[openstack-dev] [neutron][lbaas]Error at listener's barbican container validation

Phillip Toohill phillip.toohill at RACKSPACE.COM
Thu Jun 4 14:45:55 UTC 2015 

I think there may just be some non-updated docstrings here. We should take only the 'ref'. If we get a UUID we wont know how to build it or what to do with it. The naming of this does need to change, but I dont' believe we need to convert UUID to ref.


Is 'self.get_cert_ref_url(cert_ref)​' something already available that i may be over looking or an example?


IMO, we need to go through and make sure the 'container_ref' is updated to be consistent throughout the project for the barbican stuff and is something I plan on doing once I get a chance if no body else does.


Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366
mobile: 210-440-8374

________________________________
From: santosh sharma <chitr.prayatan at gmail.com>
Sent: Thursday, June 4, 2015 12:08 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [neutron][lbaas]Error at listener's barbican container validation


There is error while validating the barabican containers associated with listener (tls and sni container) at plugin layer.

In validate_tls_container() ,contain_id is passed where as it is expecting container_ref_url.

 def _validate_tls(self, listener, curr_listener=None):

        def validate_tls_container(container_ref):
        ...

       def validate_tls_containers(to_validate):
            for container_ref in to_validate:
                validate_tls_container(container_ref)
       ...
       if len(to_validate) > 0:
            validate_tls_containers(to_validate)

#to_validate is list of container_ids.

# barbican_cert_manager.py  ,at  get_cert()  cert_ref is  UUID instead of ref_url for container.

def get_cert(cert_ref, service_name='Octavia', resource_ref=None,
                 check_only=False, **kwargs):

         ...
         :param cert_ref: the UUID of the cert to retrieve
         ...

         cert_container = connection.containers.get(
                    container_ref=cert_ref

#above container_ref is a UUID whereas connection.container.get() expects a reference url.

We should prepare ref_url from container UUID before passing to barbican client apis.
following should fix the issue.

diff --git a/neutron_lbaas/common/cert_manager/barbican_cert_manager.py b/neutron_lbaas/common/cert_manager/barbican_cert_manager.py
index 1ad38ee..8d3c3c4 100644
--- a/neutron_lbaas/common/cert_manager/barbican_cert_manager.py
+++ b/neutron_lbaas/common/cert_manager/barbican_cert_manager.py
@@ -219,6 +222,9 @@ class CertManager(cert_manager.CertManager):
         """
         connection = BarbicanKeystoneAuth.get_barbican_client()

+        if self.is_UUID(cert_ref):
+            cert_ref = self.get_cert_ref_url(cert_ref)
+

Error log:
-----------------------------------------------------------------------------------------------------------------------------------------------
ERROR neutron_lbaas.common.cert_manager.barbican_cert_manager [req-a5e704fb-f04b-45f2-9c50-f3bfebe09afd admin 5ca9f
cbf4652456a9bd53582b86bd0e9] Error getting 0b8d5af0-c156-46ad-b4c6-882a84824ce2
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager Traceback (most recent call last):
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager   File "/opt/stack/neutron-lbaas/neutron_lbaas/common
/cert_manager/barbican_cert_manager.py", line 228, in get_cert
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager     container_ref=cert_ref
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager   File "/opt/stack/python-barbicanclient/barbicanclie
nt/containers.py", line 528, in get
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager     base.validate_ref(container_ref, 'Container')
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager   File "/opt/stack/python-barbicanclient/barbicanclie
nt/base.py", line 35, in validate_ref
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager     raise ValueError('{0} incorrectly specified.'.for
mat(entity))
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager ValueError: Container incorrectly specified.
2015-06-04 09:58:38.126 TRACE neutron_lbaas.common.cert_manager.barbican_cert_manager
2015-06-04 09:58:38.167 INFO neutron.api.v2.resource [req-a5e704fb-f04b-45f2-9c50-f3bfebe09afd admin 5ca9fcbf4652456a9bd53582b86bd0e9] crea
te failed (client error): TLS container 0b8d5af0-c156-46ad-b4c6-882a84824ce2 could not be found
---------------------------------------------------------------------------------------------------------------------------------------------------
--

Thanks
Santosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150604/64ea6f08/attachment.html>

More information about the OpenStack-dev mailing list