)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"68fc55b09ac649a92d67b298e79994ac0ae8a681","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Add a new project and repository for tripleo-ipa"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This commit creates a new project and repository for tripleo-ipa, which"},{"line_number":10,"context_line":"will contains ansible roles used to register and deregister OpenStack"},{"line_number":11,"context_line":"services from FreeIPA. This is useful for generating certificates and"},{"line_number":12,"context_line":"using them for TLS."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"1fa4df85_57a92e8d","line":10,"range":{"start_line":10,"start_character":5,"end_line":10,"end_character":13},"updated":"2020-03-10 14:21:34.000000000","message":"s/contains/contain/","commit_id":"696da46059bdbfd81225e6c11b07ccdf8a279877"}],"gerrit/acls/x/tripleo-ipa.config":[{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"021ba5a1da81aa430d8a0da06b91e07528338705","unresolved":false,"context_lines":[{"line_number":3,"context_line":"label-Code-Review \u003d -2..+2 group tripleo-ipa-core"},{"line_number":4,"context_line":"label-Workflow \u003d -1..+1 group tripleo-ipa-core"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"[access \"refs/heads/stable/*\"]"},{"line_number":7,"context_line":"abandon \u003d group stable-maint-core"},{"line_number":8,"context_line":"label-Code-Review \u003d -2..+2 group stable-maint-core"},{"line_number":9,"context_line":"label-Workflow \u003d -1..+1 group stable-maint-core"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"[receive]"},{"line_number":12,"context_line":"requireChangeId \u003d true"}],"source_content_type":"text/x-ini","patch_set":2,"id":"1fa4df85_fad09121","line":9,"range":{"start_line":6,"start_character":0,"end_line":9,"end_character":47},"updated":"2020-03-04 15:49:08.000000000","message":"This is not part of openstack, so remove this section. The stable team only takes care of openstack repos.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"67b7b9e72d3478bfcfc0b140b7d13e24a6a2d76f","unresolved":false,"context_lines":[{"line_number":3,"context_line":"label-Code-Review \u003d -2..+2 group tripleo-ipa-core"},{"line_number":4,"context_line":"label-Workflow \u003d -1..+1 group tripleo-ipa-core"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"[access \"refs/heads/stable/*\"]"},{"line_number":7,"context_line":"abandon \u003d group stable-maint-core"},{"line_number":8,"context_line":"label-Code-Review \u003d -2..+2 group stable-maint-core"},{"line_number":9,"context_line":"label-Workflow \u003d -1..+1 group stable-maint-core"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"[receive]"},{"line_number":12,"context_line":"requireChangeId \u003d true"}],"source_content_type":"text/x-ini","patch_set":2,"id":"1fa4df85_b4f50059","line":9,"range":{"start_line":6,"start_character":0,"end_line":9,"end_character":47},"in_reply_to":"1fa4df85_fad09121","updated":"2020-03-10 13:54:05.000000000","message":"Done","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"021ba5a1da81aa430d8a0da06b91e07528338705","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"[receive]"},{"line_number":12,"context_line":"requireChangeId \u003d true"},{"line_number":13,"context_line":"requireContributorAgreement \u003d true"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"[submit]"},{"line_number":16,"context_line":"mergeContent \u003d true"}],"source_content_type":"text/x-ini","patch_set":2,"id":"1fa4df85_1acecd81","line":13,"range":{"start_line":13,"start_character":0,"end_line":13,"end_character":34},"updated":"2020-03-04 15:49:08.000000000","message":"This is only needed for openstack namespace, you can remove it - your choice.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"67b7b9e72d3478bfcfc0b140b7d13e24a6a2d76f","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"[receive]"},{"line_number":12,"context_line":"requireChangeId \u003d true"},{"line_number":13,"context_line":"requireContributorAgreement \u003d true"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"[submit]"},{"line_number":16,"context_line":"mergeContent \u003d true"}],"source_content_type":"text/x-ini","patch_set":2,"id":"1fa4df85_54e84c7a","line":13,"range":{"start_line":13,"start_character":0,"end_line":13,"end_character":34},"in_reply_to":"1fa4df85_1acecd81","updated":"2020-03-10 13:54:05.000000000","message":"Done","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"}],"gerrit/projects.yaml":[{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"61d587602946f1a3a9bab2f5b47b8791e516b4ec","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_fae73111","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"updated":"2020-03-04 15:47:36.000000000","message":"Why tripleo? The whole point of us not wanting it in tripleo-ansible is that this is a generic thing. If anything this could/should be ansible-role-ipa","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"a6cedd30d6f9f9649efa6a70d55ef7eafd6f2ffe","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_ec677bb6","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_0c3d37c3","updated":"2020-03-04 20:32:17.000000000","message":"\u003e Maybe this is the point that was missed here.  The proposed code\n \u003e did call tripleo-ansible.  It is the main way that we interface\n \u003e with IPA.\n \u003e \n \u003e Basically, the proposed code has the following elements:\n \u003e \n \u003e 1. code to parse openstack specific data (server metadata)\n \u003e that is generated by tripleo to turn it into a set of\n \u003e services to be added to ipa.