On 11/26/25 2:57 PM, Thomas Goirand wrote:
On 4/16/25 3:12 PM, Jani Heikkinen wrote:
Package: neutron-api
Version: 2:26.0.0-1~bpo12+1
Severity: wishlist
Dear Maintainer,
[...]
Attached is the modified neutron-api script which allows us to run api
over https with the native uwsgi script.
Hi Jani,
This is nice, however, it is hard to understand what you've changed
since the neutron-api, just like any other daemons in Debian OpenStack,
is calculated using openstack-pkg-tools. See the included file here:
https://salsa.debian.org/openstack-team/debian/openstack-pkg-tools/-/
blob/debian/flamingo/init-template/init-script-template?ref_type=heads
Would you be able to propose a patch to that file instead, and send the
diff to this bug? I'll happily merge improvements to openstack-pkg-tools
and have all services benefit from it.
Cheers,
Thomas Goirand (zigo)
Hi,
I made a diff of your neutron-api file and the generated one on my
server, and could find out what your proposal was.
First, I cannot just impose a filename anymore. On my servers, I have
for example, the hostname as the filename for cert and key files:
# find /etc/neutron/ssl/ -type f
/etc/neutron/ssl/public/<HOSTNAME>.crt
/etc/neutron/ssl/private/<HOSTNAME>.pem
Obviously, switching to your proposal will break me (and probably may
others).
I also removed the "HIGH" param, as it can also break people.
I also added the default binding on all IPs, including IPv6.
I however included the thing with the CA file (for client certificate)
as you proposed. The full diff is here:
https://salsa.debian.org/openstack-team/debian/openstack-pkg-tools/-/commit/06f3fcd11a48dbb4860df51cc9b79530ae267be8
All init scripts will be rebuilt once the packages are rebuilt in
Unstable using the new version of openstack-pkg-tools as per my upload.
This includes:
- adjutant
- aetos
- aodh
- barbican
- blazar
- cinder
- cloudkitty
- cyborg
- designate
- glance
- gnocchi
- heat
- ironic
- keystone
- neutron
I currently don't plan on starting the rebuild of all of these packages
on osbpo.debian.net, though let me know if you need me to do that.
Cheers,
Thomas Goirand (zigo)
