Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
uot;, line 141, in abort 2016-06-10 12:25:28.184 TRACE barbican.api.controllers exec('raise webob_exception, None, traceback') 2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in on_post 2016-06-10 12:25:28.184 TRACE barbican.api.controllers external_project_id) 2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 364, in get 2016-06-10 12:25:28.184 TRACE barbican.api.controllers _raise_entity_not_found(self._do_entity_name(), entity_id) 2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 2250, in _raise_entity_not_found 2016-06-10 12:25:28.184 TRACE barbican.api.controllers id=entity_id)) 2016-06-10 12:25:28.184 TRACE barbican.api.controllers HTTPNotFound: Not Found. Sorry but your container is in another castle. 2016-06-10 12:25:28.184 TRACE barbican.api.controllers 2016-06-10 12:25:28.187 INFO barbican.api.middleware.context [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d24f00aff0b24f4ea7f37d193129d532] Processed request: 404 Not Found - POST http://192.168.100.149:9311/v1/containers/8daec3a0-1582-4d59-ba04-be11d0c2d036/consumers/ Thank you, Jiahao Liang On Mon, Feb 29, 2016 at 5:07 PM, Madhusudhan Kandadai < madhusudhan.openst...@gmail.com> wrote: > Okay, Figured out the issue.When debugging, I was trying to create lb and > barbican clients with different users. Thanks guys! > > On Mon, Feb 29, 2016 at 2:07 PM, Phillip Toohill < > phillip.tooh...@rackspace.com> wrote: > >> Is the create LB happening on a different user than the one that created >> the barbican container? Maybe im not looking at it right, but cant tell >> from this. >> >> >> Phillip V. Toohill III >> Software Developer >> phone: 210-312-4366 >> mobile: 210-440-8374 >> >> >> >> -- >> *From:* Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> >> *Sent:* Monday, February 29, 2016 3:47 PM >> >> *To:* OpenStack Development Mailing List (not for usage questions) >> *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container >> could not be found >> >> Is what I can see the error logs in barbican svc screen while I create >> TLS listener like this: >> http://paste.openstack.org/show/xVl9iuJtGW03fCGetDm3/ >> >> 2016-02-29 13:42:55.222 INFO barbican.api.middleware.context >> [req-65fd0f08-4c1e-4b2f-9cbd-64f186365077 afaa5d797f3543369d05e370a543ef9d >> c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST >> http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ >> {address space usage: 220770304 bytes/210MB} {rss usage: 101371904 >> bytes/96MB} [pid: 52558|app: 0|req: 75/75] 192.168.109.129 () {34 vars in >> 598 bytes} [Mon Feb 29 13:42:55 2016] POST >> /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated >> 111 bytes in 214 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on >> core 0) >> 2016-02-29 13:43:17.397 ERROR barbican.model.repositories >> [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d >> c141e106a7424d1a8316cf03a8c91e40] Not found for >> d96dccd5-0d39-4f67-ba3a-366a84cfd371 >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories Traceback (most >> recent call last): >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File >> "/opt/stack/barbican/barbican/model/repositories.py", line 354, in get >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories entity = >> query.one() >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File >> "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line >> 2699, in one >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories raise >> orm_exc.NoResultFound("No row was found for one()") >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories NoResultFound: >> No row was found for one() >> 2016-02-29 13:43:17.397 TRACE barbican.model.repositories >> 2016-02-29 13:43:17.398 ERROR barbican.api.controllers >> [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d >> c141e106a7424d1a8316cf03a8c91e40] Webob error seen >> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers Traceback (most >> recent call last): >> 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File >> "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 104, in >> handler
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Okay, Figured out the issue.When debugging, I was trying to create lb and barbican clients with different users. Thanks guys! On Mon, Feb 29, 2016 at 2:07 PM, Phillip Toohill < phillip.tooh...@rackspace.com> wrote: > Is the create LB happening on a different user than the one that created > the barbican container? Maybe im not looking at it right, but cant tell > from this. > > > Phillip V. Toohill III > Software Developer > phone: 210-312-4366 > mobile: 210-440-8374 > > > > -- > *From:* Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> > *Sent:* Monday, February 29, 2016 3:47 PM > > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container > could not be found > > Is what I can see the error logs in barbican svc screen while I create TLS > listener like this: http://paste.openstack.org/show/xVl9iuJtGW03fCGetDm3/ > > 2016-02-29 13:42:55.222 INFO barbican.api.middleware.context > [req-65fd0f08-4c1e-4b2f-9cbd-64f186365077 afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST > http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ > {address space usage: 220770304 bytes/210MB} {rss usage: 101371904 > bytes/96MB} [pid: 52558|app: 0|req: 75/75] 192.168.109.129 () {34 vars in > 598 bytes} [Mon Feb 29 13:42:55 2016] POST > /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated > 111 bytes in 214 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on > core 0) > 2016-02-29 13:43:17.397 ERROR barbican.model.repositories > [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Not found for > d96dccd5-0d39-4f67-ba3a-366a84cfd371 > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories Traceback (most > recent call last): > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File > "/opt/stack/barbican/barbican/model/repositories.py", line 354, in get > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories entity = > query.one() > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File > "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line > 2699, in one > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories raise > orm_exc.NoResultFound("No row was found for one()") > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories