Bug #1822611 “Barbican Vault - “secrets-storage-relation-joined”...” : Bugs : OpenStack Barbican-Vault Charm

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-01:

#1

unit-barbican-vault-3.log Edit (81.7 KiB, text/plain)

Revision history for this message

James Page (james-page) wrote on 2019-04-02:

#2

Please provide details of the bundle being deployed; as discussed on IRC I believe this is due to lack of explicit network space binding in the barbican-vault charm which results in random binding of the spaces by Juju.

Changed in charm-barbican-vault:
status:	New → Incomplete

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-02:

#3

Here is a bundle extract for the Barbican/Barbican Vault service:

......

hacluster-barbican:
    charm: cs:hacluster
    options:
      cluster_count: 3
  hacluster-octavia:
    charm: cs:hacluster
    options:
      cluster_count: 3
  barbican:
    charm: cs:barbican
    num_units: 1
    bindings:
     "": *oam-space
     public: *public-space
     admin: *admin-space
     internal: *internal-space
     shared-db: *internal-space
    options:
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
      region: *openstack-region
      vip: *barbican-vip
      use-internal-endpoints: true
      #os-admin-hostname: *barbican-admin-hostname
      #os-internal-hostname: *barbican-internal-hostname
      #os-public-hostname: *barbican-public-hostname
    to:
    - lxd:0
    - lxd:2
    - lxd:4
  barbican-vault:
    charm: cs:barbican-vault

........

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-02:

#4

There is a typo in the 'barbican' app section I pasted.
Here is the right line:

num_units: 3

Thank you,

Lorenzo

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-02:

#6

I modified the bundle to add an additional barbican-vault binding for
the secrets-storage relation:

applications:
  hacluster-barbican:
    charm: cs:hacluster
    options:
      cluster_count: 3
      #cluster_count: 1
  hacluster-octavia:
    charm: cs:hacluster
    options:
      cluster_count: 3
  barbican:
    charm: cs:barbican
    num_units: 3
    bindings:
     "": *oam-space
     public: *public-space
     admin: *admin-space
     internal: *internal-space
     shared-db: *internal-space
    options:
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
      region: *openstack-region
      vip: *barbican-vip
      use-internal-endpoints: true
      #os-admin-hostname: *barbican-admin-hostname
      #os-internal-hostname: *barbican-internal-hostname
      #os-public-hostname: *barbican-public-hostname
    to:
    - lxd:0
    - lxd:2
    - lxd:4
  barbican-vault:
    charm: cs:barbican-vault
    bindings:
     "": *oam-space
     secrets-storage: *internal-space

I got errors on all the 3 barbican-vault units.
Looks like all those try to reach Vault on the public API network (172.16.255/24) instead of on the internal API network (192.168.10/24) as by the binding definition.
Vault application isn't exposed on the public API network but it's connected with the internal API network only.

juju run --unit barbican-vault/9 "network-get --primary-address secrets-storage"
172.16.255.66

juju run --unit barbican-vault/8 "network-get --primary-address secrets-storage"
172.16.255.70

juju run --unit barbican-vault/7 "network-get --primary-address secrets-storage"
172.16.255.64

Revision history for this message

James Page (james-page) wrote on 2019-04-02:

#7

Unable to reproduce - I've tested with barbican-vault bound to a specific space for the secrets-storage relation and its working just fine.

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-02:

#8

Here is the output of Juju status barbican-vault --format=yaml

https://pastebin.canonical.com/p/3NgTXBk3YQ/

This is the Vault one:

https://pastebin.canonical.com/p/f8xxS5Wvyg/

and this is the overlay bundle I'm using to deploy Octavia/Barbican:

https://pastebin.canonical.com/p/g6CSDb3sP7/

As you can see the barbican-vault endpoint-bindings:

secrets: ""
secrets-storage: ""

are empty even if defined in the bundle:

barbican-vault:
    charm: cs:barbican-vault
    bindings:
     "": *oam-space
     secrets-storage: *internal-space
     secrets: *internal-space

Might it be a Juju bug when it has to deploy overlay bundles?

