)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"f60ae20daf7892c92abf4db75e85eaeb2fee3019","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"45bc449d_a0bbf306","updated":"2022-01-26 12:39:52.000000000","message":"recheck","commit_id":"35746ffe6f36b4d49e260f54e135b31bbde02a80"}],"roles/ssh_keypairs/defaults/main.yml":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"2f903e499c840def1b9e9910df649f67bd6c792b","unresolved":true,"context_lines":[{"line_number":56,"context_line":"#   # to a specified location"},{"line_number":57,"context_line":"#   - cert: \"My-Signed-Key\""},{"line_number":58,"context_line":"#     dest: \"/home/foo/.ssh/id_rsa\""},{"line_number":59,"context_line":"#   # Install a regular ssh private key"},{"line_number":60,"context_line":"#   - src: \"{{ ssh_keypairs_dir }}/Regular-SSH-Key\""},{"line_number":61,"context_line":"#     dest: \"/home/bar/.ssh/id_rsa\""},{"line_number":62,"context_line":"#     mode: \"0600\""},{"line_number":63,"context_line":"#   # Install a regular ssh public key"},{"line_number":64,"context_line":"#   - src: \"{{ ssh_keypairs_dir }}/Regular-SSH-Key.pub\""},{"line_number":65,"context_line":"#     dest: \"/home/bar/.ssh/id_rsa.pub\""},{"line_number":66,"context_line":"#"},{"line_number":67,"context_line":"ssh_keypairs_install_keys: []"},{"line_number":68,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":12,"id":"6301b505_bd8af50f","line":65,"range":{"start_line":59,"start_character":0,"end_line":65,"end_character":39},"updated":"2022-01-31 10:29:05.000000000","message":"should this be more automated (like the \u0027cert:\u0027 case?) to install both the public and private keys? there could be another dict key like \u0027keypair:\u0027 to do both of them with just one entry in the list.....","commit_id":"17e59e0592c7a70b5ac9a44ec7575f15a4fb429f"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"da7d419b9ce19e675f8ca1de2516d766b7b0d520","unresolved":false,"context_lines":[{"line_number":56,"context_line":"#   # to a specified location"},{"line_number":57,"context_line":"#   - cert: \"My-Signed-Key\""},{"line_number":58,"context_line":"#     dest: \"/home/foo/.ssh/id_rsa\""},{"line_number":59,"context_line":"#   # Install a regular ssh private key"},{"line_number":60,"context_line":"#   - src: \"{{ ssh_keypairs_dir }}/Regular-SSH-Key\""},{"line_number":61,"context_line":"#     dest: \"/home/bar/.ssh/id_rsa\""},{"line_number":62,"context_line":"#     mode: \"0600\""},{"line_number":63,"context_line":"#   # Install a regular ssh public key"},{"line_number":64,"context_line":"#   - src: \"{{ ssh_keypairs_dir }}/Regular-SSH-Key.pub\""},{"line_number":65,"context_line":"#     dest: \"/home/bar/.ssh/id_rsa.pub\""},{"line_number":66,"context_line":"#"},{"line_number":67,"context_line":"ssh_keypairs_install_keys: []"},{"line_number":68,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":12,"id":"dad41b71_fb3dd134","line":65,"range":{"start_line":59,"start_character":0,"end_line":65,"end_character":39},"in_reply_to":"6301b505_bd8af50f","updated":"2022-02-09 23:02:05.000000000","message":"Done","commit_id":"17e59e0592c7a70b5ac9a44ec7575f15a4fb429f"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"70b7b34aab8c4cde7d88c295047f92ee17c6aca9","unresolved":true,"context_lines":[{"line_number":14,"context_line":"# limitations under the License."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"# host where the generated keypairs are kept"},{"line_number":17,"context_line":"ssh_keypairs_setup_host: localhost"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"# Python interpreter that will be used during keypair generation"},{"line_number":20,"context_line":"ssh_keypairs_setup_host_python_interpreter: \"{{ (ssh_keypairs_setup_host \u003d\u003d \u0027localhost\u0027) | ternary(ansible_playbook_python, ansible_facts[\u0027python\u0027][\u0027executable\u0027]) }}\""}],"source_content_type":"text/x-yaml","patch_set":15,"id":"229fbea9_515b8546","line":17,"range":{"start_line":17,"start_character":25,"end_line":17,"end_character":34},"updated":"2022-02-11 16:34:03.000000000","message":"should it be openstack_ssh_keypairs_setup_host with localhost as default?\nOr all other roles should pass it explicitly then, as now I see it can diverge from hosts in https://review.opendev.org/c/openstack/openstack-ansible/+/825292/6/playbooks/certificate-ssh-authority.yml#16\n\n\nLikely each role reporting it would be more correct though","commit_id":"62179473d46b49788a0076b8cfeabca2249ea9fa"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"efa0ac07d5718d547e87926fd9fc2f822a4bcfb6","unresolved":false,"context_lines":[{"line_number":14,"context_line":"# limitations under the License."