← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #56826

[Bug 1592612] Re: TLS container could not be found

  Thread PreviousDate PreviousThread Next 
barbican-svc.log:

2016-09-20 18:16:08.589 4594 INFO barbican.api.controllers.consumers [req-a6d0b546-588a-4b66
-b4e5-46e383e212d2 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Created a consumer for project: 18b17f7d621b44c083a04518d256ed3d
2016-09-20 18:16:08.643 4594 INFO barbican.api.middleware.context [req-a6d0b546-588a-4b66-b4e5-46e383e212d2 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Processed request: 200 OK - POST http://192.168.200.43:9311/v1/containers/2817e144-9f11-4bed-a14e-0390edf89659/consumers/
{address space usage: 220184576 bytes/209MB} {rss usage: 105312256 bytes/100MB} [pid: 4594|app: 0|req: 103/103] 192.168.200.43 () {34 vars in 609 bytes} [Tue Sep 20 18:16:08 2016] POST /v1/containers/2817e144-9f11-4bed-a14e-0390edf89659/consumers/ => generated 647 bytes in 211 msecs (HTTP/1.1 200) 5 headers in 270 bytes (1 switches on core 0)
2016-09-20 18:16:08.682 4594 INFO barbican.api.controllers.secrets [req-e89461f1-04be-4321-a379-251bc9b872db 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Retrieved secret metadata for project: 18b17f7d621b44c083a04518d256ed3d
2016-09-20 18:16:08.684 4594 INFO barbican.api.middleware.context [req-e89461f1-04be-4321-a379-251bc9b872db 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Processed request: 200 OK - GET http://192.168.200.43:9311/v1/secrets/469fe858-44cc-431d-9c7c-a6d7936ed56c
{address space usage: 220184576 bytes/209MB} {rss usage: 105312256 bytes/100MB} [pid: 4594|app: 0|req: 104/104] 192.168.200.43 () {30 vars in 541 bytes} [Tue Sep 20 18:16:08 2016] GET /v1/secrets/469fe858-44cc-431d-9c7c-a6d7936ed56c => generated 396 bytes in 36 msecs (HTTP/1.1 200) 4 headers in 172 bytes (1 switches on core 0)
2016-09-20 18:16:08.723 4594 ERROR barbican.api.controllers [req-a004f2a0-3373-4e30-a70c-71b160200c18 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Secret payload retrieval attempt not allowed - please review your user/project privileges
2016-09-20 18:16:08.724 4594 INFO barbican.api.middleware.context [req-a004f2a0-3373-4e30-a70c-71b160200c18 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Processed request: 403 Forbidden - GET http://192.168.200.43:9311/v1/secrets/469fe858-44cc-431d-9c7c-a6d7936ed56c/payload
{address space usage: 220581888 bytes/210MB} {rss usage: 105684992 bytes/100MB} [pid: 4594|app: 0|req: 105/105] 192.168.200.43 () {30 vars in 551 bytes} [Tue Sep 20 18:16:08 2016] GET /v1/secrets/469fe858-44cc-431d-9c7c-a6d7936ed56c/payload => generated 143 bytes in 37 msecs (HTTP/1.1 403) 4 headers in 179 bytes (1 switches on core 0)
2016-09-20 18:16:08.794 4594 INFO barbican.api.controllers.consumers [req-c7a9c5e3-77a3-4198-bacd-9941d5547a2f 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Deleted a consumer for project: 18b17f7d621b44c083a04518d256ed3d
2016-09-20 18:16:08.835 4594 INFO barbican.api.middleware.context [req-c7a9c5e3-77a3-4198-bacd-9941d5547a2f 57600ccd1a31429a897d45709a3c1035 18b17f7d621b44c083a04518d256ed3d - default default] Processed request: 200 OK - DELETE http://192.168.200.43:9311/v1/containers/2817e144-9f11-4bed-a14e-0390edf89659/consumers
{address space usage: 220319744 bytes/210MB} {rss usage: 105664512 bytes/100MB} [pid: 4594|app: 0|req: 106/106] 192.168.200.43 () {34 vars in 609 bytes} [Tue Sep 20 18:16:08 2016] DELETE /v1/containers/2817e144-9f11-4bed-a14e-0390edf89659/consumers => generated 552 bytes in 106 msecs (HTTP/1.1 200) 4 headers in 172 bytes (1 switches on core 0)

