\nI0324 13:34:24.853139       1 secure_serving.go:116] Serving securely on [::]:8443\nE0324 13:34:50.465480       1 authentication.go:65] Unable to authenticate the request due to an error: [x509: subject with cn\u003dfront-proxy is not in the allowed list, x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube\")]\n\n\nI think it might be solved just by change the apiserver config https://opendev.org/openstack/magnum/src/branch/master/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh#L322 to \"front-proxy\" the CN of the CA.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"a8687e6d26a0651df08938005cf957e1008635ad","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"95f188ac_f862e769","line":153,"in_reply_to":"6d3cd2f8_d0dcfc0e","updated":"2021-03-24 13:50:58.000000000","message":"yeap, stil broken, can you update?","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"30d956c9b1bd75b8e58df9e0dc2eddf87d36b668","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"1ca35797_b9fe8267","line":153,"in_reply_to":"7e99fd0c_eefa7a38","updated":"2021-01-10 18:10:44.000000000","message":"Very good point. I will add the support for POST/sign.\n\nWhat\u0027s the change I need to do to ask metrics-server to use the right CA？","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"adab33229fe1296a85ff449059fb8b134dcee62e","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"3eb8a2cc_d6cd7bfa","line":153,"in_reply_to":"95f188ac_f862e769","updated":"2021-03-24 17:09:53.000000000","message":"hi Spyros, again, can you please let me know how did you test/check metrics-server? I can see the pod running OK in my test. Thanks.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"1e7d025ae1b18b9ae3c59a637e52ba42d01899e3","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"e4b8364e_b7ba4033","line":153,"in_reply_to":"cf4d92d3_abeac9d5","updated":"2021-03-25 18:28:49.000000000","message":"Great, thank you very much. That\u0027s very helpful.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"3b1ba20299fa5861bb5bc40e828d4668698c70f0","unresolved":true,"context_lines":[{"line_number":150,"context_line":"    }"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    @expose.expose(Certificate, types.uuid_or_name, wtypes.text)"},{"line_number":153,"context_line":"    def get_one(self, cluster_ident, ca_cert_type\u003dNone):"},{"line_number":154,"context_line":"        \"\"\"Retrieve CA information about the given cluster."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"        :param cluster_ident: UUID of a cluster or"}],"source_content_type":"text/x-python","patch_set":8,"id":"40e56697_491f96cb","line":153,"in_reply_to":"e4b8364e_b7ba4033","updated":"2021-03-29 08:14:27.000000000","message":"\u003e Great, thank you very much. That\u0027s very helpful.\n\nTested and it works very well. Thank you very much.","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"6b60b4f85be7bdb43cb657521602edeaddfcbc87","unresolved":true,"context_lines":[{"line_number":184,"context_line":"        return Certificate.convert_with_links(new_cert)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"    @expose.expose(ClusterID, types.uuid_or_name, status_code\u003d202)"},{"line_number":187,"context_line":"    def patch(self, cluster_ident):"},{"line_number":188,"context_line":"        context \u003d pecan.request.context"},{"line_number":189,"context_line":"        cluster \u003d api_utils.get_resource(\u0027Cluster\u0027, cluster_ident)"},{"line_number":190,"context_line":"        policy.enforce(context, \u0027certificate:rotate_ca\u0027, cluster.as_dict(),"}],"source_content_type":"text/x-python","patch_set":8,"id":"fd06eb52_959db4e6","line":187,"updated":"2020-12-07 18:29:39.000000000","message":"What about this CA? Don\u0027t we want to rotate it?","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"30d956c9b1bd75b8e58df9e0dc2eddf87d36b668","unresolved":true,"context_lines":[{"line_number":184,"context_line":"        return Certificate.convert_with_links(new_cert)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"    @expose.expose(ClusterID, types.uuid_or_name, status_code\u003d202)"},{"line_number":187,"context_line":"    def patch(self, cluster_ident):"},{"line_number":188,"context_line":"        context \u003d pecan.request.context"},{"line_number":189,"context_line":"        cluster \u003d api_utils.get_resource(\u0027Cluster\u0027, cluster_ident)"},{"line_number":190,"context_line":"        policy.enforce(context, \u0027certificate:rotate_ca\u0027, cluster.as_dict(),"}],"source_content_type":"text/x-python","patch_set":8,"id":"9751f0ec_2c9a648a","line":187,"in_reply_to":"fd06eb52_959db4e6","updated":"2021-01-10 18:10:44.000000000","message":"\u003e What about this CA? Don\u0027t we want to rotate it?\n\nYes, it would be nice. I will see if the change for rotate is too large, otherwise I may put it into a separate patch. Nice catch.","commit_id":"154be478d982712ac894e90d23460bee0686559d"}],"magnum/conductor/handlers/common/cert_manager.