[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Phillip Toohill
phillip.toohill at RACKSPACE.COM
Mon Feb 29 22:07:29 UTC 2016
Is the create LB happening on a different user than the one that created the barbican container? Maybe im not looking at it right, but cant tell from this.
Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366
mobile: 210-440-8374
________________________________
From: Madhusudhan Kandadai <madhusudhan.openstack at gmail.com>
Sent: Monday, February 29, 2016 3:47 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Is what I can see the error logs in barbican svc screen while I create TLS listener like this: http://paste.openstack.org/show/xVl9iuJtGW03fCGetDm3/
2016-02-29 13:42:55.222 INFO barbican.api.middleware.context [req-65fd0f08-4c1e-4b2f-9cbd-64f186365077 afaa5d797f3543369d05e370a543ef9d c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/
{address space usage: 220770304 bytes/210MB} {rss usage: 101371904 bytes/96MB} [pid: 52558|app: 0|req: 75/75] 192.168.109.129 () {34 vars in 598 bytes} [Mon Feb 29 13:42:55 2016] POST /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated 111 bytes in 214 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on core 0)
2016-02-29 13:43:17.397 ERROR barbican.model.repositories [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d c141e106a7424d1a8316cf03a8c91e40] Not found for d96dccd5-0d39-4f67-ba3a-366a84cfd371
2016-02-29 13:43:17.397 TRACE barbican.model.repositories Traceback (most recent call last):
2016-02-29 13:43:17.397 TRACE barbican.model.repositories File "/opt/stack/barbican/barbican/model/repositories.py", line 354, in get
2016-02-29 13:43:17.397 TRACE barbican.model.repositories entity = query.one()
2016-02-29 13:43:17.397 TRACE barbican.model.repositories File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2699, in one
2016-02-29 13:43:17.397 TRACE barbican.model.repositories raise orm_exc.NoResultFound("No row was found for one()")
2016-02-29 13:43:17.397 TRACE barbican.model.repositories NoResultFound: No row was found for one()
2016-02-29 13:43:17.397 TRACE barbican.model.repositories
2016-02-29 13:43:17.398 ERROR barbican.api.controllers [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d c141e106a7424d1a8316cf03a8c91e40] Webob error seen
2016-02-29 13:43:17.398 TRACE barbican.api.controllers Traceback (most recent call last):
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 104, in handler
2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 90, in enforcer
2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 146, in content_types_enforcer
2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in on_post
2016-02-29 13:43:17.398 TRACE barbican.api.controllers controllers.containers.container_not_found()
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in container_not_found
2016-02-29 13:43:17.398 TRACE barbican.api.controllers pecan.abort(404, u._('Not Found. Sorry but your container is in '
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort
2016-02-29 13:43:17.398 TRACE barbican.api.controllers exec('raise webob_exception, None, traceback')
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in on_post
2016-02-29 13:43:17.398 TRACE barbican.api.controllers external_project_id)
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 360, in get
2016-02-29 13:43:17.398 TRACE barbican.api.controllers _raise_entity_not_found(self._do_entity_name(), entity_id)
2016-02-29 13:43:17.398 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 2173, in _raise_entity_not_found
2016-02-29 13:43:17.398 TRACE barbican.api.controllers id=entity_id))
2016-02-29 13:43:17.398 TRACE barbican.api.controllers HTTPNotFound: Not Found. Sorry but your container is in another castle.
2016-02-29 13:43:17.398 TRACE barbican.api.controllers
2016-02-29 13:43:17.403 INFO barbican.api.middleware.context [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/
{address space usage: 220770304 bytes/210MB} {rss usage: 101371904 bytes/96MB} [pid: 52558|app: 0|req: 76/76] 192.168.109.129 () {34 vars in 598 bytes} [Mon Feb 29 13:43:17 2016] POST /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated 111 bytes in 63 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on core 0)
On Mon, Feb 29, 2016 at 1:40 PM, Phillip Toohill <phillip.toohill at rackspace.com<mailto:phillip.toohill at rackspace.com>> wrote:
To further my thoughts, as Adam mentioned, it could be a user issue, which to me is what it sounds like. So being able to view the config and have other information is pertinent to solving the issue.
Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366<tel:210-312-4366>
mobile: 210-440-8374<tel:210-440-8374>
________________________________
From: Phillip Toohill <phillip.toohill at RACKSPACE.COM<mailto:phillip.toohill at RACKSPACE.COM>>
Sent: Monday, February 29, 2016 3:33 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
We could use some more information.
Phillip V. Toohill III
Software Developer
[http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png]
phone: 210-312-4366<tel:210-312-4366>
mobile: 210-440-8374<tel:210-440-8374>
________________________________
From: Madhusudhan Kandadai <madhusudhan.openstack at gmail.com<mailto:madhusudhan.openstack at gmail.com>>
Sent: Monday, February 29, 2016 3:21 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting.
On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harwell at rackspace.com<mailto:adam.harwell at rackspace.com>> wrote:
Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case).
--Adam
________________________________
From: Jiahao Liang <jiahao.liang at oneconvergence.com<mailto:jiahao.liang at oneconvergence.com>>
Sent: Thursday, January 28, 2016 12:18 AM
To: openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Hi community,
I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command:
neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
But the command failed with output:
TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found
When I run:
barbican secret container list
I was able to see the corresponding container in the list and the status is active.
(Sorry, the format is a little bit ugly.....)
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| Container href | Name | Created | Status | Type | Secrets | Consumers |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None |
| | | | | | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | |
| http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None |
| | | | | | certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 | |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container.
Anybody could give some advice on how to fix this problem?
Thank you in advance!
Best,
Jiahao Liang
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160229/979e77f8/attachment.html>
More information about the OpenStack-dev
mailing list