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"# host where the generated keypairs are kept"},{"line_number":17,"context_line":"ssh_keypairs_setup_host: localhost"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"# Python interpreter that will be used during keypair generation"},{"line_number":20,"context_line":"ssh_keypairs_setup_host_python_interpreter: \"{{ (ssh_keypairs_setup_host \u003d\u003d \u0027localhost\u0027) | ternary(ansible_playbook_python, ansible_facts[\u0027python\u0027][\u0027executable\u0027]) }}\""}],"source_content_type":"text/x-yaml","patch_set":15,"id":"7f589a24_6b1869e2","line":17,"range":{"start_line":17,"start_character":25,"end_line":17,"end_character":34},"in_reply_to":"229fbea9_515b8546","updated":"2022-02-11 17:53:36.000000000","message":"I\u0027ve changed the OSA roles to override this to \"{{ openstack_ssh_keypairs_setup_host }}\" and the defined that to be localhost in the integrated repo","commit_id":"62179473d46b49788a0076b8cfeabca2249ea9fa"}],"roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml":[{"author":{"_account_id":31542,"name":"Andrew Bonney","email":"andrew.bonney@bbc.co.uk","username":"andrewbonney"},"change_message_id":"19c997584f3486af02d679f5ad751b107ea5ca70","unresolved":true,"context_lines":[{"line_number":85,"context_line":"  file:"},{"line_number":86,"context_line":"    path: \"{{ \u0027/etc/ssh/\u0027 ~ item.user ~ \u0027_principals\u0027 }}\""},{"line_number":87,"context_line":"    state: absent"},{"line_number":88,"context_line":"  with_items: \"{{ _ssh_ca_slurp.results }}\""},{"line_number":89,"context_line":"  when:"},{"line_number":90,"context_line":"      - item.item.state is defined"},{"line_number":91,"context_line":"      - item.item.state \u003d\u003d \u0027absent\u0027"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"0a9be179_3980d940","line":88,"updated":"2022-01-27 13:32:26.000000000","message":"Should this be looping over ssh_keypairs_principals?","commit_id":"9de3614081bcd0ecb72de4439d09fd04fb917ef5"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"e8452364b017056dd538c568c3cbb6738555a53d","unresolved":false,"context_lines":[{"line_number":85,"context_line":"  file:"},{"line_number":86,"context_line":"    path: \"{{ \u0027/etc/ssh/\u0027 ~ item.user ~ \u0027_principals\u0027 }}\""},{"line_number":87,"context_line":"    state: absent"},{"line_number":88,"context_line":"  with_items: \"{{ _ssh_ca_slurp.results }}\""},{"line_number":89,"context_line":"  when:"},{"line_number":90,"context_line":"      - item.item.state is defined"},{"line_number":91,"context_line":"      - item.item.state \u003d\u003d \u0027absent\u0027"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"f3986986_b9394c8b","line":88,"in_reply_to":"0a9be179_3980d940","updated":"2022-01-27 15:45:51.000000000","message":"Done","commit_id":"9de3614081bcd0ecb72de4439d09fd04fb917ef5"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"70b7b34aab8c4cde7d88c295047f92ee17c6aca9","unresolved":true,"context_lines":[{"line_number":49,"context_line":"  notify:"},{"line_number":50,"context_line":"    - Regenerate trusted_ca file"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"- name: Ensure sshd config fragment directory exists"},{"line_number":53,"context_line":"  file:"},{"line_number":54,"context_line":"    path: \"/etc/ssh/sshd_config.d\""},{"line_number":55,"context_line":"    state: directory"},{"line_number":56,"context_line":"    mode: \"0700\""},{"line_number":57,"context_line":"  when: (ansible_facts[\u0027distribution\u0027] \u003d\u003d \u0027CentOS\u0027 and ansible_facts[\u0027distribution_version\u0027] \u003d\u003d \u00278\u0027)"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"# NOTE (jrosser) Centos-8 sshd is too old to support the \u0027Include\u0027 directive"},{"line_number":60,"context_line":"#                This task will need keeping in sync with ssh_ca_config.j2"},{"line_number":61,"context_line":"- name: Ensure sshd config fragments are read on Centos-8"},{"line_number":62,"context_line":"  lineinfile:"},{"line_number":63,"context_line":"    path: \"/etc/ssh/sshd_config\""},{"line_number":64,"context_line":"    line: \"{{ item }}\""},{"line_number":65,"context_line":"  with_items:"},{"line_number":66,"context_line":"    - \"TrustedUserCAKeys {{ ssh_keypairs_trusted_ca_file }}\""},{"line_number":67,"context_line":"    - \"AuthorizedPrincipalsFile {{ ssh_keypairs_authorized_principals_file }}\""},{"line_number":68,"context_line":"  when: (ansible_facts[\u0027distribution\u0027] \u003d\u003d \u0027CentOS\u0027 and