Open uchi-mata opened 5 years ago
mstair
commented
5 years ago * The module files (e.g. /usr/local/lib/python2.7/dist-packages/security_monkey/watchers/openstack/network/openstack_port.py) are available.To confirm, those are available in the container? This error is typically due to the missing openstacksdk.
You also have your creds/yaml configured/mounted (https://github.com/Netflix/security_monkey/blob/master/docker-compose.yml#L69)?
uchi-mata
commented
5 years ago * The module files (e.g. /usr/local/lib/python2.7/dist-packages/security_monkey/watchers/openstack/network/openstack_port.py) are available.To confirm, those are available in the container? This error is typically due to the missing openstacksdk.
Does that work?
$ docker exec secmonkey-worker ls /usr/local/lib/python2.7/dist-packages/security_monkey/watchers/openstack/network/
__init__.py
__init__.pyc
openstack_floating_ip.py
openstack_floating_ip.pyc
openstack_network.py
openstack_network.pyc
openstack_port.py
openstack_port.pyc
openstack_router.py
openstack_router.pyc
openstack_security_group.py
openstack_security_group.pyc
openstack_subnet.py
openstack_subnet.pyc
openstack@openstack-secmonkey:~/security_monkey$ docker exec secmonkey-scheduler ls /usr/local/lib/python2.7/dist-packages/security_monkey/watchers/openstack/network/
__init__.py
__init__.pyc
openstack_floating_ip.py
openstack_floating_ip.pyc
openstack_network.py
openstack_network.pyc
openstack_port.py
openstack_port.pyc
openstack_router.py
openstack_router.pyc
openstack_security_group.py
openstack_security_group.pyc
openstack_subnet.py
openstack_subnet.pycYou also have your creds/yaml configured/mounted (https://github.com/Netflix/security_monkey/blob/master/docker-compose.yml#L69)?
No, but the clouds.yaml file is mounted which from my understanding is the correct one for the OpenStack connection?
worker:
[...]
volumes:
- ./docker/celeryconfig.py:/usr/local/src/security_monkey/security_monkey/celeryconfig.py
- ./clouds.yaml:/clouds.yaml/clouds.yaml is also configured as path in the account settings.
uchi-mata
commented
5 years ago Also there does not seem any request from the monkey instance to the openstack instance to take place (based on tcpdump while running monkey find_changes). I however verified that the identity API can be accessed from the monkey instance.
mstair
commented
5 years ago I actually wonder if this is an issue with the os-client-config library that recently came up. I have a PR to cloudaux (SM helper library) to address. https://github.com/Netflix-Skunkworks/cloudaux/pull/96
Testing a potential workaround pinning the os-client-config in Dockerfile pips
mstair
commented
5 years ago @mikegrima Just merged and pushed changes to pypi. Rebuild a clean image (shoud pull in cloudaux 1.6.1).
Please make sure that you have checked the boxes:
Description of issue:
I created an OpenStack account (which is active in the Dashboard). However, no data seems to get imported so I ran monkey find_changes manually to identify any issues. The only issue I can identify is that all openstack watcher modules fail to load. The full logfile is attached (monkey_find_changes.log), this is just an excerpt:
I'm using the git master with docker-compose on docker-compose.yml. Is there any more data I can provide or do you already have any ideas?
Edit:
Thanks, Matthias