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":114,"context_line":"                                                   context\u003dcontext)"},{"line_number":115,"context_line":"        fp_ca_cert_ref, _, _ \u003d _generate_ca_cert(issuer_name,"},{"line_number":116,"context_line":"                                                 context\u003dcontext)"},{"line_number":117,"context_line":" "},{"line_number":118,"context_line":"        magnum_cert_ref \u003d _generate_client_cert(issuer_name,"},{"line_number":119,"context_line":"                                                ca_cert,"},{"line_number":120,"context_line":"                                                ca_password,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_5a7128de","line":117,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: W293 blank line contains whitespace","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"6b60b4f85be7bdb43cb657521602edeaddfcbc87","unresolved":true,"context_lines":[{"line_number":129,"context_line":"        raise exception.CertificatesToClusterFailed(cluster_uuid\u003dcluster.uuid)"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"def get_cluster_ca_certificate(cluster, context\u003dNone, ca_cert_type\u003dNone):"},{"line_number":133,"context_line":"    ref \u003d cluster.ca_cert_ref"},{"line_number":134,"context_line":"    if ca_cert_type \u003d\u003d \"etcd\":"},{"line_number":135,"context_line":"        ref \u003d cluster.etcd_ca_cert_ref"}],"source_content_type":"text/x-python","patch_set":8,"id":"ebbef71f_cdcc165f","line":132,"updated":"2020-12-07 18:29:39.000000000","message":"Here random value \u003d\u003d None right?","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"30d956c9b1bd75b8e58df9e0dc2eddf87d36b668","unresolved":true,"context_lines":[{"line_number":129,"context_line":"        raise exception.CertificatesToClusterFailed(cluster_uuid\u003dcluster.uuid)"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"def get_cluster_ca_certificate(cluster, context\u003dNone, ca_cert_type\u003dNone):"},{"line_number":133,"context_line":"    ref \u003d cluster.ca_cert_ref"},{"line_number":134,"context_line":"    if ca_cert_type \u003d\u003d \"etcd\":"},{"line_number":135,"context_line":"        ref \u003d cluster.etcd_ca_cert_ref"}],"source_content_type":"text/x-python","patch_set":8,"id":"2786aed5_6e102e36","line":132,"in_reply_to":"ebbef71f_cdcc165f","updated":"2021-01-10 18:10:44.000000000","message":"Are you talking about the ca_cert_type parameter? The default value is None which means the kubernetes general CA. Without specifying the ca_cert_type, we\u0027re assuming it\u0027s asking for k8s general CA. But as I explained in make_cert.sh, we can have \u0027kubernetes\u0027 as one of enum value, but it may break the other drivers I think. Thoughts?","commit_id":"154be478d982712ac894e90d23460bee0686559d"}],"magnum/db/sqlalchemy/alembic/versions/7da8489d6a68_separated_ca_cert_for_etcd_and_front_.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":1,"context_line":"\"\"\"separated CA cert for etcd and front-proxy"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"Revision ID: 7da8489d6a68"},{"line_number":4,"context_line":"Revises: 95096e2334ee"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_3ab8b474","line":1,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: H102: Apache 2.0 license header not found","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":10,"context_line":"revision \u003d \u00277da8489d6a68\u0027"},{"line_number":11,"context_line":"down_revision \u003d \u002795096e2334ee\u0027"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from alembic import op"},{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_1abb3072","line":13,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: E402 module level import not at top of file","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":11,"context_line":"down_revision \u003d \u002795096e2334ee\u0027"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from alembic import op"},{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_7ab18c8f","line":14,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: E402 module level import not at top of file","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":11,"context_line":"down_revision \u003d \u002795096e2334ee\u0027"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from alembic import op"},{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_5aac8834","line":14,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F401 \u0027sqlalchemy as sa\u0027 imported but unused","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from alembic import op"},{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"},{"line_number":18,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027etcd_ca_cert_ref\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_baab241b","line":15,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: E402 module level import not at top of