I went through https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer with devstack. And all my branches were set to stable/mitaka.
If I set my user and tenant as "admin admin", the workflow passed.
But it failed if I set the user and tenant to "admin demo" and rerun all the steps.
Steps to reproduce:
1. source ~/devstack/openrc admin demo
2. barbican secret store --payload-content-type='text/plain' --name='certificate' --payload="$(cat server.crt)"
3. barbican secret store --payload-content-type='text/plain' --name='private_key' --payload="$(cat server.key)"
4 .barbican secret container create --name='tls_container' --type='certificate' --secret="certificate=$(barbican secret list | awk '/ certificate / {print $2}')" --secret="private_key=$(barbican secret list | awk '/ private_key / {print $2}')"
5. neutron lbaas-loadbalancer-create $(neutron subnet-list | awk '/ private-subnet / {print $2}') --name lb1
6. neutron lbaas-listener-create --loadbalancer lb1 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
The error msg I got is
$ neutron lbaas-listener-create --loadbalancer 738689bd-b54e-485e-b742-57bd6e812270 --protocol-port 443 --protocol TERMINATED_HTTPS --name listener2 --default-tls-container=$(barbican secret container list | awk '/ tls_container / {print $2}')
WARNING:barbicanclient.barbican:This Barbican CLI interface has been deprecated and will be removed in the O release. Please use the openstack unified client instead.
DEBUG:stevedore.extension:found extension EntryPoint.parse('table = cliff.formatters.table:TableFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('json = cliff.formatters.json_format:JSONFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('csv = cliff.formatters.commaseparated:CSVLister')
DEBUG:stevedore.extension:found extension EntryPoint.parse('value = cliff.formatters.value:ValueFormatter')
DEBUG:stevedore.extension:found extension EntryPoint.parse('yaml = cliff.formatters.yaml_format:YAMLFormatter')
DEBUG:barbicanclient.client:Creating Client object
DEBUG:barbicanclient.containers:Listing containers - offset 0 limit 10 name None type None
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://192.168.100.148:5000/v2.0/tokens
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.100.148
Starting new HTTP connection (1): 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3924
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://192.168.100.148:9311 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.100.148
Starting new HTTP connection (1): 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"GET / HTTP/1.1" 300 353
DEBUG:keystoneclient.session:RESP: [300] Content-Length: 353 Content-Type: application/json; charset=UTF-8 Connection: close
RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-04-28T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.key-manager-v1+json"}], "id": "v1", "links": [{"href": "http://192.168.100.148:9311/v1/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://192.168.100.148:9311/v1/containers -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}203d7de65f6cfb1fb170437ae2da98fef35f0942"
INFO:requests.packages.urllib3.connectionpool:Resetting dropped connection: 192.168.100.148
Resetting dropped connection: 192.168.100.148
DEBUG:requests.packages.urllib3.connectionpool:"GET /v1/containers?limit=10&offset=0 HTTP/1.1" 200 585
DEBUG:keystoneclient.session:RESP: [200] Connection: close Content-Type: application/json; charset=UTF-8 Content-Length: 585 x-openstack-request-id: req-aa4bb861-3d1d-42c6-be3d-5d3935622043
RESP BODY: {"total": 1, "containers": [{"status": "ACTIVE", "updated": "2016-06-10T01:14:45", "name": "tls_container", "consumers": [], "created": "2016-06-10T01:14:45", "container_ref": "http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801", "creator_id": "9ee7d4959bc74d2988d50e0e3a965c64", "secret_refs": [{"secret_ref": "http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537", "name": "certificate"}, {"secret_ref": "http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600", "name": "private_key"}], "type": "certificate"}]}
