It doesnt break multi-vim if regionIds are globally unique. Agree its sub-optimal but it is a constraint of the amsterdam API’s that they have to be.
Brian From: Yang, Bin [mailto:[email protected]] Sent: Monday, January 22, 2018 9:32 AM To: FREEMAN, BRIAN D <[email protected]>; Alexis de Talhouët <[email protected]> Cc: onap-discuss <[email protected]>; Ethan Lynn ([email protected]) <[email protected]>; HU, BIN <[email protected]> Subject: conflicted Interpretation of Cloud Region ID in AAI, RE: [onap-discuss] [AAI][SO] How to add another LCP Region Hi Brian, Two OpenStack instance cannot have the same Region ID will be a fundamental (and confusing) assumption which impacts many ONAP components. MultiCloud is one of them which has been interpreting this Region ID in different way: MultiCloud assumes that this Cloud Region ID in AAI was to store the OpenStack’s Region ID , it is confined in scope of a Cloud Owner. So MultiCloud assumes that Region ID itself does not have to be unique , but Cloud Owner + Cloud Region ID should be unique. This interpretation was based on the communication with AAI team (Ethan in cc list could share more context around that communication). With the AAI documentation (aai_swagger_v11.html), the cloud-region is uniquely identified by {cloud-owner}/{cloud-region-id}, not the {cloud-region-id} alone. That implies that it is possible that different {cloud-owner} have the same {cloud-region-id}. GET /cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id} Tags: CloudInfrastructure<file:///C:/workspace/onap/docs/aai/aai_swagger_v11.html#tag-CloudInfrastructure> returns cloud-region cloud-owner Identifies the vendor and cloud name, e.g., att-aic. First part of composite key should be formatted as vendor-cloudname path string cloud-region-id Identifier used by the vendor for the region. Second part of composite key path string On the other hands, SO, Robot VM, they all use ‘cloud-region-id’ as parameter to invoke OpenStack API, which means, this ‘cloud-region-id’ is the exactly the Region ID used in context of OpenStack API. Inevitably, there will be different OpenStack provisioned with “RegionOne” by default. So there is discrepancy between different ONAP components with regarding to how to interpret this ‘cloud-region-id’ in AAI. This discrepancy should be resolved in Beijing Release, otherwise it will be a blocking issue when there is use case to deploy VNFs to multiple VIM/Cloud instances. Thanks. Best Regards, Bin Yang, Solution Readiness Team, Wind River Direct +86,10,84777126 Mobile +86,13811391682 Fax +86,10,64398189 Skype: yangbincs993 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of FREEMAN, BRIAN D Sent: Thursday, January 11, 2018 2:55 AM To: Alexis de Talhouët Cc: onap-discuss Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region “So is it fair to say X distinct OpenStack instances must have unique Region(s) to be used in ONAP? e.g. two instance cannot have the same Region.” – Yes Brian From: Alexis de Talhouët [mailto:[email protected]] Sent: Wednesday, January 10, 2018 1:48 PM To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> Cc: onap-discuss <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region Ok, creating another Region in OpenStack , alongs with its service endpoints is working. So is it fair to say X distinct OpenStack instances must have unique Region(s) to be used in ONAP? e.g. two instance cannot have the same Region. Thanks for the help, Alexis On Jan 10, 2018, at 9:57 AM, FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> wrote: I would name the second openstack something other than RegionOne in that Openstack :) I suspect the design assumes the cloud regions have unique names but I didnt think robot needed the cloud region in their vanilla openstack keystone queries (but its been a while since I looked at a trace). I know Rackspace does have unique region names (IAD, DFW, etc) and we do in our installations but not sure if vanilla would require that. Brian From: Alexis de Talhouët [mailto:[email protected]] Sent: Wednesday, January 10, 2018 9:53 AM To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> Cc: onap-discuss <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region Ok, haven’t thought about deploying another robot. Regarding my attempt with RegionAlex, the thing is this region doesn’t exist in my Openstack, it’s RegionOne that exist. That’s why it’s not working. But I have to use a different name so mso can differentiate. But maybe I haven’t updated all the python scripts. I’ll have another look at it. Thanks, Alexis On Jan 10, 2018, at 9:49 AM, FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> wrote: I dont think robot can handle multiple cloud regions from one isntance. I would run two robot’s – one for each cloud region in all honesty or do what robot does