| opendevreview | Roman Krček proposed openstack/kolla-ansible master: Refactor services' check-containers and optimise https://review.opendev.org/c/openstack/kolla-ansible/+/773243 | 06:58 |
|---|---|---|
| opendevreview | Ivan Halomi proposed openstack/kolla-ansible master: Refactor of docker worker https://review.opendev.org/c/openstack/kolla-ansible/+/908295 | 07:00 |
| *** SvenKieske|OSISM|PTOuntil2024- is now known as SvenKieske|OSISM[m] | 07:03 | |
| opendevreview | Roman Krček proposed openstack/kolla-ansible master: Fix unintentional trigger of ansible handlers https://review.opendev.org/c/openstack/kolla-ansible/+/924145 | 07:09 |
| opendevreview | Sven Kieske proposed openstack/kolla stable/2024.1: Trivial fix letsencrypt base image https://review.opendev.org/c/openstack/kolla/+/925080 | 07:50 |
| matusjenca | Good morning. Can someone please review my ProxySQL tls patch https://review.opendev.org/c/openstack/kolla-ansible/+/909912 | 07:50 |
| opendevreview | Sven Kieske proposed openstack/kolla stable/2023.2: Trivial fix letsencrypt base image https://review.opendev.org/c/openstack/kolla/+/925081 | 07:50 |
| SvenKieske | matusjenca: I'm just back from vacation, I'll have a look! | 07:52 |
| opendevreview | Ivan Halomi proposed openstack/ansible-collection-kolla master: Add uninstall tasks https://review.opendev.org/c/openstack/ansible-collection-kolla/+/925083 | 08:47 |
| opendevreview | Matt Crees proposed openstack/kayobe master: Bump stackhpc.linux collection to v1.2.3 https://review.opendev.org/c/openstack/kayobe/+/924480 | 08:52 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Switch mariadb's loadbalancer from HAProxy to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/913724 | 09:36 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add backend TLS between MariaDB and ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/909912 | 09:36 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add documentation for caching. https://review.opendev.org/c/openstack/kolla-ansible/+/918285 | 10:41 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Implement TLS for Redis https://review.opendev.org/c/openstack/kolla-ansible/+/909188 | 10:51 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add Redis as caching backend for Keystone https://review.opendev.org/c/openstack/kolla-ansible/+/909201 | 10:51 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add Redis as caching backend for Nova https://review.opendev.org/c/openstack/kolla-ansible/+/909203 | 10:52 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add Redis as caching backend for Placement https://review.opendev.org/c/openstack/kolla-ansible/+/909222 | 10:53 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add Redis as caching backend for Heat https://review.opendev.org/c/openstack/kolla-ansible/+/909224 | 10:54 |
| deflated | Hi people, trying to deploy tls for the backend, how do i deploy official certs and not self signed ones? is there a tag i can pass ..multinoide certificates or use the same cert as for internal? Can't seem to figure it out without seeing some kind of error regarding ssl in the attempted deployment | 11:09 |
| PrzemekK | Follow https://docs.openstack.org/kolla-ansible/latest/admin/tls.html we have in globals haproxy_backend_cacert_dir: "/etc/ssl/certs" openstack_cacert: "/etc/ssl/certs/ca-certificates.crt" kolla_enable_tls_internal: "yes" kolla_enable_tls_external: "yes" | 11:19 |
| PrzemekK | . | 11:20 |
| PrzemekK | and /etc/kolla/certificates/: ca haproxy-internal.pem haproxy.pem /etc/kolla/certificates/ca: prodca.crt root.crt | 11:20 |
| deflated | thank you! | 11:21 |
| deflated | i'll give it a go now | 11:21 |
| PrzemekK | and kolla_copy_ca_into_containers: "yes" | 11:23 |
| deflated | i assume kolla_enable_tls_backend/ | 11:27 |
| deflated | kolla_verify_tls_backend should also be yes? | 11:27 |
| PrzemekK | it is enabled by default i think / By default, the TLS certificate will be verified as trustable by the OpenStack services. Although not recommended for production, it is possible to disable verification of the backend certificate: | 11:33 |
| deflated | They are and I certainly do want it to be secure. can you tell me what your prodca/root.crt relate to? i would assume root.crt is LE's ISRG Root X1 and prodca is the equivalent of LE's cert.pem? | 11:36 |
| deflated | i'm coming from osa so its a learning curve, i do really appreciate your help | 11:37 |
| PrzemekK | If You Talking about LetsEncrypt its different story. Then You use letsencrypt module https://docs.openstack.org/kolla-ansible/latest/admin/tls.html#generating-tls-certificates-with-let-s-encrypt but i dont have practise with it | 11:42 |
| dougszu | Does anyone know what's preventing this merging? I guess it needs W+1 from someone else? https://review.opendev.org/c/openstack/kolla-ansible/+/912483 | 12:19 |
| SvenKieske | it nees BackportCandidate votes | 12:24 |
| SvenKieske | that's why it's called "NonZero" dougszu, but it's maybe still not obvious | 12:24 |
| SvenKieske | guess that should be backported | 12:26 |
| dougszu | ah, thanks SvenKieske, i'd missed that. I agree - it should be fine to backport. | 12:38 |
| opendevreview | Merged openstack/kolla-ansible master: Support custom Nova Compute Ironic host names https://review.opendev.org/c/openstack/kolla-ansible/+/912483 | 14:01 |
| opendevreview | Merged openstack/kayobe master: Bump stackhpc.linux collection to v1.2.3 https://review.opendev.org/c/openstack/kayobe/+/924480 | 14:16 |
| opendevreview | Sven Kieske proposed openstack/kolla-ansible stable/2024.1: Fix keystone configuration for haproxy. https://review.opendev.org/c/openstack/kolla-ansible/+/925101 | 14:19 |
| opendevreview | Sven Kieske proposed openstack/kolla-ansible stable/2023.2: Fix keystone configuration for haproxy. https://review.opendev.org/c/openstack/kolla-ansible/+/925102 | 14:19 |
| opendevreview | Sven Kieske proposed openstack/kolla-ansible stable/2023.1: Fix keystone configuration for haproxy. https://review.opendev.org/c/openstack/kolla-ansible/+/925103 | 14:22 |
| opendevreview | Sven Kieske proposed openstack/kolla-ansible stable/2023.1: Fix keystone configuration for haproxy. https://review.opendev.org/c/openstack/kolla-ansible/+/925103 | 14:30 |
| opendevreview | Pierre Riteau proposed openstack/kayobe stable/2024.1: Bump stackhpc.linux collection to v1.2.3 https://review.opendev.org/c/openstack/kayobe/+/925104 | 14:41 |
| stromgren | Hi, I have an issue where one of my compute nodes is missing the secret for "cinder_rbd_secret_uuid". When I try to fetch it using "virsh secret-get-value <uuid>" inside the nova_libvirt container it fails. It works for the other hosts. I've tried to reconfigure, but that doesn't help. Do anyone have any input on what would be the next troubleshooting step. Thanks! | 17:35 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!