Ubuntu Cloud Archive

Comment 13 for bug 1867676

Revision history for this message

Jorge Niedbalski (niedbalski) wrote on 2020-05-12:

#13

Hello,

I've verified that the current -proposed package fixes the issue for us, for the
given use case.

Using the following deployment bundle on a Bionic + Rocky cloud
http://paste.ubuntu.com/p/jnVdVvQg7k/

Without the patch, the problem is reproduced as expressed on the case description:

ubuntu@niedbalski-bastion:~/stsstack-bundles/openstack/00268110$ openstack secret container create --type='certificate' --name "test-tls-1" --secret="certificate=https://10.5.0.11:9312/v1/secrets/7aa7727d-f39b-45f8-9310-f5c595ad4feb" --secret="private_key=https://10.5.0.11:9312/v1/secrets/189736d1-51d8-4cbe-9638-ceadcbb664ac" --secret="intermediates=https://10.5.0.11:9312/v1/secrets/70e2cf9c-8110-4d25-a1e3-f7b6f3950e64"

With the patch applied in the following version:

root@juju-be44b9-barbican-10:/home/ubuntu# dpkg -l |grep barbican
ii python3-barbicanclient 4.6.0-0ubuntu1.1 all OpenStack Key Management API client - Python 3.x

| https://10.5.0.11:9312/v1/containers/bd67d6f4-3a82-4a86-9679-c97a66ceeb19 | None | 2020-05-12T21:37:32+00:00 | ACTIVE | certificate | certificate=https://10.5.0.11:9312/v1/secrets/26ed5706-5f0a-4f9f-b226-e8595031515e | None |
| | | | | | private_key=https://10.5.0.11:9312/v1/secrets/9a3bd926-6ba9-46be-8168-6b5e79e09b36 | |
+---------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+--------------------------------------------------------------------------------------+-----------+

The issue isn't longer reproducible and listeners can be created.

ubuntu@niedbalski-bastion:~/stsstack-bundles/openstack/00268110$ openstack loadbalancer listener show 971a679d-4a07-4012-8552-fac8f0f450ab | grep tls
| default_tls_container_ref | https://10.5.0.11:9312/v1/containers/bd67d6f4-3a82-4a86-9679-c97a66ceeb19 |
| client_ca_tls_container_ref | |

ubuntu@niedbalski-bastion:~/stsstack-bundles/openstack/00268110$ openstack loadbalancer listener show 971a679d-4a07-4012-8552-fac8f0f450ab | grep -i provis
| provisioning_status | ACTIVE |

Therefore, I am marking this verification as completed.

Thanks for the help on this.

Hello,

I've verified that the current -proposed package fixes the issue for us, for the
given use case.

Using the following deployment bundle on a Bionic + Rocky cloud
http://paste.ubuntu.com/p/jnVdVvQg7k/

Without the patch, the problem is reproduced as expressed on the case description:

With the patch applied in the following version:

root@juju-be44b9-barbican-10:/home/ubuntu# dpkg -l |grep barbican
ii  python3-barbicanclient           4.6.0-0ubuntu1.1                            all          OpenStack Key Management API client - Python 3.x

| https://10.5.0.11:9312/v1/containers/bd67d6f4-3a82-4a86-9679-c97a66ceeb19 | None           | 2020-05-12T21:37:32+00:00 | ACTIVE | certificate | certificate=https://10.5.0.11:9312/v1/secrets/26ed5706-5f0a-4f9f-b226-e8595031515e   | None      |
|                                                                           |                |                           |        |             | private_key=https://10.5.0.11:9312/v1/secrets/9a3bd926-6ba9-46be-8168-6b5e79e09b36   |           |
+---------------------------------------------------------------------------+----------------+---------------------------+--------+-------------+--------------------------------------------------------------------------------------+-----------+

The issue isn't longer reproducible and listeners can be created.

ubuntu@niedbalski-bastion:~/stsstack-bundles/openstack/00268110$ openstack loadbalancer listener show 971a679d-4a07-4012-8552-fac8f0f450ab | grep tls
| default_tls_container_ref   | https://10.5.0.11:9312/v1/containers/bd67d6f4-3a82-4a86-9679-c97a66ceeb19 |
| client_ca_tls_container_ref |                                                                           |

ubuntu@niedbalski-bastion:~/stsstack-bundles/openstack/00268110$ openstack loadbalancer listener show 971a679d-4a07-4012-8552-fac8f0f450ab | grep -i provis
| provisioning_status         | ACTIVE                                                                    |

Therefore, I am marking this verification as completed.

Thanks for the help on this.