** Also affects: octavia
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1592612
Title:
LBaaS TLS is not working with non-admin tenant
Status in Barbican:
New
Status in neutron:
New
Status in octavia:
New
Bug description:
I went through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-
to-create-tls-loadbalancer with devstack. And all my branches were set
to stable/mitaka.
If I set my user and tenant as "admin admin", the workflow passed.
But it failed if I set the user and tenant to "admin demo" and rerun all the
steps.
Steps to reproduce:
1. source ~/devstack/openrc admin demo
2. barbican secret store --payload-content-type='text/plain'
--name='certificate' --payload="$(cat server.crt)"
3. barbican secret store --payload-content-type='text/plain'
--name='private_key' --payload="$(cat server.key)"
4 .barbican secret container create --name='tls_container'
--type='certificate' --secret="certificate=$(barbican secret list | awk '/
certificate / {print $2}')" --secret="private_key=$(barbican secret list | awk
'/ private_key / {print $2}')"
5. neutron lbaas-loadbalancer-create $(neutron subnet-list | awk '/
private-subnet / {print $2}') --name lb1
6. neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443
--protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican
secret container list | awk '/ tls_container / {print $2}')
The error msg I got is
$ neutron lbaas-listener-create --loadbalancer
738689bd-b54e-485e-b742-57bd6e812270 --protocol-port 443 --protocol
TERMINATED_HTTPS --name listener2 --default-tls-container=$(barbican secret
container list | awk '/ tls_container / {print $2}')
WARNING:barbicanclient.barbican:This Barbican CLI interface has been
deprecated and will be removed in the O release. Please use the openstack
unified client instead.
DEBUG:stevedore.extension:found extension EntryPoint.parse('table =
cliff.formatters.table:TableFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('json =
cliff.formatters.json_format:JSONFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('csv =
cliff.formatters.commaseparated:CSVLister')
DEBUG:stevedore.extension:found extension EntryPoint.parse('value =
cliff.formatters.value:ValueFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('yaml =
cliff.formatters.yaml_format:YAMLFormatter')
DEBUG:barbicanclient.client:Creating Client object
DEBUG:barbicanclient.containers:Listing containers - offset 0 limit 10 name
None type None
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
http://192.168.100.148:5000/v2.0/tokens
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection
(1): 192.168.100.148
Starting new HTTP connection (1): 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1"
200 3924
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET
http://192.168.100.148:9311 -H "Accept: application/json" -H "User-Agent:
python-keystoneclient"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection
(1): 192.168.100.148
Starting new HTTP connection (1): 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"GET / HTTP/1.1" 300 353
DEBUG:keystoneclient.session:RESP: [300] Content-Length: 353 Content-Type:
application/json; charset=UTF-8 Connection: close
RESP BODY: {"versions": {"values": [{"status": "stable", "updated":
"2015-04-28T00:00:00Z", "media-types": [{"base": "application/json", "type":
"application/vnd.openstack.key-manager-v1+json"}], "id": "v1", "links":
[{"href": "http://192.168.100.148:9311/v1/";, "rel": "self"}, {"href":
"http://docs.openstack.org/";, "type": "text/html", "rel": "describedby"}]}]}}
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET
http://192.168.100.148:9311/v1/containers -H "User-Agent:
python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token:
{SHA1}203d7de65f6cfb1fb170437ae2da98fef35f0942"
INFO:requests.packages.urllib3.connectionpool:Resetting dropped connection:
192.168.100.148
Resetting dropped connection: 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"GET
/v1/containers?limit=10&offset=0 HTTP/1.1" 200 585
DEBUG:keystoneclient.session:RESP: [200] Connection: close Content-Type:
application/json; charset=UTF-8 Content-Length: 585 x-openstack-request-id:
req-aa4bb861-3d1d-42c6-be3d-5d3935622043
RESP BODY: {"total": 1, "containers": [{"status": "ACTIVE", "updated":
"2016-06-10T01:14:45", "name": "tls_container", "consumers": [], "created":
"2016-06-10T01:14:45", "container_ref":
"http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801";,
"creator_id": "9ee7d4959bc74d2988d50e0e3a965c64", "secret_refs":
[{"secret_ref":
"http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537";,
"name": "certificate"}, {"secret_ref":
"http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600";,
