Skip to content

feat: add additional TCP localhost listener and leader_ca #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 9, 2025
Merged

feat: add additional TCP localhost listener and leader_ca #81

merged 6 commits into from
Jun 9, 2025
+13 −2

Conversation

jackhodgkiss
Copy link
Contributor

@jackhodgkiss jackhodgkiss commented Jun 7, 2025
edited
Loading

Fix two important bugs that prevent deployment of OpenBao across multiple hosts such as OpenStack control plane.

  1. Ensure that the bao client can communicate with bao server via
    127.0.0.1 in situations where the bind_addr it not listening on
    localhost.

  2. If TLS is used on the OpenBao API then raft peers will need to
    configured with a CA certificate to verify the certificates being used
    by the leader otherwise then could not join.

@jackhodgkiss jackhodgkiss self-assigned this Jun 7, 2025
@jackhodgkiss jackhodgkiss force-pushed the openbao-localhost-fix branch from 6cbfe15 to 1b4b2d5 Compare June 7, 2025 18:05
@jackhodgkiss jackhodgkiss changed the title feat: add additional TCP localhost listener feat: add additional TCP localhost listener and leader_ca Jun 9, 2025
@jackhodgkiss jackhodgkiss marked this pull request as ready for review June 9, 2025 09:22
@jackhodgkiss jackhodgkiss requested a review from a team as a code owner June 9, 2025 09:22
Alex-Welsh
Alex-Welsh previously approved these changes Jun 9, 2025
View reviewed changes
@jackhodgkiss
feat: update galaxy.yml version to 2.7.1
80f6eb3
@jackhodgkiss
feat: update galaxy.yml version to 2.7.0
c2ce6bd
@jackhodgkiss
feat: add additional TCP localhost listener
df62192 
Ensure that the `bao` client can communicate with `bao` server via
`127.0.0.1` in situations where the `bind_addr` it not listening on
localhost.
@jackhodgkiss
feat: add support for setting leader_ca_cert_file
9377fd7 
If `TLS` is used on the `OpenBao` API then raft peers will need to
configured with a `CA` certificate to verify the certificates being used
by the leader otherwise then could not join.
@jackhodgkiss jackhodgkiss force-pushed the openbao-localhost-fix branch from 9088eb0 to 9377fd7 Compare June 9, 2025 14:04
@jackhodgkiss jackhodgkiss merged commit 2b1ae06 into master Jun 9, 2025
13 checks passed
@jackhodgkiss jackhodgkiss deleted the openbao-localhost-fix branch June 9, 2025 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbezak bbezak bbezak approved these changes

@Alex-Welsh Alex-Welsh Alex-Welsh left review comments

Assignees

@jackhodgkiss jackhodgkiss

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jackhodgkiss @bbezak @Alex-Welsh