Hi Brian,
Two OpenStack instance cannot have the same Region ID will be a
fundamental (and confusing) assumption which impacts many ONAP components.
MultiCloud is one of them which has been interpreting this Region ID in
different way: MultiCloud assumes that this Cloud Region ID in AAI was to store
the OpenStack’s Region ID , it is confined in scope of a Cloud Owner. So
MultiCloud assumes that Region ID itself does not have to be unique , but Cloud
Owner + Cloud Region ID should be unique. This interpretation was based on the
communication with AAI team (Ethan in cc list could share more context around
that communication).
With the AAI documentation (aai_swagger_v11.html), the cloud-region is uniquely
identified by {cloud-owner}/{cloud-region-id}, not the {cloud-region-id} alone.
That implies that it is possible that different {cloud-owner} have the same
{cloud-region-id}.
GET
/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}
Tags:
CloudInfrastructure<file:///C:\workspace\onap\docs\aai\aai_swagger_v11.html#tag-CloudInfrastructure>
returns cloud-region
cloud-owner
Identifies the vendor and cloud name, e.g., att-aic. First part of composite
key should be formatted as vendor-cloudname
path
string
cloud-region-id
Identifier used by the vendor for the region. Second part of composite key
path
string
On the other hands, SO, Robot VM, they all use ‘cloud-region-id’ as parameter
to invoke OpenStack API, which means, this ‘cloud-region-id’ is the exactly the
Region ID used in context of OpenStack API. Inevitably, there will be different
OpenStack provisioned with “RegionOne” by default.
So there is discrepancy between different ONAP components with regarding to how
to interpret this ‘cloud-region-id’ in AAI. This discrepancy should be resolved
in Beijing Release, otherwise it will be a blocking issue when there is use
case to deploy VNFs to multiple VIM/Cloud instances.
Thanks.
Best Regards,
Bin Yang, Solution Readiness Team, Wind River
Direct +86,10,84777126 Mobile +86,13811391682 Fax +86,10,64398189
Skype: yangbincs993
From: [email protected]
[mailto:[email protected]] On Behalf Of FREEMAN, BRIAN D
Sent: Thursday, January 11, 2018 2:55 AM
To: Alexis de Talhouët
Cc: onap-discuss
Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region
“So is it fair to say X distinct OpenStack instances must have unique Region(s)
to be used in ONAP? e.g. two instance cannot have the same Region.” – Yes
Brian
From: Alexis de Talhouët [mailto:[email protected]]
Sent: Wednesday, January 10, 2018 1:48 PM
To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>
Cc: onap-discuss
<[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region
Ok, creating another Region in OpenStack , alongs with its service endpoints is
working.
So is it fair to say X distinct OpenStack instances must have unique Region(s)
to be used in ONAP? e.g. two instance cannot have the same Region.
Thanks for the help,
Alexis
On Jan 10, 2018, at 9:57 AM, FREEMAN, BRIAN D
<[email protected]<mailto:[email protected]>> wrote:
I would name the second openstack something other than RegionOne in that
Openstack :) I suspect the design assumes the cloud regions have unique names
but I didnt think robot needed the cloud region in their vanilla openstack
keystone queries (but its been a while since I looked at a trace). I know
Rackspace does have unique region names (IAD, DFW, etc) and we do in our
installations but not sure if vanilla would require that.
Brian
From: Alexis de Talhouët [mailto:[email protected]]
Sent: Wednesday, January 10, 2018 9:53 AM
To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>
Cc: onap-discuss
<[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region
Ok, haven’t thought about deploying another robot.
Regarding my attempt with RegionAlex, the thing is this region doesn’t exist in
my Openstack, it’s RegionOne that exist. That’s why it’s not working. But I
have to use a different name so mso can differentiate.
But maybe I haven’t updated all the python scripts. I’ll have another look at
it.
Thanks,
Alexis
On Jan 10, 2018, at 9:49 AM, FREEMAN, BRIAN D
<[email protected]<mailto:[email protected]>> wrote:
I dont think robot can handle multiple cloud regions from one isntance.
I would run two robot’s – one for each cloud region in all honesty or do what
robot does via POSTMAN
One thing though:
Keystone address/Tenant/Username/Password have been changed as per as the Cloud
Identity Service: id=ALEX_KEYSTONE
Now the issue:
—> If the region is RegionAlex, Robot can’t connect
That should have worked. Are you sure you updated urls, tenantid, tenantname,
credentials etc in all the .py’s needed ?
Brian
From: Alexis de Talhouët [mailto:[email protected]]
Sent: Wednesday, January 10, 2018 9:31 AM
To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>
Cc: onap-discuss
<[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region
When you have two OpenStack having the same region, e.g. RegionOne, the thing
is pretty complex and I haven’t figured it out completely.
Create a region in AAI with a different name, like RegionAlex as example
bellow, and add your tenant to the region. Everything down to instantiation is
working.
