Ask Your Question
0

lbaasv2-dashboard - TERMINATED_HTTPS greyed out

asked 2017-11-05 18:18:09 -0600

blurrybird gravatar image

Hey all,

I am having trouble gaining access to the TERMINATED_HTTPS protocol while using lbaasv2 load balancers via the horizon dashboard plugin. I can access and control all settings via the CLI using the depreciated neutron lbaas-* commands but the TERMINATED_HTTPS protocol appears grey and inaccessible within the browser GUI.

The existing load balancer created with the CLI appears in horizon, but SSL certificates are not available - none shown - for viewing or updating.

I believe this will be permission related, but would like to know what permissions are required for my personal user account to be able to view and modify these settings. Any help you can provide is greatly appreciated!

edit retag flag offensive close merge delete

Comments

further inspection shows that the horizon dashboard calls controllervip/api/barbican/certificates and secrets/ but both fail with 404. It's akin to the issue described here https://lists.gt.net/openstack/dev/62449

blurrybird gravatar imageblurrybird ( 2017-11-07 17:00:10 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2017-11-29 20:18:10 -0600

johnsom gravatar image

Hi there, 404 usually implies there is a mis-configuration somewhere such that a resource is not found. The dashboard uses the barbican client code to access barbican. That code is located here and pretty simple: https://github.com/openstack/octavia-...

Without more information and logs it's hard to pinpoint the issue exactly, but here are some things to investigate: 1. Check that "key-manager" is listed with the correct URL in the keystone endpoints configuration. "openstack endpoint list | grep key-manager". If that URL is incorrect It could cause the barbican client to return a 404. 2. Make sure the project you are using in the dashboard has access to barbican and that project has certificate containers and secrets. Sometimes folks will create these with a different project by accident.

Michael

edit flag offensive delete link more
add a comment
0

answered 2018-07-18 07:48:33 -0600

fmount gravatar image

Hi there, we experienced the same issue but after some investigations we found that there was a problem related to the authentication mechanism from horizon components to keystone: the authentication made a fallback from v3 to v2 causing a silent error to the request of the barbican resource.

From this code: https://github.com/openstack/octaviadashboard/blob/master/octavia_dashboard/api/rest/barbican.py (https://github.com/openstack/octaviad...)

I saw that every authentication went to v3, so I checked it in horizon and fix the api call with the correct value.

Francesco

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2017-11-05 18:15:54 -0600

Seen: 425 times

Last updated: Jul 18 '18

Related questions

Allowed Address Pair Limit

Octavia LBaaSv2 driver error

Is possible to have LBAAS v1 and v2 on the same time?

Lbaas v2 with Devstack: error in creation loadbalancer

IPv6 Support in Ocata

Problem with launch big image instance (1 GB+) on Ocata

[ocata] Can't add a resource_provider in placement-api [closed]

lbaas configuration in havana multi-node setup [closed]

MTU size issue

Can I restore an instance with a ssh key thanks to freezer-agent ?