DEBUG:barbicanclient.client:Response status 200
DEBUG:barbicanclient.secrets:Getting secret - Secret href: http://192.168.100.148:9311/v1/secrets/2e25ad05-ecd6-43bd-95fa-046b9cbe2600
DEBUG:barbicanclient.secrets:Getting secret - Secret href: http://192.168.100.148:9311/v1/secrets/c96944b3-174e-418f-8598-8979eafaa537
TLS container http://192.168.100.148:9311/v1/containers/4ca420a1-ed23-4e91-a08a-311dad3df801 could not be found
Neutron server returns request_ids: ['req-82d53607-3596-4eeb-b4ac-b96d9f861dc0']
============================
The related barbican-svc log:
2016-06-10 12:25:26.135 INFO barbican.api.controllers.containers [req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcae
eb3b 9b07426f96574e27a18e596fb15ee5ec] Retrieved container list for project: 9b07426f96574e27a18e596fb15ee5ec
2016-06-10 12:25:26.137 INFO barbican.api.middleware.context [req-e7b592d4-376a-4729-ad20-5dfe9e93b6a4 d2d0cb2842eb450ebe032d70bcaeeb3b
9b07426f96574e27a18e596fb15ee5ec] Processed request: 200 OK - GET http://192.168.100.149:9311/v1/containers?limit=10&offset=0
{address space usage: 215629824 bytes/205MB} {rss usage: 100933632 bytes/96MB} [pid: 4671|app: 0|req: 117/117] 192.168.100.149 () {30 v
ars in 465 bytes} [Fri Jun 10 12:25:25 2016] GET /v1/containers?limit=10&offset=0 => generated 585 bytes in 155 msecs (HTTP/1.1 200) 4
headers in 172 bytes (1 switches on core 0)
2016-06-10 12:25:28.183 ERROR barbican.model.repositories [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d2
4f00aff0b24f4ea7f37d193129d532] Not found for 8daec3a0-1582-4d59-ba04-be11d0c2d036
2016-06-10 12:25:28.183 TRACE barbican.model.repositories Traceback (most recent call last):
2016-06-10 12:25:28.183 TRACE barbican.model.repositories File "/opt/stack/barbican/barbican/model/repositories.py", line 358, in get
2016-06-10 12:25:28.183 TRACE barbican.model.repositories entity = query.one()
2016-06-10 12:25:28.183 TRACE barbican.model.repositories File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line
2699, in one
2016-06-10 12:25:28.183 TRACE barbican.model.repositories raise orm_exc.NoResultFound("No row was found for one()")
2016-06-10 12:25:28.183 TRACE barbican.model.repositories NoResultFound: No row was found for one()
2016-06-10 12:25:28.183 TRACE barbican.model.repositories
2016-06-10 12:25:28.184 ERROR barbican.api.controllers [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d24f00aff0b24f4ea7f37d193129d532] Webob error seen
2016-06-10 12:25:28.184 TRACE barbican.api.controllers Traceback (most recent call last):
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 102, in handler
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 88, in enforcer
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/__init__.py", line 144, in content_types_enforcer
2016-06-10 12:25:28.184 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 143, in on_post
2016-06-10 12:25:28.184 TRACE barbican.api.controllers controllers.containers.container_not_found()
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/containers.py", line 36, in container_not_found
2016-06-10 12:25:28.184 TRACE barbican.api.controllers pecan.abort(404, u._('Not Found. Sorry but your container is in '
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/usr/local/lib/python2.7/dist-packages/pecan/core.py", line 141, in abort
2016-06-10 12:25:28.184 TRACE barbican.api.controllers exec('raise webob_exception, None, traceback')
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/api/controllers/consumers.py", line 141, in on_post
2016-06-10 12:25:28.184 TRACE barbican.api.controllers external_project_id)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 364, in get
2016-06-10 12:25:28.184 TRACE barbican.api.controllers _raise_entity_not_found(self._do_entity_name(), entity_id)
2016-06-10 12:25:28.184 TRACE barbican.api.controllers File "/opt/stack/barbican/barbican/model/repositories.py", line 2250, in _raise_entity_not_found
2016-06-10 12:25:28.184 TRACE barbican.api.controllers id=entity_id))
2016-06-10 12:25:28.184 TRACE barbican.api.controllers HTTPNotFound: Not Found. Sorry but your container is in another castle.
