[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Madhusudhan Kandadai
madhusudhan.openstack at gmail.com
Mon Feb 29 21:21:31 UTC 2016
Wondering, have you guys figured out this issue? I am seeing the same
problem that Jiahao is getting.
On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harwell at rackspace.com>
wrote:
> Could you provide your neutron-lbaas.conf? Depending on what version
> you're using, barbican may not be the default secret backend (I believe
> this has been fixed). Alternatively, it depends on what user accounts are
> involved -- this should definitely work if you are using only the single
> admin account, but we haven't done a lot of testing around the ACLs yet to
> make sure they are working (and I believe there is still an outstanding bug
> in Barbican that would cause the ACLs to not function properly in our
> use-case).
>
>
> --Adam
>
>
> ------------------------------
> *From:* Jiahao Liang <jiahao.liang at oneconvergence.com>
> *Sent:* Thursday, January 28, 2016 12:18 AM
> *To:* openstack-dev at lists.openstack.org
> *Subject:* [openstack-dev] [Neutron][LBaaS][barbican]TLS container could
> not be found
>
> Hi community,
>
> I was going through
> https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with
> devstack. I was stuck at a point when I tried to create a listener within a
> loadbalancer with this command:
>
> neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
>
> But the command failed with output:
>
> TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found
>
>
> When I run:
>
> barbican secret container list
>
> I was able to see the corresponding container in the list and the status
> is active.
> (Sorry, the format is a little bit ugly.....)
>
> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
> | Container href
> | Name | Created | Status | Type |
> Secrets
> | Consumers |
>
> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
> |
> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 |
> tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate |
> private_key=
> http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd |
> None |
> |
> | | | |
> | certificate=
> http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe |
> |
> |
> http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee |
> tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate |
> private_key=
> http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 |
> None |
> |
> | | | |
> | certificate=
> http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 |
> |
>
> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
>
>
> Also, if I did a GET method from a RESTful client with correct
> X-Auth-Token to the url:
> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3,
> I was able to receive the JSON information of the TLS container.
>
>
> Anybody could give some advice on how to fix this problem?
>
> Thank you in advance!
>
> Best,
> Jiahao Liang
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160229/c0f6bcd3/attachment.html>
More information about the OpenStack-dev
mailing list