[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Madhusudhan Kandadai
madhusudhan.openstack at gmail.com
Tue Mar 1 01:07:40 UTC 2016
Okay, Figured out the issue.When debugging, I was trying to create lb and
barbican clients with different users. Thanks guys!
On Mon, Feb 29, 2016 at 2:07 PM, Phillip Toohill <
phillip.toohill at rackspace.com> wrote:
> Is the create LB happening on a different user than the one that created
> the barbican container? Maybe im not looking at it right, but cant tell
> from this.
>
>
> Phillip V. Toohill III
> Software Developer
> phone: 210-312-4366
> mobile: 210-440-8374
>
>
>
> ------------------------------
> *From:* Madhusudhan Kandadai <madhusudhan.openstack at gmail.com>
> *Sent:* Monday, February 29, 2016 3:47 PM
>
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container
> could not be found
>
> Is what I can see the error logs in barbican svc screen while I create TLS
> listener like this: http://paste.openstack.org/show/xVl9iuJtGW03fCGetDm3/
>
> 2016-02-29 13:42:55.222 INFO barbican.api.middleware.context
> [req-65fd0f08-4c1e-4b2f-9cbd-64f186365077 afaa5d797f3543369d05e370a543ef9d
> c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST
> http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/
> {address space usage: 220770304 bytes/210MB} {rss usage: 101371904
> bytes/96MB} [pid: 52558|app: 0|req: 75/75] 192.168.109.129 () {34 vars in
> 598 bytes} [Mon Feb 29 13:42:55 2016] POST
> /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated
> 111 bytes in 214 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on
> core 0)
> 2016-02-29 13:43:17.397 ERROR barbican.model.repositories
> [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d
> c141e106a7424d1a8316cf03a8c91e40] Not found for
> d96dccd5-0d39-4f67-ba3a-366a84cfd371
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories Traceback (most
> recent call last):
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File
> "/opt/stack/barbican/barbican/model/repositories.py", line 354, in get
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories entity =
> query.one()
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File
> "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line
> 2699, in one
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories raise
> orm_exc.NoResultFound("No row was found for one()")
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories NoResultFound:
> No row was found for one()
> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories
> 2016-02-29 13:43:17.398 ERROR barbican.api.controllers
> [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d
> c141e106a7424d1a8316cf03a8c91e40] Webob error seen
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers Traceback (most
> recent call last):
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 104, in
> handler
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst,
> *args, **kwargs)
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 90, in
> enforcer
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst,
> *args, **kwargs)
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 146, in
> content_types_enforcer
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst,
> *args, **kwargs)
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in
> on_post
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers
> controllers.containers.container_not_found()
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in
> container_not_found
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers
> pecan.abort(404, u._('Not Found. Sorry but your container is in '
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers exec('raise
> webob_exception, None, traceback')
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in
> on_post
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers
> external_project_id)
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/model/repositories.py", line 360, in get
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers
> _raise_entity_not_found(self._do_entity_name(), entity_id)
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File
> "/opt/stack/barbican/barbican/model/repositories.py", line 2173, in
> _raise_entity_not_found
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers id=entity_id))
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers HTTPNotFound: Not
> Found. Sorry but your container is in another castle.
> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers
> 2016-02-29 13:43:17.403 INFO barbican.api.middleware.context
> [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d
> c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST
> http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/
> {address space usage: 220770304 bytes/210MB} {rss usage: 101371904
> bytes/96MB} [pid: 52558|app: 0|req: 76/76] 192.168.109.129 () {34 vars in
> 598 bytes} [Mon Feb 29 13:43:17 2016] POST
> /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated
> 111 bytes in 63 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on
> core 0)
>
>
>
>
> On Mon, Feb 29, 2016 at 1:40 PM, Phillip Toohill <
> phillip.toohill at rackspace.com> wrote:
>
>> To further my thoughts, as Adam mentioned, it could be a user issue,
>> which to me is what it sounds like. So being able to view the config and
>> have other information is pertinent to solving the issue.
>>
>>
>> Phillip V. Toohill III
>> Software Developer
>> phone: 210-312-4366
>> mobile: 210-440-8374
>>
>>
>>
>> ------------------------------
>> *From:* Phillip Toohill <phillip.toohill at RACKSPACE.COM>
>> *Sent:* Monday, February 29, 2016 3:33 PM
>>
>> *To:* OpenStack Development Mailing List (not for usage questions)
>> *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container
>> could not be found
>>
>>
>> We could use some more information.
>>
>>
>> Phillip V. Toohill III
>> Software Developer
>> phone: 210-312-4366
>> mobile: 210-440-8374
>>
>>
>>
>> ------------------------------
>> *From:* Madhusudhan Kandadai <madhusudhan.openstack at gmail.com>
>> *Sent:* Monday, February 29, 2016 3:21 PM
>> *To:* OpenStack Development Mailing List (not for usage questions)
>> *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container
>> could not be found
>>
>> Wondering, have you guys figured out this issue? I am seeing the same
>> problem that Jiahao is getting.
>>
>> On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harwell at rackspace.com>
>> wrote:
>>
>>> Could you provide your neutron-lbaas.conf? Depending on what version
>>> you're using, barbican may not be the default secret backend (I believe
>>> this has been fixed). Alternatively, it depends on what user accounts are
>>> involved -- this should definitely work if you are using only the single
>>> admin account, but we haven't done a lot of testing around the ACLs yet to
>>> make sure they are working (and I believe there is still an outstanding bug
>>> in Barbican that would cause the ACLs to not function properly in our
>>> use-case).
>>>
>>>
>>> --Adam
>>>
>>>
>>> ------------------------------
>>> *From:* Jiahao Liang <jiahao.liang at oneconvergence.com>
>>> *Sent:* Thursday, January 28, 2016 12:18 AM
>>> *To:* openstack-dev at lists.openstack.org
>>> *Subject:* [openstack-dev] [Neutron][LBaaS][barbican]TLS container
>>> could not be found
>>>
>>> Hi community,
>>>
>>> I was going through
>>> https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with
>>> devstack. I was stuck at a point when I tried to create a listener within a
>>> loadbalancer with this command:
>>>
>>> neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
>>>
>>> But the command failed with output:
>>>
>>> TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found
>>>
>>>
>>> When I run:
>>>
>>> barbican secret container list
>>>
>>> I was able to see the corresponding container in the list and the status
>>> is active.
>>> (Sorry, the format is a little bit ugly.....)
>>>
>>> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
>>> | Container href
>>> | Name | Created | Status | Type
>>> | Secrets
>>> | Consumers |
>>>
>>> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
>>> |
>>> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 |
>>> tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate |
>>> private_key=
>>> http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd |
>>> None |
>>> |
>>> | | | |
>>> | certificate=
>>> http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe |
>>> |
>>> |
>>> http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee |
>>> tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate |
>>> private_key=
>>> http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 |
>>> None |
>>> |
>>> | | | |
>>> | certificate=
>>> http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 |
>>> |
>>>
>>> +--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
>>>
>>>
>>> Also, if I did a GET method from a RESTful client with correct
>>> X-Auth-Token to the url:
>>> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3,
>>> I was able to receive the JSON information of the TLS container.
>>>
>>>
>>> Anybody could give some advice on how to fix this problem?
>>>
>>> Thank you in advance!
>>>
>>> Best,
>>> Jiahao Liang
>>>
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160229/c1d1827a/attachment.html>
More information about the OpenStack-dev
mailing list