Revision history for this message

Lorenzo Cavassa (lorenzo-cavassa) wrote on 2019-04-02:

#9

This is the whole Octavia overlay bundle:

https://pastebin.canonical.com/p/X4hNtMCYqr/

Revision history for this message

Heather Lanigan (hmlanigan) wrote on 2019-04-02:

#10

Provided by @lorenzo-cavassa: https://pastebin.canonical.com/p/qQSmt3hdc6/

juju debug-log --include unit-barbican-vault-10

The add relation is failing on:

unit-barbican-vault-10: 15:37:05 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Reactive main running for hook secrets-storage-relation-joined
unit-barbican-vault-10: 15:37:06 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Invoking reactive handler: reactive/barbican_vault_handlers.py:47:plugin_info_barbican_publish
unit-barbican-vault-10: 15:37:06 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Retrieving secret-id from vault (http://x.x.x.x:8200)
unit-barbican-vault-10: 15:37:06 ERROR unit.barbican-vault/10.juju-log secrets-storage:353: Hook error:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 73, in main
    bus.dispatch(restricted=restricted_mode)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
    _invoke(other_handlers)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
    handler.invoke()
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
    self._action(*args)
  File "/var/lib/juju/agents/unit-barbican-vault-10/charm/reactive/barbican_vault_handlers.py", line 62, in plugin_info_barbican_publish
    secrets_storage.unit_token)
  File "lib/charm/vault_utils.py", line 22, in retrieve_secret_id
    response = client._post('/v1/sys/wrapping/unwrap')
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/utils.py", line 169, in new_func
    return method(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/v1/__init__.py", line 2515, in _post
    return self._adapter.post(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 106, in post
    return self.request('post', url, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 265, in request
    utils.raise_for_error(response.status_code, text, errors=errors)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/utils.py", line 29, in raise_for_error
    raise exceptions.InvalidRequest(message, errors=errors)
hvac.exceptions.InvalidRequest: wrapping token is not valid or does not exist

We can check what juju set the bindings to after deploy with "juju config barbican-vault"

Provided by @lorenzo-cavassa: https://pastebin.canonical.com/p/qQSmt3hdc6/

juju debug-log --include unit-barbican-vault-10

The add relation is failing on:

unit-barbican-vault-10: 15:37:05 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Reactive main running for hook secrets-storage-relation-joined
unit-barbican-vault-10: 15:37:06 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Invoking reactive handler: reactive/barbican_vault_handlers.py:47:plugin_info_barbican_publish
unit-barbican-vault-10: 15:37:06 INFO unit.barbican-vault/10.juju-log secrets-storage:353: Retrieving secret-id from vault (http://x.x.x.x:8200)
unit-barbican-vault-10: 15:37:06 ERROR unit.barbican-vault/10.juju-log secrets-storage:353: Hook error:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 73, in main
    bus.dispatch(restricted=restricted_mode)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
    _invoke(other_handlers)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
    handler.invoke()
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
    self._action(*args)
  File "/var/lib/juju/agents/unit-barbican-vault-10/charm/reactive/barbican_vault_handlers.py", line 62, in plugin_info_barbican_publish
    secrets_storage.unit_token)
  File "lib/charm/vault_utils.py", line 22, in retrieve_secret_id
    response = client._post('/v1/sys/wrapping/unwrap')
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/utils.py", line 169, in new_func
    return method(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/v1/__init__.py", line 2515, in _post
    return self._adapter.post(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 106, in post
    return self.request('post', url, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 265, in request
    utils.raise_for_error(response.status_code, text, errors=errors)
  File "/var/lib/juju/agents/unit-barbican-vault-10/.venv/lib/python3.6/site-packages/hvac/utils.py", line 29, in raise_for_error
    raise exceptions.InvalidRequest(message, errors=errors)
hvac.exceptions.InvalidRequest: wrapping token is not valid or does not exist

We can check what juju set the bindings to after deploy with "juju config barbican-vault"

Revision history for this message

Tim Penhey (thumper) wrote on 2019-04-02:

#11

The problem is with the overlay. The variables defined in the primary bundle are not available to the overlay. The overlay is parsed independently of the primary bundle, so I'm guessing that the YAML parser is translating the variables to be empty.

Ryan Beisner (1chb1n) on 2019-04-02

Changed in charm-barbican-vault:
status:	Incomplete → Invalid

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2020-04-30:

#12

Download full text (11.2 KiB)

I'm seeing this with the latest 20.02 charms on an openstack-on-lxd bundle modified to add barbican/octavia/vault/barbican-vault and no spaces support. All three units are showing secrets-storage-relation-changed failed hooks.

After deploying the bundle below, I have initialized vault, unsealed it, authorized the vault charm, and then after running refresh-secrets on the vault leader, the log below resulted from all of the barbican-vault unit logs.