But then, we need to use heatbridge, which uses values in the vm_properties.py
of robot container. In there, if I put my dummy region (RegionAlex), connection
to the OpenStack is impossible.
If I put the valid region, e.g. RegionOne, connection is possible, but then
heatbridge will try to populate the RegionOne CloudRegion in AAI for the given
tenant, which of course exist under RegionAlex, and not RegionOne, so
heatbridge fails with 404.
So then, if you create the tenant under RegionOne, heatbridge will work, but
then you’re AAI is messed-up.
To have VID listing the region and the tenant, you need to create them in AAI.
The cloud-region-id has the match the value in the mso-cloud-config, so
correlation can happen and authentication is successful.
To recap, this is what I have:
In MSO:
Cloud Sites:
CloudSite: id=RegionOne, regionId=RegionOne,
identityServiceId=DEFAULT_KEYSTONE, aic_version=2.5, clli=RegionOne
CloudSite: id=RegionAlex, regionId=RegionOne, identityServiceId=ALEX_KEYSTONE,
aic_version=2.5, clli=RegionAlex
Cloud Identity Services:
Cloud Identity Service: id=DEFAULT_KEYSTONE,
identityUrl=http://10.195.194.216:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.216-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=VUJoYm3UcavMJOo3tmXNf9nc82hLgiwojUtRW6iqYOk&s=T1EDl6plW6A--L5I-BnDXr7lX0IkPRXSDxN9CdIfmt0&e=>,
msoId=nso, adminTenant=service, memberRole=admin, tenantMetadata=true,
identityServerType=KEYSTONE, identityAuthenticationType=USERNAME_PASSWORD
Cloud Identity Service: id=ALEX_KEYSTONE,
identityUrl=http://10.195.194.213:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.213-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=VUJoYm3UcavMJOo3tmXNf9nc82hLgiwojUtRW6iqYOk&s=UCzy0VYIlLOm53l9BwoxQMuT0pDKrDqSpVATrH0Mp0I&e=>,
msoId=vnf, adminTenant=service, memberRole=admin, tenantMetadata=true,
identityServerType=KEYSTONE, identityAuthenticationType=USERNAME_PASSWORD
In AAI:
{
"cloud-region": [
{
"cloud-owner": "CloudOwner",
"cloud-region-id": "RegionAlex",
"cloud-type": "SharedNode",
"owner-defined-type": "OwnerType",
"cloud-region-version": "v1",
"cloud-zone": "CloudZone",
"sriov-automation": false,
"resource-version": "1515592843258",
"relationship-list": {
"relationship": [
{
"related-to": "complex",
"related-link":
"/aai/v11/cloud-infrastructure/complexes/complex/clli2",
"relationship-data": [
{
"relationship-key":
"complex.physical-location-id",
"relationship-value": "clli2"
}
]
}
]
}
},
{
"cloud-owner": "CloudOwner",
"cloud-region-id": "RegionOne",
"cloud-type": "SharedNode",
"owner-defined-type": "OwnerType",
"cloud-region-version": "v1",
"cloud-zone": "CloudZone",
"sriov-automation": false,
"resource-version": "1515100561059",
"relationship-list": {
"relationship": [
{
"related-to": "complex",
"related-link":
"/aai/v11/cloud-infrastructure/complexes/complex/clli1",
"relationship-data": [
{
"relationship-key":
"complex.physical-location-id",
"relationship-value": "clli1"
}
]
}
]
}
}
]
}
Tenant for RegionOne:
{
"tenant": [
{
"tenant-id": "5c59f02201d54aa89af1f2207f7be2c1",
"tenant-name": "nso-rancher",
"resource-version": "1515100561148",
"relationship-list": {
"relationship": [
—[cut]—
]
}
}
]
}
Tenant for RegionAlex:
{
"tenant": [
{
"tenant-id": "7320ec4a5b9d4589ba7c4412ccfd290f",
"tenant-name": "nso-vnf",
"resource-version": "1515100561148",
"relationship-list": {
"relationship": [
—[cut]—
]
}
}
]
}
In vm_properties.py in Robot:
In there, we have the following values populated: keystone address, tanant,
username, password and tenant that we need to update to use the added region.
Keystone address/Tenant/Username/Password have been changed as per as the Cloud
Identity Service: id=ALEX_KEYSTONE
Now the issue:
—> If the region is RegionAlex, Robot can’t connect
—> If the region is RegionOne, Robot can connect but then fail to update AAI
because tenant
If I change the region name in AAI (from RegionAlex to RegionOne), and add the
new tenant in there, then MSO picks the wrong Cloud Identity Service, then
instantiation fails.
Do you guys have a proper way of doing this, that would really help.
Thanks,
Alexis
On Jan 9, 2018, at 10:18 AM, Alexis de Talhouët
<[email protected]<mailto:[email protected]>> wrote:
Ok, so by having the cloud site as follow
"RegionAlex":
{
"region_id": "RegionAlex",
"clli": "RegionAlex",
"aic_version": "2.5",
"identity_service_id": "ALEX_KEYSTONE"
}
it’s showing correctly in VID. I also created its own clli in AAI.