file","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from alembic import op"},{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"},{"line_number":18,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027etcd_ca_cert_ref\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_9aa62053","line":15,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F401 \u0027sqlalchemy.dialects.mysql\u0027 imported but unused","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":14,"context_line":"import sqlalchemy as sa"},{"line_number":15,"context_line":"from sqlalchemy.dialects import mysql"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"},{"line_number":18,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027etcd_ca_cert_ref\u0027,"},{"line_number":19,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":20,"context_line":"                    nullable\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_fa62bc15","line":17,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: E302 expected 2 blank lines, found 1","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"},{"line_number":18,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027etcd_ca_cert_ref\u0027,"},{"line_number":19,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":20,"context_line":"                    nullable\u003dTrue)"},{"line_number":21,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027front_proxy_ca_cert_ref\u0027,"},{"line_number":22,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_da65381f","line":19,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F821 undefined name \u0027String\u0027","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"def upgrade():"},{"line_number":18,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027etcd_ca_cert_ref\u0027,"},{"line_number":19,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":20,"context_line":"                    nullable\u003dTrue)"},{"line_number":21,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027front_proxy_ca_cert_ref\u0027,"},{"line_number":22,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_3a6d5404","line":19,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F821 undefined name \u0027TEXT\u0027","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":19,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":20,"context_line":"                    nullable\u003dTrue)"},{"line_number":21,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027front_proxy_ca_cert_ref\u0027,"},{"line_number":22,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":23,"context_line":"                    nullable\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_1a7050dc","line":22,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F821 undefined name \u0027String\u0027","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"5894832558565c682d700de55b97ff099e0743c2","unresolved":false,"context_lines":[{"line_number":19,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":20,"context_line":"                    nullable\u003dTrue)"},{"line_number":21,"context_line":"    op.alter_column(\u0027cluster\u0027, \u0027front_proxy_ca_cert_ref\u0027,"},{"line_number":22,"context_line":"                    type_\u003dString(512, mysql_ndb_type\u003dTEXT),"},{"line_number":23,"context_line":"                    nullable\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_7a76acda","line":22,"updated":"2020-08-19 09:46:34.000000000","message":"pep8: F821 undefined name \u0027TEXT\u0027","commit_id":"447aa4461595efb3c01bf30c9ff5b01e0acbceaf"}],"magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh":[{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"fd6cebf636bcbd0e1bf596f13d7f93bf2cdda8df","unresolved":true,"context_lines":[{"line_number":319,"context_line":"KUBE_API_ARGS\u003d\"${KUBE_API_ARGS} \\"},{"line_number":320,"context_line":"    --proxy-client-cert-file\u003d${CERT_DIR}/front-proxy/server.crt \\"},{"line_number":321,"context_line":"    --proxy-client-key-file\u003d${CERT_DIR}/front-proxy/server.key \\"},{"line_number":322,"context_line":"    --requestheader-allowed-names\u003dfront-proxy-client,kube,kubernetes,kube-proxy \\"},{"line_number":323,"context_line":"    --requestheader-client-ca-file\u003d${CERT_DIR}/front-proxy/ca.crt \\"},{"line_number":324,"context_line":"    --requestheader-extra-headers-prefix\u003dX-Remote-Extra- \\"},{"line_number":325,"context_line":"    --requestheader-group-headers\u003dX-Remote-Group \\"}],"source_content_type":"text/x-sh","patch_set":13,"id":"6e1977c0_3b9a5447","line":322,"range":{"start_line":322,"start_character":34,"end_line":322,"end_character":79},"updated":"2021-04-01 13:20:26.000000000","message":"front-proxy,kube,kubernetes","commit_id":"7e8dccccd953dea7deb284e9173fdb99f6e48bd8"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"ecd9ac5bb91f1f3241de22da0be61c73665816f5","unresolved":true,"context_lines":[{"line_number":319,"context_line":"KUBE_API_ARGS\u003d\"${KUBE_API_ARGS} \\"},{"line_number":320,"context_line":"    --proxy-client-cert-file\u003d${CERT_DIR}/front-proxy/server.crt \\"},{"line_number":321,"context_line":"    --proxy-client-key-file\u003d${CERT_DIR}/front-proxy/server.key \\"},{"line_number":322,"context_line":"    --requestheader-allowed-names\u003dfront-proxy-client,kube,kubernetes,kube-proxy \\"},{"line_number":323,"context_line":"    --requestheader-client-ca-file\u003d${CERT_DIR}/front-proxy/ca.crt \\"},{"line_number":324,"context_line":"    --requestheader-extra-headers-prefix\u003dX-Remote-Extra- \\"},{"line_number":325,"context_line":"    --requestheader-group-headers\u003dX-Remote-Group \\"}],"source_content_type":"text/x-sh","patch_set":13,"id":"82f35109_71817977","line":322,"range":{"start_line":322,"start_character":34,"end_line":322,"end_character":79},"in_reply_to":"6e1977c0_3b9a5447","updated":"2021-04-01 17:32:20.000000000","message":"Shxt, i edited this on gerrit and my brain was mess.","commit_id":"7e8dccccd953dea7deb284e9173fdb99f6e48bd8"}],"magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh":[{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"18e769ad335310e391e5095a4f4db8e3871dfde6","unresolved":true,"context_lines":[{"line_number":183,"context_line":"extendedKeyUsage\u003d clientAuth"},{"line_number":184,"context_line":"EOF"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"generate_certificates server ${cert_dir}/server.conf kubelet"},{"line_number":187,"context_line":"generate_certificates kubelet ${cert_dir}/kubelet.conf kubelet"},{"line_number":188,"context_line":"generate_certificates admin ${cert_dir}/admin.conf kubelet"},{"line_number":189,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"723c780c_dea91a45","line":186,"updated":"2020-11-30 08:07:41.000000000","message":"I understand that this has noeffect since it is the default. But maybe pass the same server and admin below?","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"3e752aa356eea75c26963254496c4947eff610b9","unresolved":true,"context_lines":[{"line_number":183,"context_line":"extendedKeyUsage\u003d clientAuth"},{"line_number":184,"context_line":"EOF"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"generate_certificates server ${cert_dir}/server.conf kubelet"},{"line_number":187,"context_line":"generate_certificates kubelet ${cert_dir}/kubelet.conf kubelet"},{"line_number":188,"context_line":"generate_certificates admin ${cert_dir}/admin.conf kubelet"},{"line_number":189,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"f8bf0d99_df7357ed","line":186,"in_reply_to":"723c780c_dea91a45","updated":"2020-11-30 16:45:39.000000000","message":"Sure, I will do it in next patch set.","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"ee20d11cb3cecfbc36a983e349a38908a2a2c5ac","unresolved":true,"context_lines":[{"line_number":183,"context_line":"extendedKeyUsage\u003d clientAuth"},{"line_number":184,"context_line":"EOF"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"generate_certificates server ${cert_dir}/server.conf kubelet"},{"line_number":187,"context_line":"generate_certificates kubelet ${cert_dir}/kubelet.conf kubelet"},{"line_number":188,"context_line":"generate_certificates admin ${cert_dir}/admin.conf kubelet"},{"line_number":189,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"73b2376f_052fa730","line":186,"in_reply_to":"f8bf0d99_df7357ed","updated":"2020-11-30 22:50:27.000000000","message":"And to be more clear, for etcd and front-proxy, I think we only need server and admin.","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"18e769ad335310e391e5095a4f4db8e3871dfde6","unresolved":true,"context_lines":[{"line_number":215,"context_line":"[req_distinguished_name]"},{"line_number":216,"context_line":"CN \u003d etcd"},{"line_number":217,"context_line":"[req_ext]"},{"line_number":218,"context_line":"subjectAltName \u003d ${sans}"},{"line_number":219,"context_line":"extendedKeyUsage \u003d clientAuth,serverAuth"},{"line_number":220,"context_line":"EOF"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"1698f01b_d08d4e88","line":218,"range":{"start_line":218,"start_character":17,"end_line":218,"end_character":24},"updated":"2020-11-30 08:07:41.000000000","message":"this has:\n                IP Address:10.0.0.121, IP Address:172.24.4.121, IP Address:127.0.0.1, IP Address:10.254.0.1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local\n\nBot breaking, just FYI","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"6cb810e4a085f28451264f690b12f9d01cc82645","unresolved":true,"context_lines":[{"line_number":215,"context_line":"[req_distinguished_name]"},{"line_number":216,"context_line":"CN \u003d etcd"},{"line_number":217,"context_line":"[req_ext]"},{"line_number":218,"context_line":"subjectAltName \u003d ${sans}"},{"line_number":219,"context_line":"extendedKeyUsage \u003d clientAuth,serverAuth"},{"line_number":220,"context_line":"EOF"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"13eda539_dde91e35","line":218,"range":{"start_line":218,"start_character":17,"end_line":218,"end_character":24},"in_reply_to":"112223fa_7f01d94a","updated":"2020-12-02 07:26:45.000000000","message":"For me, it looks OK.