Alexis, Sounds good, thanks for clearing this up with the tenant-designate required link. I was triaging different auth/url combinations directly in the container in both RC files and then retrofitting them back out to onap-parameters.yaml in a delete/create pod cycle to verify each. Good to know it is config that can be fixed.
I have a VM both in the OOM and Logging tenants - there is still enough space for one more DCAE setup (96G) in the OOM tenant. I will try to get my Logging tenant enabled for Designate as then I can free up space on OOM. Retrying on my OOM VM now Differences DNSAAS_API_VERSION is v3 not v2.0 anymore DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 DCAE_DOMAIN was not specific enough added my LF id in the domain name And DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I will need to get one of these to align with the Logging tenant as well right? Thank you /michael -----Original Message----- From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 07:41 To: Michael O'Brien <frank.obr...@amdocs.com> Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, The reason you’re not able to get authorization to the OpenStack providing the DNS Designate is probably because of the tenantID you used. The lab has two OpenStack, .2, where you create the workload and so on, and .5 providing DNS Designate support. When configuring the DNAAS_* parameters, you need to reference the information of .5; the tenant OOM is the same, but its ID is different. I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, it means initial config is wrong (as highlighted above). This is implementation details that user shouldn’t care about. I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, privately. Thanks, Alexis > On Feb 7, 2018, at 12:43 AM, Michael O'Brien <frank.obr...@amdocs.com> wrote: > > Team, > Hi, I need your assistance for anyone bringing up DCAE in the intel lab. > I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am having > issues authenticating with designate in openlab. There is no issue with the > code, there are 2 installs of DCAE from the heat teamplate generated on the > Kubernetes side – already in the lab. My issue is the env parameters inside > the amsterdam version of onap-parameters.yaml. > > My issue is with DNS record creation, I don’t think the DCAE creation will > have an issue – because opensource commands work in side the container on > this RC – but it is blocked by my designate config. > > So this goes out to anyone that is doing a manual or automated > installation of OOM. > The OOM Teams’ automated CD system is not yet configured to test > DCAEGEN2 – hence the health numbers are always below 28/30 > http://jenkins.onap.info/job/oom-cd/ > > – I would like to fix this as well as get logs from the DCAE side. > > I am posting details of reproducing the dcae install in Alexis’ > page > https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Open > Stack > > Issue: > 1) When I source the DCAE rc – I am able to run openstack commands via > the kubernetes dcae controller – as usual > 2) But when I source the DNS rc – I get an authentication failure using > the demo/onapdemo credentials > > > ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi > DNS-openrc-v2.sh > > Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 > export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 > export OS_TENANT_ID=a85a0.......802c9fc50a7 > export OS_TENANT_NAME=Logging > export OS_USERNAME=demo > export OS_PASSWORD=onapdemo > export OS_REGION_NAME=RegionOne > > > root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack recordset list The request > you have made requires authentication. (HTTP 401) (Request-ID: > req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598) > ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it > heat-bootstrap-4010086101-8cdwz bash > root@heat-bootstrap:/# cd /opt/heat > > > root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack server list > | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | > oam_onap_w37L=10.0.16.1, 10.12.6.124 | ubuntu-16-04-cloud-amd64 > | m1.xxlarge | > | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE | > appc-multicloud-integration=10.10.5.14, 10.12.6.49 | > | v1.xlarge | > > > root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack server list The request you > have made requires authentication. (HTTP 401) (Request-ID: > req-82cfa5be-e351-49d0-bf87-18834c8affa0) > > > The password/username for the pod25 Designate DNS as a Service - > should be demo/onapdemo > ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat > DNS-openrc-v2.sh export OS_USERNAME="demo" > export OS_PASSWORD="onapdemo" > > I am not using multicloud proxying so the following url would not > resolve anyway for me (no instance) - I am using the regular keystone > url - which likely won't recognize the demo/onapdemo credentials > http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/iden > tity/v2.0 > > > If I set the user/pass to my tenant - then the DNS rc works for > openstack commands - testing to see if this will pass the dns record > creation commands now > Q: could anyone pass me their DNS-openrc-v2.sh file from their > /dockerdata-nfs dir from their working Intel openlab environment so I > can compare them - I specifically would like to see the DNS keystone > url thank you > > DNSaaS references > http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sect > ions/installation_heat.html#heat-template-parameters > Alexis, original fix to parameterize the hardcoded user/pass to > designate > https://lists.onap.org/pipermail/onap-discuss/2018-January/007549.html > https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=boot/dcae2_vm_init.sh;h=b071dffd53f0a431bbdff1c1228edce8ecddef2d;hb=refs/heads/amsterdam > 163 local DNSAAS_USERNAME='demo' > 164 local DNSAAS_PASSWORD='onapdemo' > > thank you > /michael > > > Michael O’Brien > Amdocs Technology > 16135955268 > 55268 > <image001.jpg> > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, you may > review at https://www.amdocs.com/about/email-disclaimer > _______________________________________________ > onap-discuss mailing list > onap-discuss@lists.onap.org > https://lists.onap.org/mailman/listinfo/onap-discuss This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer> _______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss
