| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 08:13 |
|---|---|---|
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 09:00 |
| zigo | tkajinam: Hi there! | 09:08 |
| zigo | Do you think that's ok to do this? https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085/15/manifests/ssl_key.pp | 09:08 |
| tkajinam | it's a bit confusing that cacert is also managed by ssl_key but it might be over-engineering to implementing a separate class for it | 09:28 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration master: wip: Add Debian Trixie jobs https://review.opendev.org/c/openstack/puppet-openstack-integration/+/984195 | 09:29 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration master: DNM: Use standalone keystone in Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/984418 | 09:29 |
| zigo | tkajinam: Well, ssl_key already manages the key, why can't it also manage the cert? They go together, no? | 09:30 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 09:31 |
| tkajinam | zigo, it's not cert but cacert and we already have openstack_integration::cacert . | 09:32 |
| tkajinam | my point is that cacert is now handled both by ::cacert and ::ssl_key which may be a bit confusing | 09:32 |
| zigo | Oh, but then is there a cert somewhere?!? | 09:32 |
| zigo | I got confused between cacert and ssl cert, indeed. | 09:33 |
| tkajinam | hmm wait | 09:34 |
| tkajinam | we might be doing something wrong here | 09:34 |
| tkajinam | hmm ok so we are using cert as cacert ... | 09:36 |
| tkajinam | I'll take a look later | 09:38 |
| zigo | tkajinam: Please let me know, in the mean time, I'll try like the above. | 09:49 |
| zigo | Right now, I can see keystone runs with: | 09:50 |
| zigo | --https-socket [::]:5000,/usr/local/share/ca-certificates/puppet_openstack.crt,/etc/keystone/ssl/private/poi.debian.net.pem | 09:50 |
| zigo | I don't even understand how that's done, as the init script doesn't do that. | 09:50 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 10:29 |
| zigo | I have 2 remaining issues (at least): | 10:34 |
| zigo | - Something stops neutron-api during the run, and it's not restarted before the validation that does a network list. | 10:34 |
| zigo | - Glance cannot be setup with SSL, because in Debian, it still uses /usr/bin/glance-api without uwsgi, because backups are otherwise broken. In production, I fixed that by using re-encryption with haproxy. | 10:34 |
| zigo | I currently have no clue how to fix these, but will search. | 10:34 |
| zigo | Oh, for neutron, the issue may be: | 10:37 |
| zigo | api_service_name | 10:37 |
| zigo | that wasn't set correctly. | 10:37 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 10:41 |
| zigo | This last one maybe fixes the 2 issues. | 10:41 |
| tkajinam | can you just start without ssl ? | 10:46 |
| zigo | Yeah, that's what my last patch does. | 10:47 |
| zigo | I'm trying this in a VM in virtualbox, so it's easier to debug. | 10:47 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 10:53 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 11:59 |
| *** amoralej__ is now known as amoralej | 12:00 | |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 12:02 |
| opendevreview | Thomas Goirand proposed openstack/puppet-openstack-integration master: WIP: support Debian https://review.opendev.org/c/openstack/puppet-openstack-integration/+/989085 | 12:24 |
| opendevreview | Thomas Goirand proposed openstack/puppet-watcher master: Add UWSGI support for Debian https://review.opendev.org/c/openstack/puppet-watcher/+/990311 | 12:31 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-heat master: Remove parameters for dedicated heat-cfn keystone user https://review.opendev.org/c/openstack/puppet-heat/+/990506 | 15:10 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-ironic master: Clean up parameters for inspector inspect interface https://review.opendev.org/c/openstack/puppet-ironic/+/990508 | 15:12 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-magnum master: Clean up deprecated domain_id parameters https://review.opendev.org/c/openstack/puppet-magnum/+/990511 | 15:15 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-watcher master: Clean up support for glance_client/neutron_client options https://review.opendev.org/c/openstack/puppet-watcher/+/990514 | 15:18 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-ironic master: Clean up parameters for inspector inspect interface https://review.opendev.org/c/openstack/puppet-ironic/+/990508 | 23:32 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!