\n\nsubjectAltName \u003d IP:10.0.0.107,IP:172.24.4.184,IP:172.24.4.51,IP:10.0.0.245,IP:10.0.0.29,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"6b60b4f85be7bdb43cb657521602edeaddfcbc87","unresolved":false,"context_lines":[{"line_number":215,"context_line":"[req_distinguished_name]"},{"line_number":216,"context_line":"CN \u003d etcd"},{"line_number":217,"context_line":"[req_ext]"},{"line_number":218,"context_line":"subjectAltName \u003d ${sans}"},{"line_number":219,"context_line":"extendedKeyUsage \u003d clientAuth,serverAuth"},{"line_number":220,"context_line":"EOF"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"3a3bf295_0407cf85","line":218,"range":{"start_line":218,"start_character":17,"end_line":218,"end_character":24},"in_reply_to":"13eda539_dde91e35","updated":"2020-12-07 18:29:39.000000000","message":"it is not an issue. It justs carries sans from apiserver","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"3e752aa356eea75c26963254496c4947eff610b9","unresolved":true,"context_lines":[{"line_number":215,"context_line":"[req_distinguished_name]"},{"line_number":216,"context_line":"CN \u003d etcd"},{"line_number":217,"context_line":"[req_ext]"},{"line_number":218,"context_line":"subjectAltName \u003d ${sans}"},{"line_number":219,"context_line":"extendedKeyUsage \u003d clientAuth,serverAuth"},{"line_number":220,"context_line":"EOF"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-sh","patch_set":7,"id":"112223fa_7f01d94a","line":218,"range":{"start_line":218,"start_character":17,"end_line":218,"end_character":24},"in_reply_to":"1698f01b_d08d4e88","updated":"2020-11-30 16:45:39.000000000","message":"Hmm... I cannot see why there is \"IP Address\". I will test again and check this part.","commit_id":"e5534978ffdeb3ead89251986a47181c44c0b34d"},{"author":{"_account_id":20498,"name":"Spyros Trigazis","email":"spyridon.trigazis@cern.ch","username":"strigazi"},"change_message_id":"6b60b4f85be7bdb43cb657521602edeaddfcbc87","unresolved":true,"context_lines":[{"line_number":183,"context_line":"extendedKeyUsage\u003d clientAuth"},{"line_number":184,"context_line":"EOF"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"generate_certificates server ${cert_dir}/server.conf kubelet"},{"line_number":187,"context_line":"generate_certificates kubelet ${cert_dir}/kubelet.conf kubelet"},{"line_number":188,"context_line":"generate_certificates admin ${cert_dir}/admin.conf kubelet"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"# Generate service account key and private key"},{"line_number":191,"context_line":"echo -e \"${KUBE_SERVICE_ACCOUNT_KEY}\" \u003e ${cert_dir}/service_account.key"}],"source_content_type":"text/x-sh","patch_set":8,"id":"89f2009c_031ccb56","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":58},"updated":"2020-12-07 18:29:39.000000000","message":"generate_certificates server ${cert_dir}/server.conf kubelet\ngenerate_certificates kubelet ${cert_dir}/kubelet.conf kubelet\ngenerate_certificates admin ${cert_dir}/admin.conf kubelet\n\n\u003e\ngenerate_certificates server ${cert_dir}/server.conf server\ngenerate_certificates kubelet ${cert_dir}/kubelet.conf kubelet\ngenerate_certificates admin ${cert_dir}/admin.conf admin","commit_id":"154be478d982712ac894e90d23460bee0686559d"},{"author":{"_account_id":6484,"name":"Feilong Wang","email":"hustemb@gmail.com","username":"flwang"},"change_message_id":"30d956c9b1bd75b8e58df9e0dc2eddf87d36b668","unresolved":true,"context_lines":[{"line_number":183,"context_line":"extendedKeyUsage\u003d clientAuth"},{"line_number":184,"context_line":"EOF"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"generate_certificates server ${cert_dir}/server.conf kubelet"},{"line_number":187,"context_line":"generate_certificates kubelet ${cert_dir}/kubelet.conf kubelet"},{"line_number":188,"context_line":"generate_certificates admin ${cert_dir}/admin.conf kubelet"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"# Generate service account key and private key"},{"line_number":191,"context_line":"echo -e \"${KUBE_SERVICE_ACCOUNT_KEY}\" \u003e ${cert_dir}/service_account.key"}],"source_content_type":"text/x-sh","patch_set":8,"id":"e6986e21_d95dd315","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":58},"in_reply_to":"89f2009c_031ccb56","updated":"2021-01-10 18:10:44.000000000","message":"I probably should not use \"kubelet\" for the ca_cert_type parameter since it\u0027s quite confusing.\n\nThe 3rd parameter is for ca_cert_type as you can see at line 85 and line 116. For \u0027kubelet\u0027 here, I actually mean the Kubernetes general CA. The three root CA options should be: Kubernetes general CA, etcd CA and front-proxy CA. Now I\u0027m using `etcd` and `front-proxy` in code as you can see as the enum value of ca_cert_tyep, maybe I show use `kubernetes` instead of using `kubelet` to avoid the confusion.\n\nDoes that address your comment?","commit_id":"154be478d982712ac894e90d23460bee0686559d"}]}