vault is not using vip to communicate with other services
Bug #1878035 reported by
Ashley Lai
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vault-charm |
Fix Released
|
Medium
|
David Ames | ||
Bug Description
On the deployment, barbican-vault is communicating with vault using the internal IP instead of the vip.
2020-05-09 19:01:08 INFO juju-log secrets-storage:53: Retrieving secret-id from vault (https:/
artifacts can be found on the bottom of the link:
https:/
Revision history for this message
| Dmitrii Shcherbakov (dmitriis) wrote | #1 |
| Changed in vault-charm: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| milestone: | none → 20.05 |
| summary: |
- vault is not using vip to communicate with others services + vault is not using vip to communicate with other services |
Revision history for this message
| Ashley Lai (alai) wrote | #2 |
| Changed in vault-charm: | |
| assignee: | nobody → David Ames (thedac) |
Revision history for this message
| David Ames (thedac) wrote | #3 |
| Changed in vault-charm: | |
| status: | Triaged → In Progress |
| Changed in vault-charm: | |
| status: | In Progress → Fix Committed |
| Changed in vault-charm: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
The log message is from barbican-vault which simply uses a URL from the interface code
https:/
The interface code simply passes it through as well:
https:/
https:/
At the vault side, the content of a published URL depends on whether a relation to charm-hacluster is present or not:
https:/
I think it is safe to say that if a VIP is configured and the ha.available flag is not set then we should not expose a URL and wait until ha.available is set.
Triaging based on the above.