Friday, 2024-10-11

« Thursday, 2024-10-10 Index Sunday, 2024-10-13 »
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Ensure that the inventory tox job runs on an ubuntu-jammy node  https://review.opendev.org/c/openstack/openstack-ansible/+/93208007:12
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Bump SHAs for 2023.1  https://review.opendev.org/c/openstack/openstack-ansible/+/93174207:12
sykebenXCan anyone help me or point me to documentation on the proper procedure to rotate ca certs using openstack-ansible?13:31
noonedeadpunkso we have bunch of regen variables in a role13:32
noonedeadpunkabout CA specifically - I think it should be this one: https://opendev.org/openstack/ansible-role-pki/src/branch/master/defaults/main.yml#L72-L7313:32
noonedeadpunkBut, regenerating RootCA is gonna be quite painful 13:32
noonedeadpunkthough, you can define an alternative name there, and it will just generate a new alternative, and use it for new certs13:33
noonedeadpunkwhich is what usually needed13:33
sykebenXHmm I see - yeah the reason I am asking is because I accidentally misplaced my openstack_inventory.json file and ran setup-hosts which screwed up a bunch of the certs. I was able to get the old one again so that I could fix it temporarily, but looking to move from the old cert now to the new one on backend services.13:34
noonedeadpunkthen, we were trying to use a `- pki` in service roles13:34
noonedeadpunkoh, so if it's all about certs, rather then CA - then it's easier13:35
noonedeadpunkpretty much you can run `openstack-ansible galera-install.yml -e pki_regen_cert=true`13:38
noonedeadpunkor smth - depending what's missing13:38
noonedeadpunk`--tags pki` is present somewhere, but not for galera, for instance (probably worth fixing that)13:38
sykebenXAhh and then I just do that for each service that we're running then?13:40
noonedeadpunkyeah, kind of13:40
noonedeadpunkas PKI installation is part of the service role13:40
noonedeadpunk(as well as generation)13:40
sykebenXahh that makes sense13:41
noonedeadpunkjut be careful with Nova13:41
noonedeadpunkas regenerating CA (not certs) may result in issues with VNC console13:42
sykebenXI will keep that in mind. Thanks so much for your help :)13:45
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [WIP] Add autocomplete script for playbooks  https://review.opendev.org/c/openstack/openstack-ansible/+/93222017:16
noonedeadpunkthis is very early stage and needs more work ^17:16
noonedeadpunkJust pushed not to loose it :D17:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [WIP] Add autocomplete script for playbooks  https://review.opendev.org/c/openstack/openstack-ansible/+/93222017:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add autocomplete script for playbooks  https://review.opendev.org/c/openstack/openstack-ansible/+/93222019:10
noonedeadpunkNeilHanlon: do you have any idea of why I don't have bash completition by default after placing the file under /etc/bash_completion.d/ (or even /usr/share/bash-completion/completions/)? Isn't it smth that should work "by default"?19:16
noonedeadpunkas when I source file explicitly - it works19:16
noonedeadpunk(and it works on Ubuntu)19:16
noonedeadpunkjust owndering if this is not intended to work unless user will edit their bashrc, or I'm having some very limited image here...19:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add autocomplete script for playbooks  https://review.opendev.org/c/openstack/openstack-ansible/+/93222019:48
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add autocomplete script for playbooks  https://review.opendev.org/c/openstack/openstack-ansible/+/93222019:50
« Thursday, 2024-10-10 Index Sunday, 2024-10-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!