ansible_facts[\u0027distribution_version\u0027] \u003d\u003d \u00278\u0027)"},{"line_number":69,"context_line":"  notify:"},{"line_number":70,"context_line":"    - Reload sshd"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"- name: Write sshd trusted authorities config fragement"},{"line_number":73,"context_line":"  template:"},{"line_number":74,"context_line":"    src: ssh_ca_config.j2"},{"line_number":75,"context_line":"    dest: \"/etc/ssh/sshd_config.d/{{ ssh_keypairs_trusted_ca_config_file }}\""},{"line_number":76,"context_line":"  notify:"},{"line_number":77,"context_line":"    - Reload sshd"},{"line_number":78,"context_line":"  when: not (ansible_facts[\u0027distribution\u0027] \u003d\u003d \u0027CentOS\u0027 and ansible_facts[\u0027distribution_version\u0027] \u003d\u003d \u00278\u0027)"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"- name: Ensure authorized principals directory is present"},{"line_number":81,"context_line":"  file:"}],"source_content_type":"text/x-yaml","patch_set":15,"id":"d55aac75_580fce0d","line":78,"range":{"start_line":52,"start_character":0,"end_line":78,"end_character":104},"updated":"2022-02-11 16:34:03.000000000","message":"likely worth to putting under block but non-critical","commit_id":"62179473d46b49788a0076b8cfeabca2249ea9fa"}],"roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml":[{"author":{"_account_id":31542,"name":"Andrew Bonney","email":"andrew.bonney@bbc.co.uk","username":"andrewbonney"},"change_message_id":"1591634ec5bffb869697a3b4fa84893b16f2d562","unresolved":true,"context_lines":[{"line_number":19,"context_line":"  slurp:"},{"line_number":20,"context_line":"    src: \"{{ item.src | default(ssh_keypairs_dir ~ item.name | default(\u0027\u0027)) }}\""},{"line_number":21,"context_line":"  register: _ssh_key_slurp"},{"line_number":22,"context_line":"  run_once: true"},{"line_number":23,"context_line":"  when:"},{"line_number":24,"context_line":"    - (item.condition is defined and item.condition | bool) or (item.condition is not defined)"},{"line_number":25,"context_line":"  loop: \"{{ _ssh_keypairs_install_keys_expanded }}\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"e3a0cd50_697f8657","line":22,"updated":"2022-01-28 13:20:38.000000000","message":"I think run_once needs removing, otherwise in cases like nova where each host only looks up keys for its hostname, the same key gets copied to every host.","commit_id":"ec8e320474ee402a4b10d25128c9364e98e438d0"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"2f903e499c840def1b9e9910df649f67bd6c792b","unresolved":false,"context_lines":[{"line_number":19,"context_line":"  slurp:"},{"line_number":20,"context_line":"    src: \"{{ item.src | default(ssh_keypairs_dir ~ item.name | default(\u0027\u0027)) }}\""},{"line_number":21,"context_line":"  register: _ssh_key_slurp"},{"line_number":22,"context_line":"  run_once: true"},{"line_number":23,"context_line":"  when:"},{"line_number":24,"context_line":"    - (item.condition is defined and item.condition | bool) or (item.condition is not defined)"},{"line_number":25,"context_line":"  loop: \"{{ _ssh_keypairs_install_keys_expanded }}\""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"6cbb7e27_5ad6272e","line":22,"in_reply_to":"e3a0cd50_697f8657","updated":"2022-01-31 10:29:05.000000000","message":"Done","commit_id":"ec8e320474ee402a4b10d25128c9364e98e438d0"}],"roles/ssh_keypairs/templates/ssh_ca.j2":[{"author":{"_account_id":31542,"name":"Andrew Bonney","email":"andrew.bonney@bbc.co.uk","username":"andrewbonney"},"change_message_id":"fcf2a5981fa917627209ba6919b7942d65662b8c","unresolved":true,"context_lines":[{"line_number":1,"context_line":"{% if item.descritpion is defined %}"},{"line_number":2,"context_line":"# {{ item.name }}"},{"line_number":3,"context_line":"{% endif %}"},{"line_number":4,"context_line":"{{ item.content | b64decode }}"}],"source_content_type":"text/x-jinja2","patch_set":6,"id":"38482677_65121c19","line":1,"updated":"2022-01-27 09:56:38.000000000","message":"Typo in description","commit_id":"35746ffe6f36b4d49e260f54e135b31bbde02a80"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"14c5728d5cf0e8f40c9d03f50ac97ad8770da38e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{% if item.descritpion is defined %}"},{"line_number":2,"context_line":"# {{ item.name }}"},{"line_number":3,"context_line":"{% endif %}"},{"line_number":4,"context_line":"{{ item.content | b64decode }}"}],"source_content_type":"text/x-jinja2","patch_set":6,"id":"d8e965d1_d10a1eae","line":1,"in_reply_to":"38482677_65121c19","updated":"2022-01-27 09:58:43.000000000","message":"Done","commit_id":"35746ffe6f36b4d49e260f54e135b31bbde02a80"}]}