\n\nSince this is tripleo specific, tripleo-ansible works for this.  This seems like something that would be a filter/plugin to go from one format into another.\n\n \u003e 2. calls to ansible-freeipa to add those services.\n\nLikely should be tripleo-ansible or in THT\n\n \u003e 3. code  to search ipa for all the services associated with a\n \u003e given host, and then to delete them (for node scale down\n \u003e or for stack delete).\n\nThis seems like something that the ansible-freeipa would benefit from.\n\n \u003e 4. code to create a user and set up all the privileges needed\n \u003e to do the things opesnatck wants to do -- add hosts, add\n \u003e services, add dns entries.\n \u003e \n\nThis seems like it should also be in ansible-freeipa or rather calls from tripleo-ansible into ansible-freeipa\n\n \u003e There are parts which use python and ipa cli calls rather than\n \u003e ansible-freeipa.  We\u0027d rather not do that, but those are for places\n \u003e where ansible-freeipa is not yet robust enough to do what we need\n \u003e to do.  We\u0027re working with those folks to add the relevant features\n \u003e but that will take time.  Over time, many of those bits will\n \u003e simplify as the features get added.\n \u003e \n \u003e (1) and (2) above seem to be things that according to what you said\n \u003e above fit perfectly in tripleo-ipa.\n \u003e \n \u003e (3) is also needed - but will be significantly simplified once the\n \u003e relevant feature is added to ansible-freeipa\n \u003e \n \u003e (4) is something that we could potentially add to tripleo-operator\n \u003e as it is something that is supposed to be run to configure the ipa\n \u003e server to have the right perms etc. for openstack work.\n\ntripleo-operator-ansible is purely to wrap tripleocli related items. So unless you\u0027re planning on providing an openstackcli interface for them, that wouldn\u0027t make sense.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"6f6ffd1c329ed87c22e68befbf95639b2616ec8a","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_343e358b","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_196d72cb","updated":"2020-03-05 02:49:37.000000000","message":"Alex, based on the how our conversation was going, it really sounded like we were re-evaluating the choice to host this outside of tripleo-ansible, and instead would go with the originally proposed patches given that most of the code was tripleo specific.\n\nI commented on the original reviews to indicate which parts were tripleo specific and where ansible-freeipa was called.\nDo we still want to create a new separate repo?\n\nIf we do, then we will likely refactor this into several roles - setup, service-registration, service-deregistration or something similar, so it would not be a single role.\n\nWe\u0027ll take whatever approach you want us to do - just let us know.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":3153,"name":"Emilien Macchi","email":"emilien@redhat.com","username":"emilienm"},"change_message_id":"ed0fea8016e2b85ccc3f016c567a71a941aa483f","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_815c7bed","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_343e358b","updated":"2020-03-05 23:45:33.000000000","message":"After reading, I\u0027m fine naming it tripleo-ipa; if it has its own governance: you and the people who\u0027ll maintain it.\nIt\u0027s fair to say that tripleo-ansible has existing roles that don\u0027t do tripleo only things (dpdk, etc); but this isn\u0027t something we\u0027re willing to continue and I would rather have tripleo-ipa, maintained by security folks and integrated in tripleo by calling the roles from THT directly.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"acfcd57b2e1dba60bc57ee1ca234e0794ad86d50","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_5d599f32","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_3a8149fc","updated":"2020-03-04 16:24:41.000000000","message":"There is already an ansible-freeipa project (\"Ansible roles and modules for FreeIPA\"), which we will be using to interface with IPA.\n\ntripleo-ipa will contain roles to prepare the undercloud for interfacing with ipa and register/unregister TripleO services in IPA.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"d6c9a78b7889dbe099863e8a04b18f0198cf5ab6","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_ab664dc0","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_5d599f32","updated":"2020-03-04 17:48:38.000000000","message":"The role that calls ansible-freeipa can live in tripleo-ansible. The original issue was that the original proposed code did not consume ansible-freeipa and we didn\u0027t want *that* to live in tripleo-ansible. The integration code that is specific to tripleo that calls ansible-freeipa can live in THT or tripleo-ansible.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"22ebcb3b81f433f4e0f0e7fd0f5fef1fcb55deba","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_80524b3a","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_80348b94","updated":"2020-03-04 21:48:45.000000000","message":"My concern is that I don\u0027t want another tripleo-ipsec where we dump ansible bits that go unmaintained.  I\u0027m not convinced this is the correct solution but rather one for expediency rather than correctness.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"239486a6cb328d93dc1bf976de57e5bfaf542cc9","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_e374696a","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_80524b3a","updated":"2020-03-04 22:08:33.000000000","message":"tripleo-ipa is going to be central to the way we do TLS everywhere - for pre-provisioned nodes and those created using nova.  