kms_keymaster: allow specifying barbican_endpoint
Under a multi-region deployment with a single Keystone server, specifying the Keystone auth credentials isn't enough. Indeed, Castellan succeeds when logging-in, but may use the wrong Barbican endpoint (if there are 2 Barbican deployed). This is what happened to us, when deploying our 2nd region. They way to fix it would be to tell Castellan what region to use, unfortunately, there's no such option in Castellan. Though we may specify the barbican_endpoint, which is what this patch allows. Change-Id: Ib7f4219ef5fdef65e9cfd5701e28b5288741783e
This commit is contained in:
2 changed files with 8 additions and 1 deletions
@@ -93,6 +93,12 @@
# domain_id = changeme
# domain_name = changeme
# If running on a multi-region cluster, Castellan may select the wrong
# endpoint for Barbican. To avoid this, set this to the URL of the
# correct barbican endpoint. If there is only a single Barbican service
# in your deployment, it is fine to leave this unconfigured.
# barbican_endpoint =
[kmip_keymaster]
# The kmip_keymaster section is used to configure a keymaster that fetches an
# encryption root secret from a KMIP service.
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.