openstack
/
openstack-ansible-specs
Code Issues Proposed changes
openstack-ansible-specs/557f4e15825af415d70e1cc1cb9...

146 lines
4.5 KiB
Plaintext
Raw Blame History

{
"comments": [
{
"unresolved": true,
"key": {
"uuid": "ecd940eb_8b2bcc1a",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 43,
"author": {
"id": 28619
},
"writtenOn": "2022-01-17T16:51:31Z",
"side": 1,
"message": "This is implemented for quite a while? It\u0027s just matter of setting haproxy_ssl_all_vips?",
"range": {
"startLine": 23,
"startChar": 0,
"endLine": 43,
"endChar": 43
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "a2dd927e_08c73157",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 43,
"author": {
"id": 25023
},
"writtenOn": "2022-01-17T19:36:14Z",
"side": 1,
"message": "yes it\u0027s implemented and you can do it for a new deployment, but how to take an existing http internal vip and migrate it to https without a large outage is not covered. this spec is trying to address that problem.",
"parentUuid": "ecd940eb_8b2bcc1a",
"range": {
"startLine": 23,
"startChar": 0,
"endLine": 43,
"endChar": 43
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "6a5437e2_8cfa493c",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 43,
"author": {
"id": 31749
},
"writtenOn": "2022-02-21T11:12:55Z",
"side": 1,
"message": "Yeah the issue is with upgrading existing deployments without causing downtime of the API\u0027s. The issues is because the upgrade to HTTPS is handled in different playbook for both the client and server.\nFor the haproxy frontends, when the internal VIP is upgraded to accept only TLS, internal clients with be unable to communicate with harproxy until their config is changed from HTTP to HTTPS url.\nFor backends, if haproxy is upgraded to expect a HTTPS backend, its will be unable to connect until the backend server is upgraded to HTTPS.",
"parentUuid": "a2dd927e_08c73157",
"range": {
"startLine": 23,
"startChar": 0,
"endLine": 43,
"endChar": 43
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "afbd64c4_abfc3d22",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 92,
"author": {
"id": 28619
},
"writtenOn": "2022-01-17T16:51:31Z",
"side": 1,
"message": "We\u0027ve implemented that in X (except rabbit that was covered with SSL for quite a while)",
"range": {
"startLine": 79,
"startChar": 0,
"endLine": 92,
"endChar": 73
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "8c9e63b9_698fce60",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 92,
"author": {
"id": 31542
},
"writtenOn": "2022-01-19T13:28:25Z",
"side": 1,
"message": "Memcached probably needs adding to this list. etcd is also possible.",
"parentUuid": "afbd64c4_abfc3d22",
"range": {
"startLine": 79,
"startChar": 0,
"endLine": 92,
"endChar": 73
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": false,
"key": {
"uuid": "5271f992_7cb6e045",
"filename": "specs/yoga/internal-tls.rst",
"patchSetId": 1
},
"lineNbr": 92,
"author": {
"id": 31749
},
"writtenOn": "2022-02-21T11:12:55Z",
"side": 1,
"message": "Done",
"parentUuid": "8c9e63b9_698fce60",
"range": {
"startLine": 79,
"startChar": 0,
"endLine": 92,
"endChar": 73
},
"revId": "557f4e15825af415d70e1cc1cb9442e13635bbfe",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
}
]
}
View Git Blame Copy Permalink