On Debian barbican-api is only listening on IPv4 address resulting in unlock rejected
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
On IPV6 lab, barbican-api is only listening on IPV4 address after bootstrap:
[root@controller-0 sysadmin(
tcp 0 0 0.0.0.0:9311 0.0.0.0:* LISTEN 2597941/python3
This results in connection to Barbican by internal endpoint (IPv6 URL) refused, and unlock failed.
Severity
--------
Critical
Steps to Reproduce
------------------
- On a IPv6 lab, install Debian load
- Bootstrap by ansible playbook
- After bootstrap, check Barbican listening port by "netstat -antp | grep 9311"
- curl to access Barbican internal endpoint
- unlock controller
Expected Behavior
------------------
- Barbican is listening on IPv6 network address after bootstrap
- curl to internal endpoint successful after bootstrap
- unlock successful
Actual Behavior
----------------
- Barbican is listening on IPv4 address only after bootstrap
- curl to internal endpoint refused after bootstrap
- unlock failed
Reproducibility
---------------
100% - Barbican is listening on IPv4 address only after bootstrap
100% - curl to internal endpoint refused after bootstrap
Seen once - unlock failed
System Configuration
-------
AIO-SX IPv6
Branch/Pull Time/Commit
-------
STX master latest
Last Pass
---------
Unknown
Timestamp/Logs
--------------
See steps to reproduce
Test Activity
-------------
Developer Testing
Workaround
----------
Update gunicorn-config.py, and restart barbican-api:
[root@controller-0 sysadmin(
3c3
< bind = ':9311'
—
> bind = '[::]:9311'
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.7.0 stx.config stx.debian stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /stx-puppet/ +/842373
Review: https:/