NoResultFound: > No row was found for one() > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories > 2016-02-29 13:43:17.398 ERROR barbican.api.controllers > [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Webob error seen > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers Traceback (most > recent call last): > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 104, in > handler > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 90, in > enforcer > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 146, in > content_types_enforcer > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in > on_post > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers > controllers.containers.container_not_found() > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in > container_not_found > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers > pecan.abort(404, u._('Not Found. Sorry but your container is in ' > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers exec('raise > webob_exception, None, traceback') > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in > on_post > 2016-02-29 13:43:17.398 TRACE barbica
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
As Adam stated, it could be any of those reasons. Mainly look for the credentials defined under [service_auth] section of lbaas conf file. Most importantly the credentials, tenant (or project) name should be the same as the user that created the container. This is assuming you aren't using ACLs'. On Mon, Feb 29, 2016 at 2:07 PM, Phillip Toohill < phillip.tooh...@rackspace.com> wrote: > Is the create LB happening on a different user than the one that created > the barbican container? Maybe im not looking at it right, but cant tell > from this. > > > Phillip V. Toohill III > Software Developer > phone: 210-312-4366 > mobile: 210-440-8374 > > > > -- > *From:* Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> > *Sent:* Monday, February 29, 2016 3:47 PM > > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container > could not be found > > Is what I can see the error logs in barbican svc screen while I create TLS > listener like this: http://paste.openstack.org/show/xVl9iuJtGW03fCGetDm3/ > > 2016-02-29 13:42:55.222 INFO barbican.api.middleware.context > [req-65fd0f08-4c1e-4b2f-9cbd-64f186365077 afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Processed request: 404 Not Found - POST > http://192.168.109.129:9311/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ > {address space usage: 220770304 bytes/210MB} {rss usage: 101371904 > bytes/96MB} [pid: 52558|app: 0|req: 75/75] 192.168.109.129 () {34 vars in > 598 bytes} [Mon Feb 29 13:42:55 2016] POST > /v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated > 111 bytes in 214 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on > core 0) > 2016-02-29 13:43:17.397 ERROR barbican.model.repositories > [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Not found for > d96dccd5-0d39-4f67-ba3a-366a84cfd371 > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories Traceback (most > recent call last): > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File > "/opt/stack/barbican/barbican/model/repositories.py", line 354, in get > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories entity = > query.one() > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories File > "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line > 2699, in one > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories raise > orm_exc.NoResultFound("No row was found for one()") > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories NoResultFound: > No row was found for one() > 2016-02-29 13:43:17.397 TRACE barbican.model.repositories > 2016-02-29 13:43:17.398 ERROR barbican.api.controllers > [req-0554f272-f711-49b7-a1f7-3b8bc87b431b afaa5d797f3543369d05e370a543ef9d > c141e106a7424d1a8316cf03a8c91e40] Webob error seen > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers Traceback (most > recent call last): > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 104, in > handler > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 90, in > enforcer > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 146, in > content_types_enforcer > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers return fn(inst, > *args, **kwargs) > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in > on_post > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers > controllers.containers.container_not_found() > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in > container_not_found > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers > pecan.abort(404, u._('Not Found. Sorry but your container is in ' > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers File > "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort > 2016-02-29 13:43:17.398 TRACE barbican.api.controllers exec('raise > webob_exception, None, traceback') > 2016-02-29 13:43:17.398 TRACE bar
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
/v1/containers/d96dccd5-0d39-4f67-ba3a-366a84cfd371/consumers/ => generated 111 bytes in 63 msecs (HTTP/1.1 404) 4 headers in 179 bytes (1 switches on core 0) On Mon, Feb 29, 2016 at 1:40 PM, Phillip Toohill < phillip.tooh...@rackspace.com> wrote: > To further my thoughts, as Adam mentioned, it could be a user issue, which > to me is what it sounds like. So being able to view the config and have > other information is pertinent to solving the issue. > > > Phillip V. Toohill III > Software Developer > phone: 210-312-4366 > mobile: 210-440-8374 > > > > -- > *From:* Phillip Toohill <phillip.tooh...@rackspace.com> > *Sent:* Monday, February 29, 2016 3:33 PM > > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container > could not be found > > > We could use some more information. > > > Phillip V. Toohill III > Software Developer > phone: 210-312-4366 > mobile: 210-440-8374 > > > > ------------------ > *From:* Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> > *Sent:* Monday, February 29, 2016 3:21 PM > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container > could not be found > > Wondering, have you guys figured out this issue? I am seeing the same > problem that Jiahao is getting. > > On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harw...