)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"ee0e012138511174647eed1f86b52436edd2d3f7","unresolved":true,"context_lines":[{"line_number":11,"context_line":"configured to use TCP mode and the certificate is provided by the"},{"line_number":12,"context_line":"backend service."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Without this the connection would be SSL encrypted twice."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Change-Id: Id5b100c29ec498ffe4d8a146da533451f9cf4267"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"af154384_7d629efb","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":57},"updated":"2024-09-18 13:50:47.000000000","message":"Frankly - I\u0027m not sure that\u0027s the case here.\nAs ultimately, if you\u0027re having `haproxy_balance_type` - then the connection should not be TLS-terminated on HAProxy side, if I am not mixing things up.\nWhich means that connection should not be encrypted twice.\n\nbut then looking at logic at https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/templates/service.j2#L56 I wonder if we actually should adjust it to not add SSL when `mode tcp`.\n\nAs that probably would make slightly more sense? WDYT?","commit_id":"15503c32707ee1db09f14e4ff2a31603c6caf65a"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"fbe5ffbe83b015dc003e19dd9bc1c1f5fbe48195","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"e85c9c8b_e6f873d1","updated":"2024-11-10 15:32:25.000000000","message":"I think this patch should be at least partially covering your concern:\nhttps://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/934551","commit_id":"15503c32707ee1db09f14e4ff2a31603c6caf65a"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"6c9037432bcfe32cb24f06bfc1bf18ad6ac7995f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"66a730a9_5ac871c4","updated":"2024-09-24 17:13:28.000000000","message":"We have discussed the patch during our weekly meeting, and it seems way broader scope to the issue then this patch is covering.\nAs on top of what this patch is covering - behavior of Nova code is also sub-ideal.\nWhile we moved all certificates distribution to our PKI role, the certificate for nova-novncproxy is not managed this way.","commit_id":"15503c32707ee1db09f14e4ff2a31603c6caf65a"},{"author":{"_account_id":11290,"name":"Gaudenz Steinlin","email":"gaudenz.steinlin@cloudscale.ch","username":"gaudenz"},"change_message_id":"aebd1d2c93aee2238b23487eff526ad1a1aca9b7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d299eaa0_b7a4dcb8","in_reply_to":"e85c9c8b_e6f873d1","updated":"2024-11-11 17:34:24.000000000","message":"Yes this looks like a more generic solution to the problem. I\u0027m abandoning this change.","commit_id":"15503c32707ee1db09f14e4ff2a31603c6caf65a"}]}