** This bug is no longer a duplicate of bug 1519170
   LBaaS user needs permissions to POST consumers

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1592612

Title:
  TLS container could not be found

Status in Barbican:
  New
Status in neutron:
  New

Bug description:
  I went through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-
  to-create-tls-loadbalancer with devstack. And all my branches were set
  to stable/mitaka.

  If I set my user and tenant as "admin admin", the workflow passed.
  But it failed if I set the user and tenant to "admin demo" and rerun all the steps.

  Steps to reproduce:
  1. source ~/devstack/openrc admin demo
  2. barbican secret store --payload-content-type='text/plain' --name='certificate' --payload="$(cat server.crt)"
  3. barbican secret store --payload-content-type='text/plain' --name='private_key' --payload="$(cat server.key)"
  4 .barbican secret container create --name='tls_container' --type='certificate' --secret="certificate=$(barbican secret list | awk '/ certificate / {print $2}')" --secret="private_key=$(barbican secret list | awk '/ private_key / {print $2}')"
  5. neutron lbaas-loadbalancer-create $(neutron subnet-list | awk '/ private-subnet / {print $2}') --name lb1
  6. neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')

  
  The error msg I got is 
  $ neutron lbaas-listener-create --loadbalancer 738689bd-b54e-485e-b742-57bd6e812270 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener2 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
  WARNING:barbicanclient.barbican:This Barbican CLI interface has been deprecated and will be removed in the O release. Please use the openstack unified client instead.
  DEBUG:stevedore.extension:found extension EntryPoint.parse('table = cliff.formatters.table:TableFormatter')
  DEBUG:stevedore.extension:found extension EntryPoint.parse('json = cliff.formatters.json_format:JSONFormatter')
  DEBUG:stevedore.extension:found extension EntryPoint.parse('csv = cliff.formatters.commaseparated:CSVLister')
  DEBUG:stevedore.extension:found extension EntryPoint.parse('value = cliff.formatters.value:ValueFormatter')
  DEBUG:stevedore.extension:found extension EntryPoint.parse('yaml = cliff.formatters.yaml_format:YAMLFormatter')
  DEBUG:barbicanclient.client:Creating Client object
  DEBUG:barbicanclient.containers:Listing containers - offset 0 limit 10 name None type None
  DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://192.168.100.148:5000/v2.0/tokens
  INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.100.148
  Starting new HTTP connection (1): 192.168.100.148
  DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3924
  DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://192.168.100.148:9311 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
  INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.100.148
  Starting new HTTP connection (1): 192.168.100.148
  DEBUG:requests.packages.urllib3.connectionpool:"GET / HTTP/1.1" 300 353
  DEBUG:keystoneclient.session:RESP: [300] Content-Length: 353 Content-Type: application/json; charset=UTF-8 Connection: close
  RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-04-28T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.key-manager-v1+json"}], "id": "v1", "links": [{"href": "http://192.168.100.148:9311/v1/";, "rel": "self"}, {"href": "http://docs.openstack.org/";, "type": "text/html", "rel": "describedby"}]}]}}
  DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://192.168.100.148:9311/v1/containers -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}203d7de65f6cfb1fb170437ae2da98fef35f0942"
  INFO:requests.packages.urllib3.connectionpool:Resetting dropped connection: 192.168.100.148
  Resetting dropped connection: 192.168.100.148
  DEBUG:requests.packages.urllib3.connectionpool:"GET /v1/containers?limit=10&offset=0 HTTP/1.1" 200 585
  DEBUG:keystoneclient.session:RESP: [200] Connection: close Content-Type: application/json; charset=UTF-8 Content-Length: 585 x-openstack-request-id: req-aa4bb861-3d1d-42c6-be3d-5d3935622043
  RESP BODY: {"total": 1, "containers": [{"status": "ACTIVE", "updated": "2016-06-10T01:14:45", "name": "tls_container", "consumers": [], "created": "2016-06-10T01:14:45", "container_ref": "http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801";, "creator_id": "9ee7d4959bc74d2988d50e0e3a965c64", "secret_refs": [{"secret_ref": "http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537";, "name": "certificate"}, {"secret_ref": "http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600";, "name": "private_key"}], "type": "certificate"}]}
  DEBUG:barbicanclient.client:Response status 200
  DEBUG:barbicanclient.secrets:Getting secret - Secret href: http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600
  DEBUG:barbicanclient.secrets:Getting secret - Secret href: http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537
  TLS container http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801 could not be found
  Neutron server returns request_ids: ['req-82d53607-3596-4eeb-b4ac-b96d9f861dc0']


