octavia

Octavia is not working with barbican

Bug #1681595 reported by Michael Johnson
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
octavia
Fix Released
Critical
German Eichberger

Bug Description

When using Octavia (py2.7) with barbican I get the following error when creating a terminated TLS listener:

2017-04-10 15:54:36.874 68010 INFO octavia.controller.queue.endpoint [-] Creating listener 'fcfc786e-a546-4f06-be15-0852d702b88a'...
2017-04-10 15:54:37.078 68010 INFO octavia.certificates.manager.barbican [-] Loading certificate container http://172.21.21.135:9311/v1/containers/a570068c-d295-4780-91d4-3046a325db51 from Barbican.
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser [-] Unreadable Certificate.
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser Traceback (most recent call last):
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser File "/opt/stack/octavia/octavia/common/tls_utils/cert_parser.py", line 254, in get_host_names
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser backends.default_backend())
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/base.py", line 43, in load_pem_x509_certificate
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser return backend.load_pem_x509_certificate(data)
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/multibackend.py", line 341, in load_pem_x509_certificate
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser return b.load_pem_x509_certificate(data)
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1059, in load_pem_x509_certificate
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser mem_bio = self._bytes_to_bio(data)
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 432, in _bytes_to_bio
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser data_char_p = self._ffi.new("char[]", data)
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser TypeError: initializer for ctype 'char[]' must be a str or list or tuple, not unicode
2017-04-10 15:54:37.279 68010 ERROR octavia.common.tls_utils.cert_parser
2017-04-10 15:54:37.285 68010 WARNING octavia.controller.worker.controller_worker [-] Task 'octavia.controller.worker.tasks.amphora_driver_tasks.ListenersUpdate' (f79759fb-0270-4a6a-b27a-985e78f4e8be) transitioned into state 'FAILURE' from state 'RUNNING'

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to octavia (master)

Fix proposed to branch: master
Review: https://review.openstack.org/458968

Changed in octavia:
assignee: nobody → German Eichberger (german-eichberger)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to octavia (master)

Reviewed: https://review.openstack.org/458968
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=38a3d4f318e297944411420feb0f99d15b470ebe
Submitter: Jenkins
Branch: master

commit 38a3d4f318e297944411420feb0f99d15b470ebe
Author: German Eichberger <email address hidden>
Date: Fri Apr 21 16:56:35 2017 -0400

    Fixes Octavia not working with Barbican

    Adds conversion of the Barbicna payload (see changes at
    https://docs.openstack.org/developer/python-barbicanclient/usage.html)
    by using oslo's encodeutils

    Change-Id: Ibc9fdc8b1bb19b07e70581c6aaa25c5e45bdb1ba
    Closes-Bug: #1681595

Changed in octavia:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/octavia 1.0.0.0b2

This issue was fixed in the openstack/octavia 1.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.