| *** rlandy|ruck is now known as rlandy|out | 00:09 | |
| *** queria is now known as Guest1237 | 03:26 | |
| *** queria is now known as Guest1238 | 03:30 | |
| *** tkajinam is now known as tkajinam|lunch | 03:55 | |
| *** tkajinam|lunch is now known as tkajinam | 03:56 | |
| *** elenalindq_ is now known as elenalindq | 05:52 | |
| *** kmasterson` is now known as kmasterson | 09:03 | |
| *** johnsom_ is now known as johnsom | 09:03 | |
| *** melwitt is now known as Guest1312 | 09:32 | |
| *** melwitt is now known as Guest1320 | 10:50 | |
| *** rlandy is now known as rlandy|ruck | 11:13 | |
| *** blarnath is now known as d34dh0r53 | 16:02 | |
| *** promethe- is now known as prometheanfire | 16:03 | |
| krumelmonster | Hi. I just installed openstack aio via openstack-ansible. Now I want to generate letsencrypt certificates for horizon. https://docs.openstack.org/openstack-ansible/latest/user/security/ssl-certificates.html#certbot-certificates obviously cannot be sufficient because obviously, I'll need to configure the domain somewhere first. | 17:39 |
|---|---|---|
| jrosser | krumelmonster: you could join #openstack-ansible too | 18:33 |
| jrosser | I think that LetsEncrypt setup might be even simpler in recent releases, there should be no need to add extra haproxy config any more | 18:34 |
| jrosser | oh ok that’s for without horizon | 18:36 |
| jrosser | yes - you will need to get the dns entry created first, and I’d highly recommend using the LE staging endpoint first in case you need to debug and retry anything | 18:37 |
| *** Guest1320 is now known as melwitt | 19:18 | |
| krumelmonster | jrosser: I have created a dns entry outside the openstack aio server and I can reach horizon by that name and now I'd like to replace the certificate so I can run openstack-client without getting an SSL error | 19:24 |
| tty0 | what would the best distro be for kolla-openstack (the ansible thingie with all-in-one)? | 20:39 |
| tty0 | when i use ubuntu 20.04 (dont know why i picked that disto in the first place for this stack since i like centos on headless things) i get errors like "Could not load 'project_purge': No module named 'keystoneclient'" when i do a simple openstack server list | 20:42 |
| tty0 | (and yes, have sourced the environment) | 20:42 |
| jrosser | krumelmonster: do you have a public ip on your AIO or is it behind a NAT or something? | 20:54 |
| krumelmonster | jrosser it's behind a load balancer but that isn't the issue. The question is just how I'd configure a letsencrypt TLS-Cert for horizon. end-to-end TLS is working already. | 21:48 |
| jrosser | the LE support in openstack-ansible runs certbot as part of the haproxy setup | 21:49 |
| jrosser | the certificate is on haproxy, not the horizon service | 21:52 |
| krumelmonster | But where would I configure the Domain Name of my server so openstack-ansible can generate the correct certificates? | 21:52 |
| krumelmonster | Once I've changed the relevant configuration in /etc/openstack_deploy, do I rerun the setup-openstack.yml playbook? | 22:07 |
| jrosser | to apply the config to haproxy just run the haproxy playbook on its own | 22:18 |
| jrosser | then run setup-openstack to fix up the service catalog | 22:19 |
| -opendevstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted briefly to apply a bugfix | 23:01 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!