  ============================

  
  The related barbican-svc log:
  2016-06-10 12:25:26.135 INFO barbican.api.controllers.containers [req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcae
  eb3b 9b07426f96574e27a18e596fb15ee5ec] Retrieved container list for project: 9b07426f96574e27a18e596fb15ee5ec
  2016-06-10 12:25:26.137 INFO barbican.api.middleware.context [req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcaeeb3b
   9b07426f96574e27a18e596fb15ee5ec] Processed request: 200 OK - GET http://192.168.100.149:9311/v1/containers?limit=10&offset=0
  {address space usage: 215629824 bytes/205MB} {rss usage: 100933632 bytes/96MB} [pid: 4671|app: 0|req: 117/117] 192.168.100.149 () {30 v
  ars in 465 bytes} [Fri Jun 10 12:25:25 2016] GET /v1/containers?limit=10&offset=0 => generated 585 bytes in 155 msecs (HTTP/1.1 200) 4
  headers in 172 bytes (1 switches on core 0) 
  2016-06-10 12:25:28.183 ERROR barbican.model.repositories [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d2
  4f00aff0b24f4ea7f37d193129d532] Not found for 8daec3a0-1582-4d59-ba04-be11d0c2d036
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories Traceback (most recent call last):
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories   File "/opt/stack/barbican/barbican/model/repositories.py", line 358, in get
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories     entity = query.one()
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories   File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line
   2699, in one
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories     raise orm_exc.NoResultFound("No row was found for one()")
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories NoResultFound: No row was found for one()
  2016-06-10 12:25:28.183 TRACE barbican.model.repositories
  2016-06-10 12:25:28.184 ERROR barbican.api.controllers [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d24f00aff0b24f4ea7f37d193129d532] Webob error seen
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers Traceback (most recent call last):
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 102, in handler
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     return fn(inst, *args, **kwargs)
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 88, in enforcer
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     return fn(inst, *args, **kwargs)
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 144, in content_types_enforcer
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     return fn(inst, *args, **kwargs)
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in on_post
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     controllers.containers.container_not_found()
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in container_not_found
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     pecan.abort(404, u._('Not Found. Sorry but your container is in '
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     exec('raise webob_exception, None, traceback')
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in on_post
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     external_project_id)
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/model/repositories.py", line 364, in get
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     _raise_entity_not_found(self._do_entity_name(), entity_id)
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers   File "/opt/stack/barbican/barbican/model/repositories.py", line 2250, in _raise_entity_not_found
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers     id=entity_id))
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers HTTPNotFound: Not Found. Sorry but your container is in another castle.
  2016-06-10 12:25:28.184 TRACE barbican.api.controllers
  2016-06-10 12:25:28.187 INFO barbican.api.middleware.context [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d24f00aff0b24f4ea7f37d193129d532] Processed request: 404 Not Found - POST http://192.168.100.149:9311/v1/containers/8daec3a0-1582-4d59-ba04-be11d0c2d036/consumers/

To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1592612/+subscriptions

References

  Thread PreviousDate PreviousThread Next