search

cppforlife / turbulence-release

Turbulence release is used for injecting failure scenarios into any BOSH deployment.
Apache License 2.0
49 stars 17 forks source link

Turbulence agent is taking first_address, but API might have a floating IP #5

Closed voelzmo closed 8 years ago

voelzmo commented 8 years ago

I configured the turbulence API to have a floating IP, so I can access it with the browser without tunneling. Therefore, the SSL cert is also for the floating IP, not for the internal IP.

However, the turbulence-agent takes simply api.first_address as contact, which resolves to the internal IP. Consequently, the certificate cannot be validated by the agent and connection fails.

$ tail /var/vcap/sys/log/turbulence_agent/stderr.log
[Agent] 2016/07/26 16:28:30 ERROR - Failed fetching tasks: Fetching tasks '984e4ae8-064c-45f0-b917-4a0d19e702b9': Performing request POST 'https://turbulence:p@192.168.0.13:8080/api/v1/agents/984e4ae8-064c-45f0-b917-4a0d19e702b9/tasks': Performing POST request: Post https://turbulence:p@192.168.0.13:8080/api/v1/agents/984e4ae8-064c-45f0-b917-4a0d19e702b9/tasks: x509: certificate is valid for <redacted>, not 192.168.0.13
voelzmo commented 8 years ago

Turns out, setting network: vip for the consumer fixes things: http://bosh.io/docs/links#custom-network. Thanks @cppforlife