But I thought the region does matter for OpenStack, doesn’t it?
Alexis
On Jan 9, 2018, at 9:37 AM, FREEMAN, BRIAN D
<[email protected]<mailto:[email protected]>> wrote:
You need to name one RegionTwo or something,
From:
[email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Alexis de Talhouët
Sent: Tuesday, January 09, 2018 9:34 AM
To: onap-discuss
<[email protected]<mailto:[email protected]>>
Subject: [onap-discuss] [AAI][SO] How to add another LCP Region
Hello AAI, SO expert,
I’m trying to add another LCP Region to be able to deploy VNF in another
OpenStack instance.
To do so, I have done the following:
In MSO:
- Add a Cloud Site
"RegionAlex":
{
"region_id": "RegionOne",
"clli": "RegionOne",
"aic_version": "2.5",
"identity_service_id": "ALEX_KEYSTONE"
}
- Add it’s associated Cloud Identity Services
"ALEX_KEYSTONE":
{
"identity_url":
"http://10.195.194.215:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.215-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=oHswheJmkWJIcCFYw24k7XQ3lZ-POKBf-k_XFejRrNQ&s=u3st_5cAWjMqICf5KR8cqtqgGnlBWa9NLed_jnRmi9Q&e=>",
"mso_id": "nso",
"mso_pass": "86b74198e8ccb959eaaadefevsd2a8a2",
"admin_tenant": "service",
"member_role": "admin",
"tenant_metadata": true,
"identity_server_type": "KEYSTONE",
"identity_authentication_type": "USERNAME_PASSWORD"
}
In AAI:
- Create a cloud region
{
"cloud-owner": "CloudOwner",
"cloud-region-id": "RegionAlex",
"cloud-type": "SharedNode",
"owner-defined-type": "OwnerType",
"cloud-region-version": "v1",
"cloud-zone": "CloudZone",
"sriov-automation": false,
"resource-version": "1515506147118",
"relationship-list": {
"relationship": [
{
"related-to": "complex",
"related-link":
"/aai/v11/cloud-infrastructure/complexes/complex/clli1",
"relationship-data": [
{
"relationship-key":
"complex.physical-location-id",
"relationship-value": "clli1"
}
]
}
]
}
}
- Create the tenant in the region for the 4 different services with the right
tenant id:
{
"tenant-id": "21ca0f4c2239475fbf1b4b499399163e",
"tenant-name": "nso-rancher",
"relationship-list": {
"relationship": [
{
"related-to": "service-subscription",
"related-link":
"/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vLB",
"relationship-data": [
{
"relationship-key": "customer.global-customer-id",
"relationship-value": "Demonstration"
},
{
"relationship-key": "service-subscription.service-type",
"relationship-value": "vLB"
}
]
},
{
"related-to": "service-subscription",
"related-link":
"/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vIMS",
"relationship-data": [
{
"relationship-key": "customer.global-customer-id",
"relationship-value": "Demonstration"
},
{
"relationship-key": "service-subscription.service-type",
"relationship-value": "vIMS"
}
]
},
{
"related-to": "service-subscription",
"related-link":
"/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFWCL",
"relationship-data": [
{
"relationship-key": "customer.global-customer-id",
"relationship-value": "Demonstration"
},
{
"relationship-key": "service-subscription.service-type",
"relationship-value": "vFWCL"
}
]
},
{
"related-to": "service-subscription",
"related-link":
"/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vCPE",
"relationship-data": [
{
"relationship-key": "customer.global-customer-id",
"relationship-value": "Demonstration"
},
{
"relationship-key": "service-subscription.service-type",
"relationship-value": "vCPE"
}
]
}
]
}
}
So my expectation is to have VID displaying the two LCP Region so I can pick
the one where I want to deploy.
The thing is, VID is showing only one “RegionOne” option. But in the console I
can see it’s retrieving two.
cloudRegionTenantList= creationService.js:909:3
[
{
"cloudRegionId": "",
"tenantName": "Please choose a region",
"tenantId": ""
},
{
"cloudRegionId": "RegionOne",
"tenantName": "nso-rancher",
"tenantId": "5c59f02201d54aa89af1f2207f7be2c1",
"isPermitted": true
},
{
"cloudRegionId": "RegionOne",
"tenantName": "nso-rancher",
"tenantId": "21ca0f4c2239475fbf1b4b499399163e",
"isPermitted": true
}
]
So I’m wondering what I could have done wrong. As the cloudRegionId are the
same, it’s displaying only one, but you can see the tenantId is different.
My question is, what should be the process to do this?
Thanks,
Alexis
_______________________________________________
onap-discuss mailing list
[email protected]
https://lists.onap.org/mailman/listinfo/onap-discuss
