[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Phillip Toohill phillip.toohill at RACKSPACE.COM
Mon Feb 29 21:40:31 UTC 2016


To further my thoughts, as Adam mentioned, it could be a user issue, which to me is what it sounds like. So being able to view the config and have other information is pertinent to solving the issue.


Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366
mobile: 210-440-8374



________________________________
From: Phillip Toohill <phillip.toohill at RACKSPACE.COM>
Sent: Monday, February 29, 2016 3:33 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found


We could use some more information.


Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366
mobile: 210-440-8374



________________________________
From: Madhusudhan Kandadai <madhusudhan.openstack at gmail.com>
Sent: Monday, February 29, 2016 3:21 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting.

On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harwell at rackspace.com<mailto:adam.harwell at rackspace.com>> wrote:

Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case).


    --Adam


________________________________
From: Jiahao Liang <jiahao.liang at oneconvergence.com<mailto:jiahao.liang at oneconvergence.com>>
Sent: Thursday, January 28, 2016 12:18 AM
To: openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found

Hi community,

I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command:

neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')

But the command failed with output:

TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found

When I run:

barbican secret container list

I was able to see the corresponding container in the list and the status is active.
(Sorry, the format is a little bit ugly.....)
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| Container href                                                                 | Name           | Created                   | Status | Type        | Secrets                                                                                 | Consumers |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container  | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None      |
|                                                                                |                |                           |        |             | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe |           |
| http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None      |
|                                                                                |                |                           |        |             | certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 |           |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+


Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container.


Anybody could give some advice on how to fix this problem?

Thank you in advance!

Best,
Jiahao Liang

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160229/cc59b090/attachment.html>


More information about the OpenStack-dev mailing list