libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "charles walker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LIBCLOUD-878) GCP - Not able to retrieve the Load Balancer info when having a VPN setup on project.
Date Tue, 22 Nov 2016 14:55:58 GMT

    [ https://issues.apache.org/jira/browse/LIBCLOUD-878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15686952#comment-15686952
] 

charles walker commented on LIBCLOUD-878:
-----------------------------------------

I can details the investigations more or answer any questions. I tried to only keep the usefull
info in the description. I will open a case to Google Cloud support to have more info on why
we see the VPN forward rule mix with the LB forward rules.

> GCP - Not able to retrieve the Load Balancer info when having a VPN setup on project.
> -------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-878
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-878
>             Project: Libcloud
>          Issue Type: Bug
>          Components: LoadBalancer
>         Environment: GCP
>            Reporter: charles walker
>            Priority: Minor
>
> I was trying to retrieve the LB info from my GCP project when I get the following error
:
> {quote}
> Traceback (most recent call last):
>   File "LbTestPy.py", line 41, in <module>
>     aLbs = lb_driver.list_balancers(ex_region="us-east1")
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/loadbalancer/drivers/gce.py",
line 87, in list_balancers
>     for fwr in self.gce.ex_list_forwarding_rules(region=ex_region):
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py",
line 2092, in ex_list_forwarding_rules
>     for f in response['items']]
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py",
line 7893, in _to_forwarding_rule
>     target = self._get_object_by_kind(forwarding_rule['target'])
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py",
line 7249, in _get_object_by_kind
>     return GCENodeDriver.KIND_METHOD_MAP[response['kind']](self, response)
> KeyError: 'compute#targetVpnGateway'
> {quote}
> First I think it was my code/config but my test case is pretty simple (and I also lost
the VM before the LB without issue).
> After some investigation I manage to find the issue in libcloud/google. 
> The issue is that libcloud will list the forwarding rules to retrieve the info of the
LoadBalancer. It retrieve the following forwarding rules :
> https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules
> In my case here is an extract of the HTTP response (retrieve by setting debug mode of
libcloud):
> # -------- begin 43335184 request ----------
> curl -i -X GET -H 'Host: www.googleapis.com' -H 'Accept-Encoding: gzip,deflate' -H 'X-LC-Request-ID:
43335184' -H 'Content-Type: application/json' -H 'Authorization: Bearer ya29.El6eXXXXOc2Kn'
-H 'User-Agent: libcloud/1.4.0 (Google Compute Engine) (Python 2.7.5/linux2)' --compress https://www.googleapis.com:443/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules
> # -------- begin 43335184:43218488 response ----------
> HTTP/1.1 200 OK
> X-Xss-Protection: 1; mode=block
> X-Content-Type-Options: nosniff
> Content-Encoding: gzip
> Transfer-Encoding: chunked
> Expires: Tue, 22 Nov 2016 13:15:18 GMT
> Vary: Origin, X-Origin
> Server: GSE
> Etag: "OKaT3lMknXXXXCJyDlI"
> Cache-Control: private, max-age=0, must-revalidate, no-transform
> Date: Tue, 22 Nov 2016 13:15:18 GMT
> X-Frame-Options: SAMEORIGIN
> Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
> Content-Type: application/json; charset=UTF-8
> 444b
> {
>  "kind": "compute#forwardingRuleList",
>  "id": "projects/XXXXX/regions/us-east1/forwardingRules",
>  "items": [
>   {
>    "kind": "compute#forwardingRule",
>    "id": "575XXXXXXXXXX282",
>    "creationTimestamp": "2016-07-11T01:31:17.574-07:00",
>    "name": "esp-acsgopstrain-a-us-east1",
>    "description": "",
>    "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>    "IPAddress": "XXXXXXXXXX",
>    "IPProtocol": "ESP",
>    "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
>    "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/esp-acsgopstrain-a-us-east1",
>    "loadBalancingScheme": "EXTERNAL"
>   },
> ...
>   {
>    "kind": "compute#forwardingRule",
>    "id": "6429XXXXXXXXXX887",
>    "creationTimestamp": "2016-11-21T09:46:32.011-08:00",
>    "name": "us-lb-forwarding-rule",
>    "description": "",
>    "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>    "IPAddress": "1XXXXXXXXXX5",
>    "IPProtocol": "TCP",
>    "portRange": "30012-30012",
>    "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
>    "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/us-lb-forwarding-rule",
