[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Phillip Toohill phillip.toohill at RACKSPACE.COM
Mon Feb 29 21:33:59 UTC 2016


We could use some more information.


Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366
mobile: 210-440-8374



________________________________
From: Madhusudhan Kandadai <madhusudhan.openstack at gmail.com>
Sent: Monday, February 29, 2016 3:21 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting.

On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harwell at rackspace.com<mailto:adam.harwell at rackspace.com>> wrote:

Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case).


    --Adam


________________________________
From: Jiahao Liang <jiahao.liang at oneconvergence.com<mailto:jiahao.liang at oneconvergence.com>>
Sent: Thursday, January 28, 2016 12:18 AM
To: openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Hi community,

I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command:

neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')

But the command failed with output:

TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found

When I run:

barbican secret container list

I was able to see the corresponding container in the list and the status is active.
(Sorry, the format is a little bit ugly.....)
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| Container href                                                                 | Name           | Created                   | Status | Type        | Secrets                                                                                 | Consumers |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container  | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None      |
|                                                                                |                |                           |        |             | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe |           |
| http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None      |
|                                                                                |                |                           |        |             | certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 |           |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+


Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container.


Anybody could give some advice on how to fix this problem?

Thank you in advance!

Best,
Jiahao Liang

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160229/e929f01f/attachment.html>


More information about the OpenStack-dev mailing list