Could you provide your neutron-lbaas.conf? Depending on what version you're
using, barbican may not be the default secret backend (I believe this has been
fixed). Alternatively, it depends on what user accounts are involved -- this
should definitely work if you are using only the single admin account, but we
haven't done a lot of testing around the ACLs yet to make sure they are working
(and I believe there is still an outstanding bug in Barbican that would cause
the ACLs to not function properly in our use-case).
?--Adam
________________________________
From: Jiahao Liang <[email protected]>
Sent: Thursday, January 28, 2016 12:18 AM
To: [email protected]
Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be
found
Hi community,
I was going through
https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer
with devstack. I was stuck at a point when I tried to create a listener within
a loadbalancer with this command:
neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol
TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret
container list | awk '/ tls_container / {print $2}')
But the command failed with output:
TLS container
http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34
could not be found
When I run:
barbican secret container list
I was able to see the corresponding container in the list and the status is
active.
(Sorry, the format is a little bit ugly.....)
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
| Container href
| Name | Created | Status | Type | Secrets
| Consumers |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
|
http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34
| tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate |
private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd
| None |
|
| | | | |
certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe
| |
|
http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee
| tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate |
private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10
| None |
|
| | | | |
certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698
| |
+--------------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+-----------------------------------------------------------------------------------------+-----------+
Also, if I did a GET method from a RESTful client with correct X-Auth-Token to
the url:
http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3,
I was able to receive the JSON information of the TLS container.
Anybody could give some advice on how to fix this problem?
Thank you in advance!
Best,
Jiahao Liang
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
