Ubuntu
octavia package

Bug #1852599
Comment #1

Comment 1 for bug 1852599

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2019-11-14:

I tried at first undeleting the container entity in the mysql/barbican DB for the missing barbican container, however, that provided project ID/permissions issues in barbican.

Since the container was deleted in barbican, I tried using:
openstack loadbalancer listener set --default-tls-container-ref '' <listener-uuid>

But that was giving the "container is in another castle" error as well.

I modified the listener table in the octavia database to zero out the default-tls-container-ref string after validating that the containers were deleted in barbican.

mysql> select * from listener where load_balancer_id = 'c066406f-0f5e-427b-bba8-ab3e8cf18603'\G
*************************** 1. row ***************************
                  project_id: ef8b2568c694461499c074c641a57a14
                          id: 51823607-bb4d-488c-87c1-1e22e0a11d81
                        name: NULL
                 description: NULL
                    protocol: TERMINATED_HTTPS
               protocol_port: 443
            connection_limit: -1
            load_balancer_id: c066406f-0f5e-427b-bba8-ab3e8cf18603
          tls_certificate_id: https://barbican-internal.mysite:9312/v1/containers/fb1f6514-000f-4991-8ccd-4da923e19ab2
             default_pool_id: e05d9cad-e1c1-4b3c-9204-dcd79e1d5ee3
         provisioning_status: ACTIVE
            operating_status: ONLINE
                     enabled: 1
                   peer_port: 1025
              insert_headers: �� }�.
                  created_at: 2019-11-01 20:03:58
                  updated_at: 2019-11-05 14:02:04
         timeout_client_data: 50000
      timeout_member_connect: 5000
         timeout_member_data: 50000
         timeout_tcp_inspect: 0
client_ca_tls_certificate_id: NULL
       client_authentication: NONE
     client_crl_container_id: NULL
1 row in set (0.00 sec)

mysql> update listener set tls_certificate_id='' where load_balancer_id = 'c066406f-0f5e-427b-bba8-ab3e8cf18603';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

This then allowed for a cascaded loadbalancer delete.

I tried at first undeleting the container entity in the mysql/barbican DB for the missing barbican container, however, that provided project ID/permissions issues in barbican.

Since the container was deleted in barbican, I tried using:
openstack loadbalancer listener set --default-tls-container-ref ''  <listener-uuid>

But that was giving the "container is in another castle" error as well.

I modified the listener table in the octavia database to zero out the default-tls-container-ref string after validating that the containers were deleted in barbican.

mysql> select * from listener where load_balancer_id = 'c066406f-0f5e-427b-bba8-ab3e8cf18603'\G
*************************** 1. row ***************************
                  project_id: ef8b2568c694461499c074c641a57a14
                          id: 51823607-bb4d-488c-87c1-1e22e0a11d81
                        name: NULL
                 description: NULL
                    protocol: TERMINATED_HTTPS
               protocol_port: 443
            connection_limit: -1
            load_balancer_id: c066406f-0f5e-427b-bba8-ab3e8cf18603
          tls_certificate_id: https://barbican-internal.mysite:9312/v1/containers/fb1f6514-000f-4991-8ccd-4da923e19ab2
             default_pool_id: e05d9cad-e1c1-4b3c-9204-dcd79e1d5ee3
         provisioning_status: ACTIVE
            operating_status: ONLINE
                     enabled: 1
                   peer_port: 1025
              insert_headers: ��       }�.
                  created_at: 2019-11-01 20:03:58
                  updated_at: 2019-11-05 14:02:04
         timeout_client_data: 50000
      timeout_member_connect: 5000
         timeout_member_data: 50000
         timeout_tcp_inspect: 0
client_ca_tls_certificate_id: NULL
       client_authentication: NONE
     client_crl_container_id: NULL
1 row in set (0.00 sec)

mysql> update listener set tls_certificate_id='' where load_balancer_id = 'c066406f-0f5e-427b-bba8-ab3e8cf18603';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

This then allowed for a cascaded loadbalancer delete.

Ubuntuoctavia package

Comment 1 for bug 1852599

Ubuntu
octavia package