via POSTMAN One thing though: Keystone address/Tenant/Username/Password have been changed as per as the Cloud Identity Service: id=ALEX_KEYSTONE Now the issue: —> If the region is RegionAlex, Robot can’t connect That should have worked. Are you sure you updated urls, tenantid, tenantname, credentials etc in all the .py’s needed ? Brian From: Alexis de Talhouët [mailto:[email protected]] Sent: Wednesday, January 10, 2018 9:31 AM To: FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> Cc: onap-discuss <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] [AAI][SO] How to add another LCP Region When you have two OpenStack having the same region, e.g. RegionOne, the thing is pretty complex and I haven’t figured it out completely. Create a region in AAI with a different name, like RegionAlex as example bellow, and add your tenant to the region. Everything down to instantiation is working. But then, we need to use heatbridge, which uses values in the vm_properties.py of robot container. In there, if I put my dummy region (RegionAlex), connection to the OpenStack is impossible. If I put the valid region, e.g. RegionOne, connection is possible, but then heatbridge will try to populate the RegionOne CloudRegion in AAI for the given tenant, which of course exist under RegionAlex, and not RegionOne, so heatbridge fails with 404. So then, if you create the tenant under RegionOne, heatbridge will work, but then you’re AAI is messed-up. To have VID listing the region and the tenant, you need to create them in AAI. The cloud-region-id has the match the value in the mso-cloud-config, so correlation can happen and authentication is successful. To recap, this is what I have: In MSO: Cloud Sites: CloudSite: id=RegionOne, regionId=RegionOne, identityServiceId=DEFAULT_KEYSTONE, aic_version=2.5, clli=RegionOne CloudSite: id=RegionAlex, regionId=RegionOne, identityServiceId=ALEX_KEYSTONE, aic_version=2.5, clli=RegionAlex Cloud Identity Services: Cloud Identity Service: id=DEFAULT_KEYSTONE, identityUrl=http://10.195.194.216:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.216-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=VUJoYm3UcavMJOo3tmXNf9nc82hLgiwojUtRW6iqYOk&s=T1EDl6plW6A--L5I-BnDXr7lX0IkPRXSDxN9CdIfmt0&e=>, msoId=nso, adminTenant=service, memberRole=admin, tenantMetadata=true, identityServerType=KEYSTONE, identityAuthenticationType=USERNAME_PASSWORD Cloud Identity Service: id=ALEX_KEYSTONE, identityUrl=http://10.195.194.213:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.213-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=VUJoYm3UcavMJOo3tmXNf9nc82hLgiwojUtRW6iqYOk&s=UCzy0VYIlLOm53l9BwoxQMuT0pDKrDqSpVATrH0Mp0I&e=>, msoId=vnf, adminTenant=service, memberRole=admin, tenantMetadata=true, identityServerType=KEYSTONE, identityAuthenticationType=USERNAME_PASSWORD In AAI: { "cloud-region": [ { "cloud-owner": "CloudOwner", "cloud-region-id": "RegionAlex", "cloud-type": "SharedNode", "owner-defined-type": "OwnerType", "cloud-region-version": "v1", "cloud-zone": "CloudZone", "sriov-automation": false, "resource-version": "1515592843258", "relationship-list": { "relationship": [ { "related-to": "complex", "related-link": "/aai/v11/cloud-infrastructure/complexes/complex/clli2", "relationship-data": [ { "relationship-key": "complex.physical-location-id", "relationship-value": "clli2" } ] } ] } }, { "cloud-owner": "CloudOwner", "cloud-region-id": "RegionOne", "cloud-type": "SharedNode", "owner-defined-type": "OwnerType", "cloud-region-version": "v1", "cloud-zone": "CloudZone", "sriov-automation": false, "resource-version": "1515100561059", "relationship-list": { "relationship": [ { "related-to": "complex", "related-link": "/aai/v11/cloud-infrastructure/complexes/complex/clli1", "relationship-data": [ { "relationship-key": "complex.physical-location-id", "relationship-value": "clli1" } ] } ] } } ] } Tenant for RegionOne: { "tenant": [ { "tenant-id": "5c59f02201d54aa89af1f2207f7be2c1", "tenant-name": "nso-rancher", "resource-version": "1515100561148", "relationship-list": { "relationship": [ —[cut]— ] } } ] } Tenant for RegionAlex: { "tenant": [ { "tenant-id": "7320ec4a5b9d4589ba7c4412ccfd290f", "tenant-name": "nso-vnf", "resource-version": "1515100561148", "relationship-list": { "relationship": [ —[cut]— ] } } ] } In vm_properties.py in Robot: In there, we have the following values populated: keystone address, tanant, username, password and tenant that we need to update to use the added region. Keystone address/Tenant/Username/Password have been changed as per as the Cloud Identity Service: id=ALEX_KEYSTONE Now the issue: —> If the region is RegionAlex, Robot can’t connect —> If the region is RegionOne, Robot can connect but then fail to update AAI because tenant If I change the region name in AAI (from RegionAlex to RegionOne), and add the new tenant in