In my case, I'm not using spaces or overlays and my bundle can be found here for reproducing this issue in a juju-on-lxd lab:

https://github.com/afreiberger/openstack-on-lxd/blob/add-bionic-stein-ha-bundle/bundle-bionic-stein-ha.yaml

unit-barbican-vault-1: 13:13:00 INFO unit.barbican-vault/1.juju-log secrets-storage:122: Reactive main running for hook secrets-storage-relation-changed
unit-barbican-vault-1: 13:13:01 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_role_id
tracer: ++ queue handler hooks/relations/juju-info/requires.py:24:broken:juju-info
tracer: ++ queue handler hooks/relations/tls-certificates/requires.py:109:broken:certificates
tracer: ++ queue handler reactive/barbican_vault_handlers.py:34:secret_backend_vault_request
unit-barbican-vault-1: 13:13:01 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_role_id
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_role_id
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: set flag secrets-storage.available
tracer: ++ queue handler reactive/barbican_vault_handlers.py:71:plugin_info_barbican_publish
tracer: -- dequeue handler reactive/barbican_vault_handlers.py:34:secret_backend_vault_request
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: starting handler dispatch, 27 flags set
tracer: set flag barbican-vault-installed
tracer: set flag charm.installed
tracer: set flag charms.openstack.do-default-charm.installed
tracer: set flag charms.openstack.do-default-config.changed
tracer: set flag charms.openstack.do-default-update-status
tracer: set flag config.default.ssl_ca
tracer: set flag config.default.ssl_cert
tracer: set flag config.default.ssl_key
tracer: set flag endpoint.secrets-storage.changed
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_role_id
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_token
tracer: set flag endpoint.secrets-sto...

I'm seeing this with the latest 20.02 charms on an openstack-on-lxd bundle modified to add barbican/octavia/vault/barbican-vault and no spaces support.  All three units are showing secrets-storage-relation-changed failed hooks.

After deploying the bundle below, I have initialized vault, unsealed it, authorized the vault charm, and then after running refresh-secrets on the vault leader, the log below resulted from all of the barbican-vault unit logs.

In my case, I'm not using spaces or overlays and my bundle can be found here for reproducing this issue in a juju-on-lxd lab:

https://github.com/afreiberger/openstack-on-lxd/blob/add-bionic-stein-ha-bundle/bundle-bionic-stein-ha.yaml

unit-barbican-vault-1: 13:13:00 INFO unit.barbican-vault/1.juju-log secrets-storage:122: Reactive main running for hook secrets-storage-relation-changed
unit-barbican-vault-1: 13:13:01 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_role_id
tracer: ++   queue handler hooks/relations/juju-info/requires.py:24:broken:juju-info
tracer: ++   queue handler hooks/relations/tls-certificates/requires.py:109:broken:certificates
tracer: ++   queue handler reactive/barbican_vault_handlers.py:34:secret_backend_vault_request
unit-barbican-vault-1: 13:13:01 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_role_id
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_role_id
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_token
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: set flag secrets-storage.available
tracer: ++   queue handler reactive/barbican_vault_handlers.py:71:plugin_info_barbican_publish
tracer: -- dequeue handler reactive/barbican_vault_handlers.py:34:secret_backend_vault_request
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: starting handler dispatch, 27 flags set
tracer: set flag barbican-vault-installed
tracer: set flag charm.installed
tracer: set flag charms.openstack.do-default-charm.installed
tracer: set flag charms.openstack.do-default-config.changed
tracer: set flag charms.openstack.do-default-update-status
tracer: set flag config.default.ssl_ca
tracer: set flag config.default.ssl_cert
tracer: set flag config.default.ssl_key
tracer: set flag endpoint.secrets-storage.changed
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_role_id
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/0_token
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_role_id
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/1_token
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_role_id
tracer: set flag endpoint.secrets-storage.changed.barbican-vault/2_token
tracer: set flag endpoint.secrets-storage.changed.egress-subnets
tracer: set flag endpoint.secrets-storage.changed.ingress-address
tracer: set flag endpoint.secrets-storage.changed.private-address
tracer: set flag endpoint.secrets-storage.changed.vault_url
tracer: set flag endpoint.secrets-storage.joined
tracer: set flag endpoint.secrets.changed
tracer: set flag endpoint.secrets.changed.egress-subnets
tracer: set flag endpoint.secrets.changed.ingress-address
tracer: set flag endpoint.secrets.changed.private-address
tracer: set flag endpoint.secrets.joined
tracer: set flag secrets-storage.available
tracer: set flag secrets-storage.connected
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer: hooks phase, 0 handlers queued
unit-barbican-vault-1: 13:13:02 DEBUG unit.barbican-vault/1.juju-log secrets-storage:122: tracer>
tracer: main dispatch loop, 3 handlers queued
tracer: ++   queue handler hooks/relations/juju-info/requires.py:24:broken:juju-info
tracer: ++   queue handler hooks/relations/tls-certificates/requires.py:109:broken:certificates
tracer: ++   queue handler reactive/barbican_vault_handlers.py:71:plugin_info_barbican_publish
unit-barbican-vault-1: 13:13:03 INFO unit.barbican-vault/1.juju-log secrets-storage:122: Invoking reactive handler: reactive/barbican_vault_handlers.py:71:plugin_info_barbican_publish
unit-barbican-vault-1: 13:13:03 INFO unit.barbican-vault/1.juju-log secrets-storage:122: Retrieving secret-id from vault (http://10.0.8.3:8200)
unit-barbican-vault-1: 13:13:03 ERROR unit.barbican-vault/1.juju-log secrets-storage:122: Hook error:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 74, in main
    bus.dispatch(restricted=restricted_mode)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
    _invoke(other_handlers)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
    handler.invoke()
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
    self._action(*args)
  File "/var/lib/juju/agents/unit-barbican-vault-1/charm/reactive/barbican_vault_handlers.py", line 94, in plugin_info_barbican_publish
    secret_id = get_secret_id(secrets_storage, current_secret_id)
  File "/var/lib/juju/agents/unit-barbican-vault-1/charm/reactive/barbican_vault_handlers.py", line 59, in get_secret_id
    secret_id = vault_utils.retrieve_secret_id(url, token)
  File "lib/charm/vault_utils.py", line 25, in retrieve_secret_id
    response = client._post('/v1/sys/wrapping/unwrap')
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/utils.py", line 174, in new_func
    return method(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/v1/__init__.py", line 2579, in _post
    return self._adapter.post(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 107, in post
    return self.request('post', url, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 336, in request
    response = super(JSONAdapter, self).request(*args, **kwargs)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/adapters.py", line 304, in request
    utils.raise_for_error(response.status_code, text, errors=errors)
  File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/utils.py", line 32, in raise_for_error
    raise exceptions.InvalidRequest(message, errors=errors)
hvac.exceptions.InvalidRequest: wrapping token is not valid or does not exist

unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed lib/charm/vault_utils.py:25: DeprecationWarning: Call to deprecated function '_post'. This method will be removed in version '0.8.0' Please use the 'post' method on the 'hvac.adapters' class moving forward.
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   response = client._post('/v1/sys/wrapping/unwrap')
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed Traceback (most recent call last):
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/charm/hooks/secrets-storage-relation-changed", line 22, in <module>
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     main()
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 74, in main
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     bus.dispatch(restricted=restricted_mode)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     _invoke(other_handlers)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     handler.invoke()
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     self._action(*args)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/charm/reactive/barbican_vault_handlers.py", line 94, in plugin_info_barbican_publish
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     secret_id = get_secret_id(secrets_storage, current_secret_id)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/charm/reactive/barbican_vault_handlers.py", line 59, in get_secret_id
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     secret_id = vault_utils.retrieve_secret_id(url, token)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "lib/charm/vault_utils.py", line 25, in retrieve_secret_id
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     response = client._post('/v1/sys/wrapping/unwrap')
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/utils.py", line 174, in new_func
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     return method(*args, **kwargs)
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed   File "/var/lib/juju/agents/unit-barbican-vault-1/.venv/lib/python3.6/site-packages/hvac/v1/__init__.py", line 2579, in _post
unit-barbican-vault-1: 13:13:03 DEBUG unit.barbican-vault/1.secrets-storage-relation-changed     return self._adapter.post(*args, **kwargs)

Changed in charm-barbican-vault:
status:	Invalid → Confirmed

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2020-04-30:

#13

My reproducer may be having issues because my bundle had two barbican applications. Testing further.

Revision history for this message

Michael Skalka (mskalka) wrote on 2020-04-30:

#14

Drew,

Could this be a duplicate of https://bugs.launchpad.net/charm-barbican-vault/+bug/1871981 ?

Revision history for this message

David Ames (thedac) wrote on 2020-04-30:

#15

OK, I think this bug has multiple duplicates.

The original report is a duplicate of https://bugs.launchpad.net/charm-barbican-vault/+bug/1849323 which was resolved.

Just today the fix for https://bugs.launchpad.net/charm-barbican-vault/+bug/1871981 landed in master.

And it seems Drew's bundle may have been incorrect.

Drew can you test with cs:~openstack-charmers-next/barbican-vault and let me know?

Revision history for this message

Vladimir Grevtsev (vlgrevtsev) wrote on 2020-05-11:

#16

Reproduced today with cs:barbican-vault-1 with the same "hvac.exceptions.InvalidRequest: wrapping token is not valid or does not exist" error; will try to upgrade to the -next version and see if that helps or not.

Revision history for this message

Vladimir Grevtsev (vlgrevtsev) wrote on 2020-05-11:

#17

cs:barbican-vault-13, of course*

Revision history for this message

Vladimir Grevtsev (vlgrevtsev) wrote on 2020-05-11:

#18

@thedac, -next version worked fine without any hook failures.

Revision history for this message

David Ames (thedac) wrote on 2020-05-12:

#19

@Vladimir, Thanks for the feedback. I will mark this as a duplicate officially.

OpenStack Barbican-Vault Charm

Barbican Vault - "secrets-storage-relation-joined" error with Barbican HA cfg

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches