kolla-ansible

Barbican.conf - external_fqdn should be used for host_href

Bug #1660282 reported by Nenad Radojevic
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Nenad Radojevic
kolla-ansible ocata-rc1 "rc1"

Bug Description

The barbican service should use the external fqdn as value for the host_href parameter. Typically this is the endpoint that clients would use to connect to barbican from outside.

We came to this conclusion during the attempt to list secrets from outside our environment. As we started debugging we found out that a curl on our external fqdn will respond with the internal vip (10.10.30.100) instead of the external one (curl shown further below).
That's why users won't receive an answer from Barbican.

curl -sk https://foo.bar.net:9311 | jq .
{
  "versions": {
    "values": [
      {
        "status": "stable",
        "updated": "2015-04-28T00:00:00Z",
        "media-types": [
          {
            "base": "application/json",
            "type": "application/vnd.openstack.key-manager-v1+json"
          }
        ],
        "id": "v1",
        "links": [
          {
            "href": "http://10.10.30.100:9311/v1/",
            "rel": "self"
          },
          {
            "href": "http://docs.openstack.org/",
            "type": "text/html",
            "rel": "describedby"
          }
        ]
      }
    ]
  }
}

See original description
Nenad Radojevic (nradojevic)
Changed in kolla-ansible:
assignee: nobody → Nenad Radojevic (nradojevic)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/426697

Changed in kolla-ansible:
status: New → In Progress
Nenad Radojevic (nradojevic)
description: updated
Eduardo Gonzalez (egonzalez90)
Changed in kolla-ansible:
importance: Undecided → Medium
milestone: none → ocata-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/426697
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=5229c83a7f7aed98ae3985d5db0129c901790621
Submitter: Jenkins
Branch: master

commit 5229c83a7f7aed98ae3985d5db0129c901790621
Author: Nenad Radojevic <email address hidden>
Date: Mon Jan 30 11:17:39 2017 +0100

    External_fqdn for host_href in barbican.conf

    The barbican service should use the external fqdn as value for the
    host_href parameter. Typically this is the endpoint that clients
    would use to connect to barbican from outside.

    Change-Id: I075acb6335354a61f935d57a7b84f0f92978c9bd
    Closes-Bug: #1660282

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 4.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 4.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.