Make sure octavia uses internal endpoint to barbican

The octavia service communicates to the barbican service with public endpoint_type by default[1], it should use internal like other services. [1] 0056b5175f/octavia/common/config.py (L533-L537) Closes-Bug: #1875618 Change-Id: I90d2b0aeac090a3e2366341e260232fc1f0d6492
2020-04-28 11:53:44 +08:00 · 2020-04-28 11:53:44 +08:00 · 01ae01ec26
parent 0747ebf1c9
commit 01ae01ec26
2 changed files with 9 additions and 0 deletions
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@ -15,6 +15,8 @@ ca_private_key = /etc/octavia/certs/private/cakey.pem
 ca_certificate = /etc/octavia/certs/ca_01.pem
 {% if enable_barbican | bool %}
 region_name = {{ openstack_region_name }}
+endpoint_type = internal
+ca_certificates_file = {{ openstack_cacert }}
 {% endif %}

 [haproxy_amphora]
--- a/releasenotes/notes/use-internal-endpoint-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml
+++ b/releasenotes/notes/use-internal-endpoint-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Switch endpoint_type from public to internal for octavia
+    communicating with the barbican service. See
+    `bug 1875618 <https://bugs.launchpad.net/kolla-ansible/+bug/1875618>`__
+    for details.