Keystone's admin endpoint is listening on the public VIP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
Here's a sample of the haproxy configuration:
listen keystone_admin
bind 10.0.0.5:13357 transparent ssl crt /etc/pki/
bind 192.168.24.6:35357 transparent
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk GET /v3
redirect scheme https code 301 if { hdr(host) -i 10.0.0.5 } !{ ssl_fc }
rsprep ^Location:\ http://
server overcloud-
server overcloud-
server overcloud-
This should not be the case, since the keystone_admin endpoint is meant for internal use (by an admin).
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → pike-rc1 |
Fix proposed to branch: master /review. openstack. org/493937
Review: https:/