Hi all,
I have continued debugging multidomain support in Contrail 3.2.6.0.
I have disabled auth in Contrail by adding the following line:
aaa_mode = no-auth
in /etc/contrail/contrail-api.log and in
/etc/contrail/contrail-analytics-api.conf
I was able to log in as testuser inside testdomain and view the networks from
testproject.
Afterwards I tried to create a network inside testproject both from Contrail
GUI and using neutron commands.
Both of them failed. From contrail-api.log, I have:
File "/usr/lib/python2.7/site-packages/cfgm_common/vnc_cassandra.py", line
1283, in fq_name_to_uuid
raise NoIdError('%s %s' % (obj_type, fq_name_str))
NoIdError: Unknown id: project testdomain:testproject
Do you have any idea why this happens?
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com]
Sent: Wednesday, September 20, 2017 12:15 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
add project_name and project_domain_name what I specified in last mail.
jakub
On Wed, Sep 20, 2017 at 10:32 AM, Anda Nicolae
<anico...@lenovo.com<mailto:anico...@lenovo.com>> wrote:
Hi Jakub,
I was able to login into Contrail and to have all contrail processes active. My
contrail-keystone-auth.conf looks like this:
[KEYSTONE]
auth_url=http://<Keystone_IP>:35357/v3
auth_host=<Keystone_IP>
auth_protocol=http
auth_port=35357
user=admin
password=<admin_password>
memcache_servers=127.0.0.1:11211<http://127.0.0.1:11211>
insecure=False
I've tried with auth_url as
http://<Keystone_IP>:5000/v3<http://%3cKeystone_IP%3e:5000/v3> and as
http://<Keystone_IP>:35357/v3<http://%3cKeystone_IP%3e:35357/v3> and I have
obtained the same results.
After I log into Contrail, whatever I select (Networks, Policies, Routers, IPAM
etc), I get 503 Service Unavailable.
I looked over the HTTP requests that Contrail processes exchange with Keystone.
A HTTP Post request is sent to <Keystone_IP>:35357 and 400 Bad Request is
received.
Since the contrail process can authenticate to keystone, it cannot further
retrieve info about routers, networks etc.
Therefore, 503 Service Unavailable is displayed.
Below are the HTTP Request and Response:
POST /v2.0/tokens HTTP/1.1
Host: <Keystone_IP>:35357
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json
User-Agent: keystonemiddleware.auth_token/4.4.1 keystoneauth1/2.4.1
python-requests/2.10.0 CPython/2.7.5
Content-Type: application/json
Content-Length: 51
{"auth": {"passwordCredentials": {"password": ""}}}HTTP/1.1 400 Bad Request
Date: Wed, 20 Sep 2017 05:27:25 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Vary: X-Auth-Token
x-openstack-request-id: req-40bf8fc7-45b1-4e45-b6cd-e3ea950dbc0e
Content-Length: 260
Connection: close
Content-Type: application/json
{"error": {"message": "Expecting to find username or userId in
passwordCredentials - the server could not comply with the request since it is
either malformed or otherwise incorrect. The client is assumed to be in
error.", "code": 400, "title": "Bad Request"}}
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com<mailto:jpav...@mirantis.com>]
Sent: Tuesday, September 19, 2017 6:32 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
it is jinja template, you cannot put those params with {{}} . Extend config by
this:
project_name=admin
project_domain_name=default
auth_url=http://ip:5000/v3
Jakub
On Tue, Sep 19, 2017 at 5:18 PM, Anda Nicolae
<anico...@lenovo.com<mailto:anico...@lenovo.com>> wrote:
Hi Jakub,
Thank you for your response. Before I posted the question on the list, I had
modified contrail-auth-keystone.conf like below. Without the changes below, I
was not able to log into Contrail:
auth_url=http://<IP>:35357/v3
auth_host=<IP>
auth_protocol=http
auth_port=35357
user=admin
password=<password>
#admin_user=<admin_user>
#admin_password=< admin_password >
#admin_tenant_name=< admin_tenant_name >
memcache_servers=127.0.0.1:11211<http://127.0.0.1:11211>
insecure=False
However, I modified contrail-auth-keystone.conf like you told me and now it
displays the following error in contrail-collector.log and Collector connection
is down:
Error the options configuration file contains an invalid line '{%- from
"opencontrail/map.jinja" import config with context -%}'
This is probably because I do not have any map.jinja file on my Contrail node.
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com<mailto:jpav...@mirantis.com>]
Sent: Tuesday, September 19, 2017 12:50 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
do you have configured this
https://github.com/salt-formulas/salt-formula-opencontrail/blob/master/opencontrail/files/3.0/contrail-keystone-auth.conf#L14
Jakub
On Tue, Sep 19, 2017 at 11:40 AM, Anda Nicolae
<anico...@lenovo.com<mailto:anico...@lenovo.com>> wrote:
Hi all,
I am using Contrail 3.2.5.0 on a RHEL server. I have 3 nodes: an OpenStack
controller, a Contrail controller and a Contrail compute.
Do you know whether Contrail supports multiple domains?
I know that OpenStack supports multiple domains when keystone v3 is used, but
Contrail processes do not seem to work OK with keystone v3.
Thanks,
Anda
_______________________________________________
Dev mailing list
Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org>
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
--
Jakub Pavlik
+420 602 177 027<tel:+420%20602%20177%20027>
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
--
Jakub Pavlik
+420 602 177 027<tel:+420%20602%20177%20027>
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
--
Jakub Pavlik
+420 602 177 027
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
_______________________________________________
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
