Friday, 2022-01-21

*** rlandy|ruck is now known as rlandy|out00:09
*** queria is now known as Guest123703:26
*** queria is now known as Guest123803:30
*** tkajinam is now known as tkajinam|lunch03:55
*** tkajinam|lunch is now known as tkajinam03:56
*** elenalindq_ is now known as elenalindq05:52
*** kmasterson` is now known as kmasterson09:03
*** johnsom_ is now known as johnsom09:03
*** melwitt is now known as Guest131209:32
*** melwitt is now known as Guest132010:50
*** rlandy is now known as rlandy|ruck11:13
*** blarnath is now known as d34dh0r5316:02
*** promethe- is now known as prometheanfire16:03
krumelmonsterHi. I just installed openstack aio via openstack-ansible. Now I want to generate letsencrypt certificates for horizon. obviously cannot be sufficient because obviously, I'll need to configure the domain somewhere first.17:39
jrosserkrumelmonster: you could join #openstack-ansible too18:33
jrosserI think that LetsEncrypt setup might be even simpler in recent releases, there should be no need to add extra haproxy config any more18:34
jrosseroh ok that’s for without horizon18:36
jrosseryes - you will need to get the dns entry created first, and I’d highly recommend using the LE staging endpoint first in case you need to debug and retry anything18:37
*** Guest1320 is now known as melwitt19:18
krumelmonsterjrosser: I have created a dns entry outside the openstack aio server and I can reach horizon by that name and now I'd like to replace the certificate so I can run openstack-client without getting an SSL error19:24
tty0what would the best distro be for kolla-openstack (the ansible thingie with all-in-one)?20:39
tty0when i use ubuntu 20.04 (dont know why i picked that disto in the first place for this stack since i like centos on headless things) i get errors like "Could not load 'project_purge': No module named 'keystoneclient'" when i do a simple openstack server list20:42
tty0(and yes, have sourced the environment)20:42
jrosserkrumelmonster: do you have a public ip on your AIO or is it behind a NAT or something?20:54
krumelmonsterjrosser it's behind a load balancer but that isn't the issue. The question is just how I'd configure a letsencrypt TLS-Cert for horizon. end-to-end TLS is working already.21:48
jrosserthe LE support in openstack-ansible runs certbot as part of the haproxy setup21:49
jrosserthe certificate is on haproxy, not the horizon service21:52
krumelmonsterBut where would I configure the Domain Name of my server so openstack-ansible can generate the correct certificates?21:52
krumelmonsterOnce I've changed the relevant configuration in /etc/openstack_deploy, do I rerun the setup-openstack.yml playbook?22:07
jrosserto apply the config to haproxy just run the haproxy playbook on its own22:18
jrosserthen run setup-openstack to fix up the service catalog22:19
-opendevstatus- NOTICE: The Gerrit service on is being restarted briefly to apply a bugfix23:01

Generated by 2.17.3 by Marius Gedminas - find it at!