=== _thumper_ is now known as thumper | ||
sou | Hey good people, I am trying to enable TLS for openstack endpoints. For this purpose I am using vault as the CA, and trying to use https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html . But signing the CSR step is confusing. It does not say how to generate .pem file. Do we have any other | 08:42 |
---|---|---|
sou | document which I can use to setup TLS for keystone using vault as the CA! | 08:42 |
sou | Appreciate any tips/steps/documents. | 08:42 |
sou | Thanks! | 08:42 |
wallyworld | sou: you will most likely have more luck asking in #openstack | 08:43 |
sou | Thanks wallyworld. As the document mentions charms, I added my concern here. Let me check in #openstack! | 08:49 |
wallyworld | sou: yes, fair call. the folks who write the openstack charms tend not to hang out here so much. if you dn't get any luck in @openstack, there's a discourse forum you can try (i'd need to look up the address) | 08:52 |
sou | Sure. Many thanks! | 08:54 |
stickupkid | manadart, achilleasa SUPER EASY ONE https://github.com/juju/juju/pull/11919 | 09:47 |
soutr | . | 10:06 |
stickupkid | manadart, achilleasa another one | 10:13 |
stickupkid | https://github.com/juju/juju/pull/11920 | 10:13 |
achilleasa | stickupkid: aren't we installing mongo via snap? | 10:22 |
stickupkid | achilleasa, you wish | 10:23 |
stickupkid | achilleasa, this is for testing | 10:23 |
achilleasa | why not? shouldn't we install the version actually installed when bootstrapping? | 10:23 |
stickupkid | achilleasa, but that's dependant on version | 10:23 |
stickupkid | achilleasa, also I'm unsure how snaps will behave on github actions, i.e. in a container/chroot thing | 10:24 |
stickupkid | achilleasa, I'm not sure I want to go down that rabbit hole | 10:25 |
stickupkid | achilleasa, keep in mind we should always work with the lowest common mongo, as we never upgrade our mongos | 10:25 |
stickupkid | achilleasa, (unless you do upgrade series maybe?) | 10:25 |
achilleasa | since we maintain our own juju-db, can't we tar.gz it and curl | tar it? | 10:26 |
stickupkid | life | 10:26 |
stickupkid | achilleasa, but we don't really | 10:26 |
achilleasa | but this is just the client tests right? | 10:26 |
stickupkid | yeah | 10:26 |
achilleasa | ok, cool then | 10:26 |
stickupkid | we use the packaged one with the os | 10:26 |
stickupkid | i.e. the apt one and make install-dependencies gets that latest one for us | 10:27 |
stickupkid | we just have to blast away what ever is there | 10:27 |
achilleasa | but latest is not really latest now is it? | 10:27 |
stickupkid | because github "decided" that it will install a FUCK TON of crap software when what I really want is ubuntu | 10:28 |
achilleasa | I mean due to the licensing issues | 10:28 |
stickupkid | HA | 10:28 |
stickupkid | yeah, yeah | 10:28 |
stickupkid | you get all this bullshit when you request ubuntu https://github.com/actions/virtual-environments/tree/main/images/linux/scripts/installers | 10:28 |
stickupkid | I already brought this up with the powers that be, that if I requested ubuntu, I should just get ubuntu, not that fucking shit show | 10:29 |
stickupkid | why the fuck do I want php | 10:29 |
stickupkid | and node | 10:29 |
stickupkid | they don't even have maas, juju, etc and they're canoncial products jeez | 10:30 |
SpecialK|Canon | As a GitHub Actions user I'm more likely to want PHP in my environment than I am MAAS | 10:37 |
SpecialK|Canon | but some of the versions can sure be surprising | 10:38 |
stickupkid | but you should ask for it, not be given it | 10:38 |
stickupkid | SpecialK|Canon, I'd rather have this https://paste.ubuntu.com/p/f55QkrbsWH/ | 10:41 |
SpecialK|Canon | stickupkid: I know which one I'd rather implement the caching for ;) | 10:43 |
stickupkid | I know why they do it though, so they can cache the hell out of the image | 10:43 |
SpecialK|Canon | (But I see your point as a user) | 10:43 |
stickupkid | SpecialK|Canon, yeah, but ubuntu is a brand, it's expected to perform exactly the same for every installation, this changes that. I'm now not getting "ubuntu", I'm getting ubuntu with stuff that I have to horse around with to get me to a more stock ubuntu | 10:44 |
stickupkid | that's my main issue... caching is a github issue, not a user one | 10:45 |
manadart | stickupkid achilleasa: This is patch I have been discussing at standup: https://github.com/juju/juju/pull/11921 | 11:20 |
stickupkid | manadart, will look | 11:20 |
stickupkid | manadart, ho? got questions | 11:30 |
manadart | stickupkid: Yep, gimme a couple. | 11:32 |
stickupkid | manadart, Q&A went well, although slow | 14:07 |
stickupkid | manadart, another question though | 14:07 |
manadart | stickupkid: Yup? | 14:07 |
stickupkid | in the database I'm looking at and the PR description, there is now a "type", is this an migration step, or do we not care? | 14:08 |
stickupkid | ah no wait, I'm blind | 14:08 |
stickupkid | manadart, tick | 14:09 |
manadart | stickupkid: Ta. | 14:10 |
achilleasa | stickupkid: or hml quick CR for a help text change? https://github.com/juju/juju/pull/11922 | 15:42 |
hml | achilleasa: looking | 15:42 |
hml | achilleasa: one suggestion for the change. | 15:48 |
achilleasa | hml: It was easier to just rewrite the help text. Can you take another look? | 16:10 |
hml | achilleasa: sure | 16:11 |
hml | stickupkid: review please: https://github.com/juju/juju/pull/11923. it’s not really 1k lines, there are mock files and json schema changes. | 16:12 |
stickupkid | hml, k | 16:12 |
hml | stickupkid: I’ll do the TODO once i get the whole thing wired up | 16:13 |
hml | in the next pr | 16:13 |
hml | achilleasa: I like the new write up, any concerns that this does not follow the other help msgs with a specific examples section? | 16:14 |
stickupkid | hml, do we need Resolve for charm hub? | 16:16 |
hml | stickupkid: we will, need to figure out where to put it and what it should contain. that’s my next step | 16:16 |
hml | i’m thinking just the charmhub package | 16:17 |
stickupkid | hml, done | 16:18 |
hml | stickupkid: ho? | 16:20 |
stickupkid | sure | 16:20 |
achilleasa | hml: no idea :D | 16:22 |
achilleasa | petevg: ^^^ thoughts on https://github.com/juju/juju/pull/11922 re: Heather's comment? | 16:23 |
achilleasa | hml: actually I should change the redis example and use apache2 everywhere | 16:24 |
stickupkid | esp. because redis isn't even updated | 16:34 |
=== evhan` is now known as evhan |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!