Its also the way that we will do brownfield.\n\nI expect that eventually most deploys will need to have tls everywhere for security requirements.  We have a strong vested interest in keeping this maintained and improving and simplifying it over time.\n\ntripleo-ipsec did not have any real CI and tests.  the proposed code has real molecule tests that exercise all the things and will be exercised in tls everywhere deploys (fs39) as well as a new standalone tls gate that rlandy is developing.\n\nThere is code that is needed to go from tripleo to ipa that does tripleo specific things.  We can put all of it in THT and call it from there -- which I think is unwieldy and harder to maintain - or we can encapsulate much of it here.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4a919f3b6fd9c45abc432648992639e5bb3c74e6","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_3a8149fc","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_9ac2bd58","updated":"2020-03-04 15:51:09.000000000","message":"I\u0027ll let Ade weigh in here.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"46758d6d219348363d6fbac5baa9b526b9969342","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_0c3d37c3","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_ab664dc0","updated":"2020-03-04 20:14:10.000000000","message":"Maybe this is the point that was missed here.  The proposed code did call tripleo-ansible.  It is the main way that we interface with IPA.\n\nBasically, the proposed code has the following elements:\n\n1. code to parse openstack specific data (server metadata)\n   that is generated by tripleo to turn it into a set of \n   services to be added to ipa.\n2. calls to ansible-freeipa to add those services.\n3. code  to search ipa for all the services associated with a\n   given host, and then to delete them (for node scale down \n   or for stack delete).\n4. code to create a user and set up all the privileges needed\n   to do the things opesnatck wants to do -- add hosts, add \n   services, add dns entries.\n\nThere are parts which use python and ipa cli calls rather than ansible-freeipa.  We\u0027d rather not do that, but those are for places where ansible-freeipa is not yet robust enough to do what we need to do.  We\u0027re working with those folks to add the relevant features but that will take time.  Over time, many of those bits will simplify as the features get added.\n\n(1) and (2) above seem to be things that according to what you said above fit perfectly in tripleo-ipa.\n\n(3) is also needed - but will be significantly simplified once the relevant feature is added to ansible-freeipa\n\n(4) is something that we could potentially add to tripleo-operator as it is something that is supposed to be run to configure the ipa server to have the right perms etc. for openstack work.","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"42c65b77d9487bf107e406013208e0063b26f8ad","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_196d72cb","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_e374696a","updated":"2020-03-05 00:42:21.000000000","message":"Is this going to be a role repository? If so can we rename it to ansible-role-tripleo-ipa instead?","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b890bbfc51cf143c35afb6ec35586c31e4921f34","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_80348b94","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_ec677bb6","updated":"2020-03-04 21:26:01.000000000","message":"Right now, 1 is implemented using a python script.  We can look into creating some kind of filter/ plugin instead.\n\n3 is definitely something that would be useful in ansible-freeipa, and we\u0027ll work to get it there.  Right now, we implement that in python because ipa has a good python api.  We can simplify this considerably when the feature merges in freeipa-ansible\n\n4 feels very tripleo specific to me in the sense that you are creating a user with the exact permissions to do the things that tripleo is goin g to need to do.  You don\u0027t have carte blanche admin access.  We currently implement this with a mixture of calls to ansible-freeipa to do the things we can, and cli calls to do the things we cannot.  Again - we\u0027re working to add the missing things to ansible-freeipa","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"},{"author":{"_account_id":3153,"name":"Emilien Macchi","email":"emilien@redhat.com","username":"emilienm"},"change_message_id":"fdb30b78446a057bc2f50592e171be7c9db5f0e4","unresolved":false,"context_lines":[{"line_number":7778,"context_line":"- project: x/trio2o"},{"line_number":7779,"context_line":"  description: Trio2o is to provide APIs gateway for multiple OpenStack clouds to"},{"line_number":7780,"context_line":"    act as a single OpenStack cloud."},{"line_number":7781,"context_line":"- project: x/tripleo-ipa"},{"line_number":7782,"context_line":"  description: Ansible roles to register and deregister services with FreeIPA."},{"line_number":7783,"context_line":"- project: x/trove-image-builder"},{"line_number":7784,"context_line":"  description: RETIRED, Tools to build guest images for Trove."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1fa4df85_9ac2bd58","line":7781,"range":{"start_line":7781,"start_character":13,"end_line":7781,"end_character":20},"in_reply_to":"1fa4df85_fae73111","updated":"2020-03-04 15:48:34.000000000","message":"+1 with Alex","commit_id":"79676c472868f7032b57f3009719cf50f4b4707f"}]}