@rackspace.com> > wrote: > >> Could you provide your neutron-lbaas.conf? Depending on what version >> you're using, barbican may not be the default secret backend (I believe >> this has been fixed). Alternatively, it depends on what user accounts are >> involved -- this should definitely work if you are using only the single >> admin account, but we haven't done a lot of testing around the ACLs yet to >> make sure they are working (and I believe there is still an outstanding bug >> in Barbican that would cause the ACLs to not function properly in our >> use-case). >> >> >> --Adam >> >> >> -- >> *From:* Jiahao Liang <jiahao.li...@oneconvergence.com> >> *Sent:* Thursday, January 28, 2016 12:18 AM >> *To:* openstack-dev@lists.openstack.org >> *Subject:* [openstack-dev] [Neutron][LBaaS][barbican]TLS container could >> not be found >> >> Hi community, >> >> I was going through >> https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer >> with >> devstack. I was stuck at a point when I tried to create a listener within a >> loadbalancer with this command: >> >> neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 >> --protocol TERMINATED_HTTPS --name listener1 >> --default-tls-container=$(barbican secret container list | awk '/ >> tls_container / {print $2}') >> >> But the command failed with output: >> >> TLS container >> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 >> could not be found >> >> >> When I run: >> >> barbican secret container list >> >> I was able to see the corresponding container in the list and the status >> is active. >> (Sorry, the format is a little bit ugly.) >> >> +++---++-+-+---+ >> | Container href >> | Name | Created | Status | Type >> | Secrets >> | Consumers | >> >> +++---++-+-+---+ >> | >> http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 >> | >> tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | >> private_key= >> http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | >> None | >> | >>|| || >> | certificate= >> http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | >> | >> | >> http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee >> | >&g
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
To further my thoughts, as Adam mentioned, it could be a user issue, which to me is what it sounds like. So being able to view the config and have other information is pertinent to solving the issue. Phillip V. Toohill III Software Developer [http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png] phone: 210-312-4366 mobile: 210-440-8374 From: Phillip Toohill <phillip.tooh...@rackspace.com> Sent: Monday, February 29, 2016 3:33 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found We could use some more information. Phillip V. Toohill III Software Developer [http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png] phone: 210-312-4366 mobile: 210-440-8374 From: Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> Sent: Monday, February 29, 2016 3:21 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting. On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harw...@rackspace.com<mailto:adam.harw...@rackspace.com>> wrote: Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case). --Adam From: Jiahao Liang <jiahao.li...@oneconvergence.com<mailto:jiahao.li...@oneconvergence.com>> Sent: Thursday, January 28, 2016 12:18 AM To: openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org> Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found Hi community, I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command: neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}') But the command failed with output: TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found When I run: barbican secret container list I was able to see the corresponding container in the list and the status is active. (Sorry, the format is a little bit ugly.) +++---++-+-+---+ | Container href | Name | Created | Status | Type| Secrets | Consumers | +++---++-+-+---+ | http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None | | || || | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | | | http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None | | || || | certificate=http://192.168.100.149:9311/v1/se
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
We could use some more information. Phillip V. Toohill III Software Developer [http://600a2794aa4ab5bae6bd-8d3014ab8e4d12d3346853d589a26319.r53.cf1.rackcdn.com/signatures/images/rackspace_logo.png] phone: 210-312-4366 mobile: 210-440-8374 From: Madhusudhan Kandadai <madhusudhan.openst...@gmail.com> Sent: Monday, February 29, 2016 3:21 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting. On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harw...@rackspace.com<mailto:adam.harw...@rackspace.com>> wrote: Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case). --Adam From: Jiahao Liang <jiahao.li...@oneconvergence.com<mailto:jiahao.li...@oneconvergence.com>> Sent: Thursday, January 28, 2016 12:18 AM To: openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org> Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found Hi community, I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command: neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}') But the command failed with output: TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found When I run: barbican secret container list I was able to see the corresponding container in the list and the status is active. (Sorry, the format is a little bit ugly.) +++---++-+-+---+ | Container href | Name | Created | Status | Type| Secrets | Consumers | +++---++-+-+---+ | http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None | | || || | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | | | http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None | | || || | certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 | | +++---++-+-+---+ Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container. Anybody could give some advice on how to fix this problem? Thank you in advance! Best, Jiahao Liang __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: opens