"name": "private_key"}], "type": "certificate"}]}
DEBUG:barbicanclient.client:Response status 200
DEBUG:barbicanclient.secrets:Getting secret - Secret href:
http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600
DEBUG:barbicanclient.secrets:Getting secret - Secret href:
http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537
TLS container
http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801
could not be found
Neutron server returns request_ids:
['req-82d53607-3596-4eeb-b4ac-b96d9f861dc0']
============================
The related barbican-svc log:
2016-06-10 12:25:26.135 INFO barbican.api.controllers.containers
[req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcae
eb3b 9b07426f96574e27a18e596fb15ee5ec] Retrieved container list for project:
9b07426f96574e27a18e596fb15ee5ec
2016-06-10 12:25:26.137 INFO barbican.api.middleware.context
[req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcaeeb3b
9b07426f96574e27a18e596fb15ee5ec] Processed request: 200 OK - GET
http://192.168.100.149:9311/v1/containers?limit=10&offset=0
{address space usage: 215629824 bytes/205MB} {rss usage: 100933632
bytes/96MB} [pid: 4671|app: 0|req: 117/117] 192.168.100.149 () {30 v
ars in 465 bytes} [Fri Jun 10 12:25:25 2016] GET
/v1/containers?limit=10&offset=0 => generated 585 bytes in 155 msecs (HTTP/1.1
200) 4
headers in 172 bytes (1 switches on core 0)
2016-06-10 12:25:28.183 ERROR barbican.model.repositories
[req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d2
4f00aff0b24f4ea7f37d193129d532] Not found for
8daec3a0-1582-4d59-ba04-be11d0c2d036
2016-06-10 12:25:28.183 TRACE barbican.model.repositories Traceback (most
recent call last):
2016-06-10 12:25:28.183 TRACE barbican.model.repositories File
"/opt/stack/barbican/barbican/model/repositories.py", line 358, in get
2016-06-10 12:25:28.183 TRACE barbican.model.repositories entity =
query.one()
2016-06-10 12:25:28.183 TRACE barbican.model.repositories File
"/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line
2699, in one
2016-06-10 12:25:28.183 TRACE barbican.model.repositories raise
orm_exc.NoResultFound("No row was found for one()")
2016-06-10 12:25:28.183 TRACE barbican.model.repositories NoResultFound: No
row was found for one()
2016-06-10 12:25:28.183 TRACE barbican.model.repositories
2016-06-10 12:25:28.184 ERROR barbican.api.controllers
[req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b
d24f00aff0b24f4ea7f37d193129d532] Webob error seen
2016-06-10 12:25:28.184 TRACE barbican.api.controllers Traceback (most recent
call last):
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/__init__.py", line 102, in handler
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst,
*args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/__init__.py", line 88, in enforcer
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst,
*args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/__init__.py", line 144, in
content_types_enforcer
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst,
*args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in
on_post
2016-06-10 12:25:28.184 TRACE barbican.api.controllers
controllers.containers.container_not_found()
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in
container_not_found
2016-06-10 12:25:28.184 TRACE barbican.api.controllers pecan.abort(404,
u._('Not Found. Sorry but your container is in '
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort
2016-06-10 12:25:28.184 TRACE barbican.api.controllers exec('raise
webob_exception, None, traceback')
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in
on_post
2016-06-10 12:25:28.184 TRACE barbican.api.controllers
external_project_id)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/model/repositories.py", line 364, in get
2016-06-10 12:25:28.184 TRACE barbican.api.controllers
_raise_entity_not_found(self._do_entity_name(), entity_id)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File
"/opt/stack/barbican/barbican/model/repositories.py", line 2250, in
_raise_entity_not_found
2016-06-10 12:25:28.184 TRACE barbican.api.controllers id=entity_id))
2016-06-10 12:25:28.184 TRACE barbican.api.controllers HTTPNotFound: Not
Found. Sorry but your container is in another castle.
2016-06-10 12:25:28.184 TRACE barbican.api.controllers
2016-06-10 12:25:28.187 INFO barbican.api.middleware.context
[req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b
d24f00aff0b24f4ea7f37d193129d532] Processed request: 404 Not Found - POST
http://192.168.100.149:9311/v1/containers/8daec3a0-1582-4d59-ba04-be11d0c2d036/consumers/
To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1592612/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
