OpenStack Magnum Charm

Unable to create magnum k8s cluster in non admin tenant

Bug #2009028 reported by TCSECP on 2023-03-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Magnum Charm	Expired	Undecided	Unassigned

Bug Description

Hi Team,

I am able to create magnum k8s cluster as a admin with admin_domain trustee. But facing issue when I create magnum k8s cluster in non admin tenant. Please check the below steps.

openstack domain create --description "Magnum Domain" magnumk8s
openstack project create --domain magnumk8s --description "k8s magnum Project" alpha4paas
openstack user create --domain magnumk8s --password-prompt k8spaasmagnum
openstack role create admin --domain magnumk8s
openstack role add --project alpha4paas --user 2fba8c754c9246e4a3221348034da957 admin
openstack role create member --domain magnumk8s

issue logs:

, line 63, in request
2022-09-22 21:54:45.156 100506 ERROR magnum.service.periodic self._check_status_code(resp)
2022-09-22 21:54:45.156 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 97, in _check_status_code
2022-09-22 21:54:45.156 100506 ERROR magnum.service.periodic raise exceptions.HTTPServerError(
2022-09-22 21:54:45.156 100506 ERROR magnum.service.periodic barbicanclient.exceptions.HTTPServerError: Internal Server Erro : Secret payload retrieval failure seen - please contact site administrator.
2022-09-22 21:54:45.156 100506 ERROR magnum.service.periodic
2022-09-24 20:58:25.345 100506 ERROR barbicanclient.client [-] 5xx Server error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-24 20:58:25.346 100506 WARNING magnum.service.periodic [-] Skip pulling data from cluster 297d6e3f-32c5-471c-bbd8-5e4bfeeca25f due to error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.: barbicanclient.exceptions.HTTPServerError: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic Traceback (most recent call last):
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/service/periodic.py", line 106, in _update_health_status
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic monitor.poll_health_status()
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/drivers/common/k8s_monitor.py", line 55, in poll_health_status
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic k8s_api = k8s.create_k8s_api(self.context, self.cluster)
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 145, in create_k8s_api
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic return K8sAPI(context, cluster)
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 114, in __init__
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic self.cert_file) = create_client_files(cluster, context)
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/handlers/common/cert_manager.py", line 154, in create_client_files
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic ca_file.write(encodeutils.safe_decode(ca_cert.get_certificate()))
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/common/cert_manager/barbican_cert_manager.py", line 44, in get_certificate
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic return self._cert_container.certificate.payload
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 193, in payload
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic self._fetch_payload()
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 271, in _fetch_payload
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic payload = self._api._get_raw(payload_url, headers=headers)
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 83, in _get_raw
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic return self.request(path, 'GET', *args, **kwargs).content
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 63, in request
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic self._check_status_code(resp)
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 97, in _check_status_code
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic raise exceptions.HTTPServerError(
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic barbicanclient.exceptions.HTTPServerError: Internal Server Erro : Secret payload retrieval failure seen - please contact site administrator.
2022-09-24 20:58:25.346 100506 ERROR magnum.service.periodic
2022-09-25 01:29:05.593 100506 ERROR barbicanclient.client [-] 5xx Server error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 01:29:05.594 100506 WARNING magnum.service.periodic [-] Skip pulling data from cluster dd945a3c-3bc9-4f3b-84c9-788bdfc32192 due to error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.: barbicanclient.exceptions.HTTPServerError: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic Traceback (most recent call last):
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/service/periodic.py", line 106, in _update_health_status
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic monitor.poll_health_status()
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/drivers/common/k8s_monitor.py", line 55, in poll_health_status
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic k8s_api = k8s.create_k8s_api(self.context, self.cluster)
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 145, in create_k8s_api
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic return K8sAPI(context, cluster)
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 114, in __init__
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic self.cert_file) = create_client_files(cluster, context)
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/handlers/common/cert_manager.py", line 163, in create_client_files
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic cert_file.write(encodeutils.safe_decode(magnum_cert.get_certificate()))
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/common/cert_manager/barbican_cert_manager.py", line 44, in get_certificate
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic return self._cert_container.certificate.payload
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 193, in payload
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic self._fetch_payload()
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 271, in _fetch_payload
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic payload = self._api._get_raw(payload_url, headers=headers)
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 83, in _get_raw
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic return self.request(path, 'GET', *args, **kwargs).content
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 63, in request
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic self._check_status_code(resp)
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 97, in _check_status_code
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic raise exceptions.HTTPServerError(
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic barbicanclient.exceptions.HTTPServerError: Internal Server Erro : Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 01:29:05.594 100506 ERROR magnum.service.periodic
2022-09-25 16:55:44.970 100506 ERROR barbicanclient.client [-] 5xx Server error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 16:55:44.971 100506 WARNING magnum.service.periodic [-] Skip pulling data from cluster dd945a3c-3bc9-4f3b-84c9-788bdfc32192 due to error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.: barbicanclient.exceptions.HTTPServerError: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic Traceback (most recent call last):
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/service/periodic.py", line 106, in _update_health_status
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic monitor.poll_health_status()
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/drivers/common/k8s_monitor.py", line 55, in poll_health_status
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic k8s_api = k8s.create_k8s_api(self.context, self.cluster)
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 145, in create_k8s_api
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic return K8sAPI(context, cluster)
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/k8s_api.py", line 114, in __init__
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic self.cert_file) = create_client_files(cluster, context)
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/conductor/handlers/common/cert_manager.py", line 154, in create_client_files
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic ca_file.write(encodeutils.safe_decode(ca_cert.get_certificate()))
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/magnum/common/cert_manager/barbican_cert_manager.py", line 44, in get_certificate
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic return self._cert_container.certificate.payload
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 193, in payload
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic self._fetch_payload()
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/v1/secrets.py", line 271, in _fetch_payload
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic payload = self._api._get_raw(payload_url, headers=headers)
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 83, in _get_raw
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic return self.request(path, 'GET', *args, **kwargs).content
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 63, in request
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic self._check_status_code(resp)
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic File "/usr/lib/python3/dist-packages/barbicanclient/client.py", line 97, in _check_status_code
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic raise exceptions.HTTPServerError(
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic barbicanclient.exceptions.HTTPServerError: Internal Server Erro : Secret payload retrieval failure seen - please contact site administrator.
2022-09-25 16:55:44.971 100506 ERROR magnum.service.periodic
^C
root@juju-558e26-1-lxd-24:/var/log/magnum#

Revision history for this message

Felipe Reyes (freyes) wrote on 2023-03-02:

Hi, please could you check the logs in barbican?, because error is coming from the barbican's server side

2022-09-24 20:58:25.345 100506 ERROR barbicanclient.client [-] 5xx Server error: Internal Server Error: Secret payload retrieval failure seen - please contact site administrator.

no longer affects:	charm-hacluster
Changed in charm-magnum:
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-02:

[Expired for OpenStack Magnum Charm because there has been no activity for 60 days.]

Changed in charm-magnum:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.