>    "loadBalancingScheme": "EXTERNAL"
>   }
>  ],
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules"
> }
> The first thing that surprise me is that the response was big even if i have only 1 load
balancer on this region. After it receive this response libcloud will try to convert each
"forwading rule" from the message to a libcloud object with :
> {code:title=code1.py|borderStyle=solid}
> if 'items' in response:
>       # The aggregated result returns dictionaries for each region
>       if not global_rules and region is None:
>           for v in response['items'].values():
>               region_forwarding_rules = [
>                   self._to_forwarding_rule(f)
>                   for f in v.get('forwardingRules', [])
>               ]
>               list_forwarding_rules.extend(region_forwarding_rules)
>       else:
>           list_forwarding_rules = [self._to_forwarding_rule(f)
>                                    for f in response['items']]
>   return list_forwarding_rules
> {code}
> from def ex_list_forwarding_rules(self, region=None, global_rules=False):
> To do so libcloud will call the following method "_to_forwarding_rule" on all items.
This is where it break !
> Indeed if you look on the answer of the "list forwardingRules" you will see that I have
2 types of rules :
> Type 1 : The forward rules from the load balancer object :
> {
>  "kind": "compute#forwardingRule",
>  "id": "6429XXXXXXXXXX887",
>  "creationTimestamp": "2016-11-21T09:46:32.011-08:00",
>  "name": "us-lb-forwarding-rule",
>  "description": "",
>  "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>  "IPAddress": "1XXXXXXXXXX5",
>  "IPProtocol": "TCP",
>  "portRange": "30012-30012",
>  "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/us-lb-forwarding-rule",
>  "loadBalancingScheme": "EXTERNAL"
> }
> Type 2 : Forward rules from the VPN I have between projects on GCP
> {
>  "kind": "compute#forwardingRule",
>  "id": "575XXXXXXXXXX282",
>  "creationTimestamp": "2016-07-11T01:31:17.574-07:00",
>  "name": "esp-acsgopstrain-a-us-east1",
>  "description": "",
>  "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>  "IPAddress": "XXXXXXXXXX",
>  "IPProtocol": "ESP",
>  "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/esp-acsgopstrain-a-us-east1",
>  "loadBalancingScheme": "EXTERNAL"
> },
> The libcloud method "_to_forwarding_rule" will works fine on the type 1. Here is the
code :
> {code:title=code2.py|borderStyle=solid}
> def _to_forwarding_rule(self, forwarding_rule):
>     """
>     Return a Forwarding Rule object from the JSON-response dictionary.
>     :param  forwarding_rule: The dictionary describing the rule.
>     :type   forwarding_rule: ``dict``
>     :return: ForwardingRule object
>     :rtype: :class:`GCEForwardingRule`
>     """
>     extra = {}
>     extra['selfLink'] = forwarding_rule.get('selfLink')
>     extra['portRange'] = forwarding_rule.get('portRange')
>     extra['creationTimestamp'] = forwarding_rule.get('creationTimestamp')
>     extra['description'] = forwarding_rule.get('description')
>     region = forwarding_rule.get('region')
>     if region:
>         region = self.ex_get_region(region)
>     target = self._get_object_by_kind(forwarding_rule['target'])
> {code}
> The "_get_object_by_kind" will works fine because the target of the forward rule for
type 1 is "targetpool" as you can see :
> "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
> whereas it will crash with the stack i show you before for the type 2 because the target
is "targetVpnGateways" as you can see :
> "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
> I think the original implementation of the LB on libcloud for GCE did not know that Google
will mix several rules for both the LoadBalancer AND the VPN.
> I made a dirty fix on my libcloud master code to only try to convert the forward rules
link to a LB :
> {code:title=code3.py|borderStyle=solid}
> 	else:
> 		list_forwarding_rules = [self._to_forwarding_rule(f)
> 			for f in response['items'] if (not "targetVpnGateways" in f['target'])]
> {code}
> This fix the issue !
> To be honest I m not sure what to do....I would except Google to not mix the forward
rules of VPN and LB. There is nothing mentioning the VPN in the forwarding rules in the google
doc (https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules) and there
is nothing about forwarding rule in the VPN documentation (https://cloud.google.com/compute/docs/vpn/networks)

> I would suggest to do a temporary hack (similar in spirit of the one i done) until we
clarify that with Google.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message