Mailing-List: contact notifications-help@libcloud.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@libcloud.apache.org
Date: Tue, 22 Nov 2016 14:55:58 +0000 (UTC)
From: "charles walker (JIRA)" <jira@apache.org>
To: notifications@libcloud.apache.org
Message-ID: <JIRA.13022512.1479825968000.339558.1479826558340@Atlassian.JIRA>
In-Reply-To: <JIRA.13022512.1479825968000@Atlassian.JIRA>
References: <JIRA.13022512.1479825968000@Atlassian.JIRA> <JIRA.13022512.1479825968313@arcas>
Subject: [jira] [Commented] (LIBCLOUD-878) GCP - Not able to retrieve the
 Load Balancer info when having a VPN setup on project.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Tue, 22 Nov 2016 14:56:00 -0000


    [ https://issues.apache.org/jira/browse/LIBCLOUD-878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15686952#comment-15686952 ] 

charles walker commented on LIBCLOUD-878:
-----------------------------------------

I can details the investigations more or answer any questions. I tried to only keep the usefull info in the description. I will open a case to Google Cloud support to have more info on why we see the VPN forward rule mix with the LB forward rules.

> GCP - Not able to retrieve the Load Balancer info when having a VPN setup on project.
> -------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-878
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-878
>             Project: Libcloud
>          Issue Type: Bug
>          Components: LoadBalancer
>         Environment: GCP
>            Reporter: charles walker
>            Priority: Minor
>
> I was trying to retrieve the LB info from my GCP project when I get the following error :
> {quote}
> Traceback (most recent call last):
>   File "LbTestPy.py", line 41, in <module>
>     aLbs = lb_driver.list_balancers(ex_region="us-east1")
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/loadbalancer/drivers/gce.py", line 87, in list_balancers
>     for fwr in self.gce.ex_list_forwarding_rules(region=ex_region):
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py", line 2092, in ex_list_forwarding_rules
>     for f in response['items']]
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py", line 7893, in _to_forwarding_rule
>     target = self._get_object_by_kind(forwarding_rule['target'])
>   File "/home/cloud-user/LbTest/src/apache-libcloud/libcloud/compute/drivers/gce.py", line 7249, in _get_object_by_kind
>     return GCENodeDriver.KIND_METHOD_MAP[response['kind']](self, response)
> KeyError: 'compute#targetVpnGateway'
> {quote}
> First I think it was my code/config but my test case is pretty simple (and I also lost the VM before the LB without issue).
> After some investigation I manage to find the issue in libcloud/google. 
> The issue is that libcloud will list the forwarding rules to retrieve the info of the LoadBalancer. It retrieve the following forwarding rules :
> https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules
> In my case here is an extract of the HTTP response (retrieve by setting debug mode of libcloud):
> # -------- begin 43335184 request ----------
> curl -i -X GET -H 'Host: www.googleapis.com' -H 'Accept-Encoding: gzip,deflate' -H 'X-LC-Request-ID: 43335184' -H 'Content-Type: application/json' -H 'Authorization: Bearer ya29.El6eXXXXOc2Kn' -H 'User-Agent: libcloud/1.4.0 (Google Compute Engine) (Python 2.7.5/linux2)' --compress https://www.googleapis.com:443/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules
> # -------- begin 43335184:43218488 response ----------
> HTTP/1.1 200 OK
> X-Xss-Protection: 1; mode=block
> X-Content-Type-Options: nosniff
> Content-Encoding: gzip
> Transfer-Encoding: chunked
> Expires: Tue, 22 Nov 2016 13:15:18 GMT
> Vary: Origin, X-Origin
> Server: GSE
> Etag: "OKaT3lMknXXXXCJyDlI"
> Cache-Control: private, max-age=0, must-revalidate, no-transform
> Date: Tue, 22 Nov 2016 13:15:18 GMT
> X-Frame-Options: SAMEORIGIN
> Alt-Svc: quic=":443"; ma=2592000; v="36,35,34"
> Content-Type: application/json; charset=UTF-8
> 444b
> {
>  "kind": "compute#forwardingRuleList",
>  "id": "projects/XXXXX/regions/us-east1/forwardingRules",
>  "items": [
>   {
>    "kind": "compute#forwardingRule",
>    "id": "575XXXXXXXXXX282",
>    "creationTimestamp": "2016-07-11T01:31:17.574-07:00",
>    "name": "esp-acsgopstrain-a-us-east1",
>    "description": "",
>    "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>    "IPAddress": "XXXXXXXXXX",
>    "IPProtocol": "ESP",
>    "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
>    "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/esp-acsgopstrain-a-us-east1",
>    "loadBalancingScheme": "EXTERNAL"
>   },
> ...
>   {
>    "kind": "compute#forwardingRule",
>    "id": "6429XXXXXXXXXX887",
>    "creationTimestamp": "2016-11-21T09:46:32.011-08:00",
>    "name": "us-lb-forwarding-rule",
>    "description": "",
>    "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>    "IPAddress": "1XXXXXXXXXX5",
>    "IPProtocol": "TCP",
>    "portRange": "30012-30012",
>    "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
>    "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/us-lb-forwarding-rule",
>    "loadBalancingScheme": "EXTERNAL"
>   }
>  ],
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules"
> }
> The first thing that surprise me is that the response was big even if i have only 1 load balancer on this region. After it receive this response libcloud will try to convert each "forwading rule" from the message to a libcloud object with :
> {code:title=code1.py|borderStyle=solid}
> if 'items' in response:
>       # The aggregated result returns dictionaries for each region
>       if not global_rules and region is None:
>           for v in response['items'].values():
>               region_forwarding_rules = [
>                   self._to_forwarding_rule(f)
>                   for f in v.get('forwardingRules', [])
>               ]
>               list_forwarding_rules.extend(region_forwarding_rules)
>       else:
>           list_forwarding_rules = [self._to_forwarding_rule(f)
>                                    for f in response['items']]
>   return list_forwarding_rules
> {code}
> from def ex_list_forwarding_rules(self, region=None, global_rules=False):
> To do so libcloud will call the following method "_to_forwarding_rule" on all items. This is where it break !
> Indeed if you look on the answer of the "list forwardingRules" you will see that I have 2 types of rules :
> Type 1 : The forward rules from the load balancer object :
> {
>  "kind": "compute#forwardingRule",
>  "id": "6429XXXXXXXXXX887",
>  "creationTimestamp": "2016-11-21T09:46:32.011-08:00",
>  "name": "us-lb-forwarding-rule",
>  "description": "",
>  "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>  "IPAddress": "1XXXXXXXXXX5",
>  "IPProtocol": "TCP",
>  "portRange": "30012-30012",
>  "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/us-lb-forwarding-rule",
>  "loadBalancingScheme": "EXTERNAL"
> }
> Type 2 : Forward rules from the VPN I have between projects on GCP
> {
>  "kind": "compute#forwardingRule",
>  "id": "575XXXXXXXXXX282",
>  "creationTimestamp": "2016-07-11T01:31:17.574-07:00",
>  "name": "esp-acsgopstrain-a-us-east1",
>  "description": "",
>  "region": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1",
>  "IPAddress": "XXXXXXXXXX",
>  "IPProtocol": "ESP",
>  "target": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
>  "selfLink": "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/forwardingRules/esp-acsgopstrain-a-us-east1",
>  "loadBalancingScheme": "EXTERNAL"
> },
> The libcloud method "_to_forwarding_rule" will works fine on the type 1. Here is the code :
> {code:title=code2.py|borderStyle=solid}
> def _to_forwarding_rule(self, forwarding_rule):
>     """
>     Return a Forwarding Rule object from the JSON-response dictionary.
>     :param  forwarding_rule: The dictionary describing the rule.
>     :type   forwarding_rule: ``dict``
>     :return: ForwardingRule object
>     :rtype: :class:`GCEForwardingRule`
>     """
>     extra = {}
>     extra['selfLink'] = forwarding_rule.get('selfLink')
>     extra['portRange'] = forwarding_rule.get('portRange')
>     extra['creationTimestamp'] = forwarding_rule.get('creationTimestamp')
>     extra['description'] = forwarding_rule.get('description')
>     region = forwarding_rule.get('region')
>     if region:
>         region = self.ex_get_region(region)
>     target = self._get_object_by_kind(forwarding_rule['target'])
> {code}
> The "_get_object_by_kind" will works fine because the target of the forward rule for type 1 is "targetpool" as you can see :
> "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetPools/us-lb",
> whereas it will crash with the stack i show you before for the type 2 because the target is "targetVpnGateways" as you can see :
> "https://www.googleapis.com/compute/v1/projects/XXXXX/regions/us-east1/targetVpnGateways/acsgopstrain-a-us-east1",
> I think the original implementation of the LB on libcloud for GCE did not know that Google will mix several rules for both the LoadBalancer AND the VPN.
> I made a dirty fix on my libcloud master code to only try to convert the forward rules link to a LB :
> {code:title=code3.py|borderStyle=solid}
> 	else:
> 		list_forwarding_rules = [self._to_forwarding_rule(f)
> 			for f in response['items'] if (not "targetVpnGateways" in f['target'])]
> {code}
> This fix the issue !
> To be honest I m not sure what to do....I would except Google to not mix the forward rules of VPN and LB. There is nothing mentioning the VPN in the forwarding rules in the google doc (https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules) and there is nothing about forwarding rule in the VPN documentation (https://cloud.google.com/compute/docs/vpn/networks) 
> I would suggest to do a temporary hack (similar in spirit of the one i done) until we clarify that with Google.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)