| opendevreview | Merged openstack/openstack-ansible-os_tempest master: setup.cfg: Replace dashes with underscores https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/960907 | 11:56 |
|---|---|---|
| admin1 | noonedeadpunk jrosser damiandabrowski .. you guy will be in the paris summit ? | 12:27 |
| damiandabrowski | me and noonedeadpunk will be there ;) | 12:28 |
| admin1 | will meet you guys again then .. | 12:50 |
| damiandabrowski | cool! | 13:06 |
| noonedeadpunk | sweeeeet | 13:12 |
| noonedeadpunk | long time no see as well :) | 13:12 |
| noonedeadpunk | damiandabrowski: I've just realized we don't have any way to set a lifetime for standalone certs atm? | 13:16 |
| * noonedeadpunk looking at https://review.opendev.org/c/openstack/ansible-role-pki/+/948880 | 13:17 | |
| noonedeadpunk | probably not smth to fix in it. but just surprised in general | 13:17 |
| damiandabrowski | hmmm no, I think it's not possible. But on the other hand I've never seen any certificate that is valid forever :D | 13:20 |
| jrosser | it will default to this i think? https://docs.ansible.com/ansible/latest/collections/community/crypto/x509_certificate_module.html#parameter-ownca_not_after | 13:28 |
| damiandabrowski | ouh, I just realized I misunderstood you. I thought you're aiming to create a certificate that is valid indefinitely :D | 13:32 |
| noonedeadpunk | nah, that we don't pass anything to control that | 13:33 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Use ttl instead of not_after in pki_authorities https://review.opendev.org/c/openstack/ansible-role-pki/+/948880 | 13:33 |
| noonedeadpunk | damiandabrowski: jrosser I've updated this one ^ according to our discussion last week | 13:33 |
| noonedeadpunk | and yes, using startswith is the easiest and most reliable thing :D | 13:34 |
| noonedeadpunk | I think it's WAY more readable now | 13:35 |
| damiandabrowski | ah yes, I think for standalone backends it's not possible to define certs lifetime ATM | 13:36 |
| jrosser | that should be an easy fix | 13:36 |
| damiandabrowski | yeah, right | 13:38 |
| noonedeadpunk | it is annoying | 13:40 |
| damiandabrowski | noonedeadpunk: thanks, indeed it's more readable now | 13:43 |
| opendevreview | Merged openstack/openstack-ansible-openstack_hosts master: Switch OpenStack codename for 2025.2 https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/962600 | 13:44 |
| noonedeadpunk | sorry for chiming in, but felt it might be faster this way | 13:44 |
| damiandabrowski | haha, no worries :D | 13:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Allow to supply ttl for ownca certificates https://review.opendev.org/c/openstack/ansible-role-pki/+/963180 | 13:48 |
| noonedeadpunk | I wonder if we should allow/or define some deployment/wide defaults for this ^ | 13:48 |
| noonedeadpunk | given that patches for all repos are prepared anyway... | 13:49 |
| damiandabrowski | makes sense IMO | 13:51 |
| jrosser | speaking of similar | 13:55 |
| jrosser | ca.vault_path | 13:55 |
| jrosser | i really don't like this as it is | 13:55 |
| jrosser | this should have a vault specific default value in the pki role | 13:56 |
| jrosser | with then an *optional* override per CA rather than making it mandatory to put vault specific vars in the input data | 13:58 |
| jrosser | also vault_root_ca_path is exactly the same as signed_by so both (all) backends should use signed_by as it's obvious by name what it does | 13:59 |
| jrosser | the data we feed into the role should work for either standalone or vault backends without any changes or backend specific things (assuming that sensible defaults apply for all backends) | 13:59 |
| jrosser | imho we leak too much of the internal implementation of vault out into the input data currently | 14:00 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Freeze roles for Flamingo Beta release https://review.opendev.org/c/openstack/openstack-ansible/+/963189 | 14:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix role freeze functionality https://review.opendev.org/c/openstack/openstack-ansible/+/963190 | 14:12 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Freeze roles for Flamingo Beta release https://review.opendev.org/c/openstack/openstack-ansible/+/963189 | 14:13 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump global requirements https://review.opendev.org/c/openstack/openstack-ansible/+/951288 | 14:19 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Use unique register variables for service_setup https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/962252 | 15:01 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Ensure default for glusterfs_package_repo_keys exists https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/962263 | 15:01 |
| opendevreview | Merged openstack/openstack-ansible master: Add RockyLinux 10 to CI testing https://review.opendev.org/c/openstack/openstack-ansible/+/955150 | 15:03 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Do not used duplicated keys in examples https://review.opendev.org/c/openstack/openstack-ansible/+/961074 | 15:03 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2025.1: Add RockyLinux 10 to CI testing https://review.opendev.org/c/openstack/openstack-ansible/+/963196 | 15:05 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone stable/2024.2: Fix package name for mod_auth_openidc https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/961087 | 15:05 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Allow to supply ttl for ownca certificates https://review.opendev.org/c/openstack/ansible-role-pki/+/963180 | 15:14 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2025.1: Add RockyLinux 10 to CI testing https://review.opendev.org/c/openstack/openstack-ansible/+/963196 | 15:18 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Allow to supply ttl for ownca certificates https://review.opendev.org/c/openstack/ansible-role-pki/+/963180 | 15:37 |
| opendevreview | Damian DÄ…browski proposed openstack/ansible-role-pki master: Add hashi_vault backend https://review.opendev.org/c/openstack/ansible-role-pki/+/948881 | 15:40 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1 https://review.opendev.org/c/openstack/openstack-ansible/+/962506 | 15:48 |
| opendevreview | Merged openstack/openstack-ansible master: Switch services to track 2025.2 https://review.opendev.org/c/openstack/openstack-ansible/+/962336 | 16:04 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Add documentation around EL 10 support https://review.opendev.org/c/openstack/openstack-ansible/+/956856 | 16:04 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Adopt playbooks for ANSIBLE_GATHER_SUBSET removal https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/963204 | 16:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove deprecated ANSIBLE_GATHER_SUBSET https://review.opendev.org/c/openstack/openstack-ansible/+/963206 | 16:41 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Revert "Do not disable configure_mirrors extra repos for debian" https://review.opendev.org/c/openstack/openstack-ansible/+/963207 | 16:44 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1 https://review.opendev.org/c/openstack/openstack-ansible/+/962506 | 16:54 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2025.1: [doc] Add documentation around EL 10 support https://review.opendev.org/c/openstack/openstack-ansible/+/963212 | 17:03 |
| *** starkis is now known as Guest28514 | 18:47 | |
| opendevreview | Dmitriy Chubinidze proposed openstack/openstack-ansible master: docs: updated information in the troubleshooting guide https://review.opendev.org/c/openstack/openstack-ansible/+/959965 | 20:39 |
| opendevreview | Dmitriy Chubinidze proposed openstack/openstack-ansible master: docs: updated information in the troubleshooting guide https://review.opendev.org/c/openstack/openstack-ansible/+/959965 | 20:54 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Pass pki_authorities var when installing CA certs https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/948884 | 20:56 |
| opendevreview | Merged openstack/ansible-role-pki master: Use ttl instead of not_after in pki_authorities https://review.opendev.org/c/openstack/ansible-role-pki/+/948880 | 22:30 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-os_tempest master: Tenant replaced to Project in tasks name https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/962540 | 23:20 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Restart systemd-udev on link changes https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/954876 | 23:49 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!