2017-01-30 10:40:13 |
Nenad Radojevic |
description |
The barbican service should use the external fqdn as value for the host_href parameter. Typically this is the endpoint that clients would use to connect to barbican from outside. |
The barbican service should use the external fqdn as value for the host_href parameter. Typically this is the endpoint that clients would use to connect to barbican from outside.
We came to this conclusion during the attempt to list secrets from outside our environment. As we started debugging we found out that a curl on our external fqdn will respond with the internal vip (10.10.30.100) instead of the external one (curl shown further below).
That's why users won't receive an answer from Barbican.
curl -sk https://foo.bar.net:9311 | jq .
{
"versions": {
"values": [
{
"status": "stable",
"updated": "2015-04-28T00:00:00Z",
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.key-manager-v1+json"
}
],
"id": "v1",
"links": [
{
"href": "http://10.10.30.100:9311/v1/",
"rel": "self"
},
{
"href": "http://docs.openstack.org/",
"type": "text/html",
"rel": "describedby"
}
]
}
]
}
} |
|