Friday, 2025-07-18

« Thursday, 2025-07-17 Index Saturday, 2025-07-19 »
opendevreviewMerged openstack/ansible-role-systemd_mount master: Allow to avoid mount names escaping  https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/95188900:20
opendevreviewMerged openstack/openstack-ansible-openstack_openrc master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-openstack_openrc/+/95473506:02
opendevreviewMerged openstack/openstack-ansible-os_masakari master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/95486606:03
opendevreviewMerged openstack/openstack-ansible-plugins master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/95474006:05
opendevreviewMerged openstack/openstack-ansible-memcached_server master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-memcached_server/+/95472906:05
opendevreviewMerged openstack/openstack-ansible-lxc_container_create master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/95473106:07
opendevreviewMerged openstack/openstack-ansible-repo_server master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/95473706:07
opendevreviewIvan Anfimov proposed openstack/openstack-ansible-os_neutron master: wip  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/95534408:04
opendevreviewIvan Anfimov proposed openstack/openstack-ansible-os_neutron master: wip  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/95534408:08
opendevreviewTakashi Kajinami proposed openstack/openstack-ansible-os_ceilometer master: Drop zake  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/95535109:30
opendevreviewTakashi Kajinami proposed openstack/openstack-ansible-os_ceilometer master: Drop removed options  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/95535209:35
opendevreviewTakashi Kajinami proposed openstack/openstack-ansible-os_aodh master: Drop unused [api] port  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/95535309:39
opendevreviewMerged openstack/ansible-hardening master: Replaced usage outdate egrep to grep  https://review.opendev.org/c/openstack/ansible-hardening/+/95524209:45
opendevreviewMerged openstack/ansible-hardening master: Use doc8 for documentation generation  https://review.opendev.org/c/openstack/ansible-hardening/+/71028409:45
opendevreviewDmitriy Chubinidze proposed openstack/openstack-ansible-lxc_hosts master: Add nano and wget to the default package set for LXC hosts.  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/95536612:19
opendevreviewDmitriy Chubinidze proposed openstack/openstack-ansible-lxc_hosts master: Add nano and wget to the default package set for LXC hosts.  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/95536612:26
gillesMoHello ! On the upgrade docs https://docs.openstack.org/openstack-ansible/2025.1/admin/upgrades/major-upgrades.html we still can see the 31.0.0.0rc1 Git Tag. We are ready to upgrade from 2023.1 to 2024.1, and then I want to go to 2025.1, but is OSA production ready for Epoxy ?13:06
jrossernoonedeadpunk: damiandabrowski i only really just realised that the hashi vault PKI backend is keeping the private key in vault rather than signing a CSR, is that what we want?13:06
jrosserit was probably a mistake to make the standalone backend not do that initially13:07
damiandabrowskihmm, are you sure about that? I'm not an expert in this area, but from what I see, only private key to the intermediate CA is stored in vault13:10
damiandabrowskibut it's needed to sign service certs13:10
damiandabrowskibut private key for service certs shouldn't be stored in vault13:10
damiandabrowskii just send you PM with credentials to openbao on my AIO test VM if you want to have a look what is actually stored there13:12
jrosserhttps://developer.hashicorp.com/vault/api-docs/secret/pki#sample-response-213:12
damiandabrowskiyeah, you receive private key in API response, but it's not stored in Vault13:16
jrosserthat does not make much sense13:20
jrosserisnt that the difference between the /issue/ and /sign/ api endpoints in vault13:21
damiandabrowskithe difference is: with issue you don't have to generate CSR and key on your own, you can just pass for example CN of your cert to the vault.13:26
damiandabrowskiall other parameters, like extended key usage, TTL etc. are controlled by the Vault's role.13:27
opendevreviewDamian DÄ…browski proposed openstack/ansible-role-pki master: Add hashi_vault backend  https://review.opendev.org/c/openstack/ansible-role-pki/+/94888114:38
damiandabrowskijrosser: noonedeadpunk I think we're ready for another round of reviews https://review.opendev.org/q/topic:%22osa_hashi_vault%2215:04
damiandabrowskiif we agree on variables defined in service roles, I can start patching service roles15:05
damiandabrowskicurrently, only neutron is aligned with the most recent concept of using type and name for *_install_certificates15:07
damiandabrowskihttps://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/94942015:07
jrosseri left some comments15:22
damiandabrowskithanks15:29
opendevreviewMerged openstack/ansible-role-systemd_mount master: Allow to define only overrides for mounts  https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/95189118:12
-opendevstatus- NOTICE: The Gerrit service on review.opendev.org will be offline briefly for a configuration and version update, but should return to service momentarily20:05
« Thursday, 2025-07-17 Index Saturday, 2025-07-19 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!