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Wondering, have you guys figured out this issue? I am seeing the same problem that Jiahao is getting. On Thu, Feb 4, 2016 at 9:53 AM, Adam Harwell <adam.harw...@rackspace.com> wrote: > Could you provide your neutron-lbaas.conf? Depending on what version > you're using, barbican may not be the default secret backend (I believe > this has been fixed). Alternatively, it depends on what user accounts are > involved -- this should definitely work if you are using only the single > admin account, but we haven't done a lot of testing around the ACLs yet to > make sure they are working (and I believe there is still an outstanding bug > in Barbican that would cause the ACLs to not function properly in our > use-case). > > > --Adam > > > -- > *From:* Jiahao Liang <jiahao.li...@oneconvergence.com> > *Sent:* Thursday, January 28, 2016 12:18 AM > *To:* openstack-dev@lists.openstack.org > *Subject:* [openstack-dev] [Neutron][LBaaS][barbican]TLS container could > not be found > > Hi community, > > I was going through > https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer > with > devstack. I was stuck at a point when I tried to create a listener within a > loadbalancer with this command: > > neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 > --protocol TERMINATED_HTTPS --name listener1 > --default-tls-container=$(barbican secret container list | awk '/ > tls_container / {print $2}') > > But the command failed with output: > > TLS container > http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 > could not be found > > > When I run: > > barbican secret container list > > I was able to see the corresponding container in the list and the status > is active. > (Sorry, the format is a little bit ugly.) > > +++---++-+-+---+ > | Container href > | Name | Created | Status | Type| > Secrets > | Consumers | > > +++---++-+-+---+ > | > http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 > | > tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | > private_key= > http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | > None | > | >|| || > | certificate= > http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | > | > | > http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee > | > tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | > private_key= > http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | > None | > | >|| || > | certificate= > http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 | > | > > +++---++-+-+---+ > > > Also, if I did a GET method from a RESTful client with correct > X-Auth-Token to the url: > http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, > I was able to receive the JSON information of the TLS container. > > > Anybody could give some advice on how to fix this problem? > > Thank you in advance! > > Best, > Jiahao Liang > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Could you provide your neutron-lbaas.conf? Depending on what version you're using, barbican may not be the default secret backend (I believe this has been fixed). Alternatively, it depends on what user accounts are involved -- this should definitely work if you are using only the single admin account, but we haven't done a lot of testing around the ACLs yet to make sure they are working (and I believe there is still an outstanding bug in Barbican that would cause the ACLs to not function properly in our use-case). ?--Adam From: Jiahao Liang <jiahao.li...@oneconvergence.com> Sent: Thursday, January 28, 2016 12:18 AM To: openstack-dev@lists.openstack.org Subject: [openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found Hi community, I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command: neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}') But the command failed with output: TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found When I run: barbican secret container list I was able to see the corresponding container in the list and the status is active. (Sorry, the format is a little bit ugly.) +++---++-+-+---+ | Container href | Name | Created | Status | Type| Secrets | Consumers | +++---++-+-+---+ | http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None | | || || | certificate=http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | | | http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key=http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None | | || || | certificate=http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 | | +++---++-+-+---+ Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container. Anybody could give some advice on how to fix this problem? Thank you in advance! Best, Jiahao Liang __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron][LBaaS][barbican]TLS container could not be found
Hi community, I was going through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. I was stuck at a point when I tried to create a listener within a loadbalancer with this command: neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}') But the command failed with output: TLS container http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 could not be found When I run: barbican secret container list I was able to see the corresponding container in the list and the status is active. (Sorry, the format is a little bit ugly.) +++---++-+-+---+ | Container href | Name | Created | Status | Type| Secrets | Consumers | +++---++-+-+---+ | http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e34 | tls_container | 2016-01-28 04:58:42+00:00 | ACTIVE | certificate | private_key= http://192.168.100.149:9311/v1/secrets/1bbe33fc-ecd2-43e5-82ce-34007b9f6bfd | None | | || || | certificate= http://192.168.100.149:9311/v1/secrets/6d0211c6-8515-4e55-b1cf-587324a79abe | | | http://192.168.100.149:9311/v1/containers/31045466-bf7b-426f-9ba8-135c260418ee | tls_container2 | 2016-01-28 04:59:05+00:00 | ACTIVE | certificate | private_key= http://192.168.100.149:9311/v1/secrets/dba18cbc-9bfe-499e-931e-90574843ca10 | None | | || || | certificate= http://192.168.100.149:9311/v1/secrets/23e11441-d119-4b24-a288-9ddc963cb698 | | +++---++-+-+---+ Also, if I did a GET method from a RESTful client with correct X-Auth-Token to the url: http://192.168.100.149:9311/v1/containers/d8b25d56-4fc5-406d-8b2d-5a85de2a1e3, I was able to receive the JSON information of the TLS container. Anybody could give some advice on how to fix this problem? Thank you in advance! Best, Jiahao Liang __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev