Open ykorzikowski opened 3 days ago
@ykorzikowski, did all clients lose all connections with other peers after you had this issue with management? Can you share your client logs, too? If this is happening, it looks like there is a problem with the client's retry.
Regarding the configuration endpoint, it is not a hard requirement. It was used when you first ran the configure.sh script, and it added most of the fields that get overwritten by the management service. You can remove it from management.json and restart the management service to validate.
Hi @mlsmaycon , this time, I only notice my macbook lost the connection. The other clients seems to keep the connection.
What exactly do you mean by "removing it"?
[...]
"HttpConfig": {
"LetsEncryptDomain": "",
"CertFile": "",
"CertKey": "",
"AuthAudience": "netbird-client",
"AuthIssuer": "https://sso.***.com/realms/master",
"AuthUserIDClaim": "",
"AuthKeysLocation": "https://sso.***.com/realms/master/protocol/openid-connect/certs",
"OIDCConfigEndpoint": "https://sso.***.com/realms/master/.well-known/openid-configuration",
"IdpSignKeyRefreshEnabled": false
},
"IdpManagerConfig": {
"ManagerType": "keycloak",
"ClientConfig": null,
"ExtraConfig": null,
"Auth0ClientCredentials": null,
"AzureClientCredentials": null,
"KeycloakClientCredentials": {
"ClientID": "***",
"ClientSecret": "***",
"AdminEndpoint": "https://sso.***.com/admin/realms/master",
"TokenEndpoint": "https://sso.***.com/realms/master/protocol/openid-connect/token",
"GrantType": "client_credentials"
},
"ZitadelClientCredentials": null
},
[...]
Is your feature request related to a problem? Please describe. Whenever SSO like Authentik, Keycloak is not available, the management service won't start.
This may not be an issue in big, HA environments, but if you use netbird also for inter-server-communication, you may create a circular dependency (netbird needs sso which needs reverse proxy which needs netbird to connect to keycloak).
Describe the solution you'd like Add an option the service start in a fail safe mode or provide an option to cache this file and use it instead until the server is online again.
Describe alternatives you've considered
Additional context