there, then MSO picks the wrong Cloud Identity Service, then instantiation fails. Do you guys have a proper way of doing this, that would really help. Thanks, Alexis On Jan 9, 2018, at 10:18 AM, Alexis de Talhouët <[email protected]<mailto:[email protected]>> wrote: Ok, so by having the cloud site as follow "RegionAlex": { "region_id": "RegionAlex", "clli": "RegionAlex", "aic_version": "2.5", "identity_service_id": "ALEX_KEYSTONE" } it’s showing correctly in VID. I also created its own clli in AAI. But I thought the region does matter for OpenStack, doesn’t it? Alexis On Jan 9, 2018, at 9:37 AM, FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> wrote: You need to name one RegionTwo or something, From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Alexis de Talhouët Sent: Tuesday, January 09, 2018 9:34 AM To: onap-discuss <[email protected]<mailto:[email protected]>> Subject: [onap-discuss] [AAI][SO] How to add another LCP Region Hello AAI, SO expert, I’m trying to add another LCP Region to be able to deploy VNF in another OpenStack instance. To do so, I have done the following: In MSO: - Add a Cloud Site "RegionAlex": { "region_id": "RegionOne", "clli": "RegionOne", "aic_version": "2.5", "identity_service_id": "ALEX_KEYSTONE" } - Add it’s associated Cloud Identity Services "ALEX_KEYSTONE": { "identity_url": "http://10.195.194.215:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__10.195.194.215-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=oHswheJmkWJIcCFYw24k7XQ3lZ-POKBf-k_XFejRrNQ&s=u3st_5cAWjMqICf5KR8cqtqgGnlBWa9NLed_jnRmi9Q&e=>", "mso_id": "nso", "mso_pass": "86b74198e8ccb959eaaadefevsd2a8a2", "admin_tenant": "service", "member_role": "admin", "tenant_metadata": true, "identity_server_type": "KEYSTONE", "identity_authentication_type": "USERNAME_PASSWORD" } In AAI: - Create a cloud region { "cloud-owner": "CloudOwner", "cloud-region-id": "RegionAlex", "cloud-type": "SharedNode", "owner-defined-type": "OwnerType", "cloud-region-version": "v1", "cloud-zone": "CloudZone", "sriov-automation": false, "resource-version": "1515506147118", "relationship-list": { "relationship": [ { "related-to": "complex", "related-link": "/aai/v11/cloud-infrastructure/complexes/complex/clli1", "relationship-data": [ { "relationship-key": "complex.physical-location-id", "relationship-value": "clli1" } ] } ] } } - Create the tenant in the region for the 4 different services with the right tenant id: { "tenant-id": "21ca0f4c2239475fbf1b4b499399163e", "tenant-name": "nso-rancher", "relationship-list": { "relationship": [ { "related-to": "service-subscription", "related-link": "/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vLB", "relationship-data": [ { "relationship-key": "customer.global-customer-id", "relationship-value": "Demonstration" }, { "relationship-key": "service-subscription.service-type", "relationship-value": "vLB" } ] }, { "related-to": "service-subscription", "related-link": "/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vIMS", "relationship-data": [ { "relationship-key": "customer.global-customer-id", "relationship-value": "Demonstration" }, { "relationship-key": "service-subscription.service-type", "relationship-value": "vIMS" } ] }, { "related-to": "service-subscription", "related-link": "/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFWCL", "relationship-data": [ { "relationship-key": "customer.global-customer-id", "relationship-value": "Demonstration" }, { "relationship-key": "service-subscription.service-type", "relationship-value": "vFWCL" } ] }, { "related-to": "service-subscription", "related-link": "/aai/v11/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vCPE", "relationship-data": [ { "relationship-key": "customer.global-customer-id", "relationship-value": "Demonstration" }, { "relationship-key": "service-subscription.service-type", "relationship-value": "vCPE" } ] } ] } } So my expectation is to have VID displaying the two LCP Region so I can pick the one where I want to deploy. The thing is, VID is showing only one “RegionOne” option. But in the console I can see it’s retrieving two. cloudRegionTenantList= creationService.js:909:3 [ { "cloudRegionId": "", "tenantName": "Please choose a region", "tenantId": "" }, { "cloudRegionId": "RegionOne", "tenantName": "nso-rancher", "tenantId": "5c59f02201d54aa89af1f2207f7be2c1", "isPermitted": true }, { "cloudRegionId": "RegionOne", "tenantName": "nso-rancher", "tenantId": "21ca0f4c2239475fbf1b4b499399163e", "isPermitted": true } ] So I’m wondering what I could have done wrong. As the cloudRegionId are the same, it’s displaying only one, but you can see the tenantId is different. My question is, what should be the process to do this? Thanks, Alexis
_______________________________________________ onap-discuss mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-discuss