2016-06-10 12:25:28.184 TRACE barbican.api.controllers
2016-06-10 12:25:28.187 INFO barbican.api.middleware.context [req-4aebc499-b92d-4ab1-8b0e-52f12ddabdd2 d2d0cb2842eb450ebe032d70bcaeeb3b d24f00aff0b24f4ea7f37d193129d532] Processed request: 404 Not Found - POST http://192.168.100.149:9311/v1/containers/8daec3a0-1582-4d59-ba04-be11d0c2d036/consumers/
For your reference, my local.conf is as following:
[[local|localrc]]
# The name of the RECLONE environment variable is a bit misleading. It doesn't actually
# reclone repositories, rather it uses git fetch to make sure the repos are current.
RECLONE=True
# Load the external LBaaS plugin.
enable_plugin neutron-lbaas https:/ /git.openstack. org/openstack/ neutron- lbaas stable/mitaka /git.openstack. org/openstack/ octavia stable/mitaka /git.openstack. org/openstack/ barbican stable/mitaka lbaas-dashboard https:/ /git.openstack. org/openstack/ neutron- lbaas-dashboard stable/mitaka
enable_plugin octavia https:/
#enable_plugin octavia /opt/stack/octavia hot-fix
enable_plugin barbican https:/
enable_plugin neutron-
GLANCE_ BRANCH= stable/ mitaka BRANCH= stable/ mitaka BRANCH= stable/ mitaka BRANCH= stable/ mitaka stable/ mitaka BRANCH= stable/ mitaka BRANCH= stable/ mitaka stable/ mitaka BRANCH= stable/ mitaka stable/ mitaka BRANCH= stable/ mitaka
HORIZON_
KEYSTONE_
KESYTONECLIENT_
NOVA_BRANCH=
NOVACLIENT_
NEUTRON_
HEAT_BRANCH=
CEILOMETER_
SWIFT_BRANCH=
CINDER_
LIBS_FROM_ GIT+=python- neutronclient PASSWORD= password password PASSWORD= password TOKEN=password PASSWORD= password
DATABASE_
ADMIN_PASSWORD=
SERVICE_
SERVICE_
RABBIT_
# Enable Logging $DEST/logs/ stack.sh. log LOGDIR= $DEST/logs
LOGFILE=
VERBOSE=True
LOG_COLOR=True
SCREEN_
# Pre-requisites
enable_service rabbit
enable_service mysql
enable_service key
# Horizon
enable_service horizon
# Nova
enable_service n-api
enable_service n-crt
enable_service n-cpu
enable_service n-cond
enable_service n-sch
# Glance
enable_service g-api
enable_service g-reg
# Neutron
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
# Cinder
enable_service c-api
enable_service c-vol
enable_service c-sch
# LBaaS V2 and Octavia MGMT_SUBNET= "192.168. 26.0/24" MGMT_SUBNET_ START=" 192.168. 26.2" MGMT_SUBNET_ END="192. 168.26. 200"
enable_service q-lbaasv2
enable_service octavia
enable_service o-cw
enable_service o-hm
enable_service o-hk
enable_service o-api
OCTAVIA_
OCTAVIA_
OCTAVIA_
# enable DVR
Q_PLUGIN=ml2 NETWORK_ TYPE=vxlan
Q_ML2_TENANT_
Q_DVR_MODE=dvr_snat
IMAGE_URLS+=",http:// download. cirros- cloud.net/ 0.3.4/cirros- 0.3.4-x86_ 64-disk. img"
LOGFILE= $DEST/logs/ stack.sh. log
# Old log files are automatically removed after 7 days to keep things neat. Change
# the number of days by setting ``LOGDAYS``.
LOGDAYS=2