Michael, Let me know if that works for you. Also, I can clear my deployment, or feel free to do so, if you want. I no longer need it. That would free up some space.
Alexis > On Feb 7, 2018, at 9:28 AM, Michael O'Brien <[email protected]> wrote: > > Alexis, > Sounds good, thanks for clearing this up with the tenant-designate required > link. > I was triaging different auth/url combinations directly in the container in > both RC files and then retrofitting them back out to onap-parameters.yaml in > a delete/create pod cycle to verify each. > Good to know it is config that can be fixed. > > I have a VM both in the OOM and Logging tenants - there is still enough > space for one more DCAE setup (96G) in the OOM tenant. > I will try to get my Logging tenant enabled for Designate as then I can > free up space on OOM. > > Retrying on my OOM VM now > > Differences > DNSAAS_API_VERSION is v3 not v2.0 anymore > DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! > DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 > DCAE_DOMAIN was not specific enough added my LF id in the domain name > > And > DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I > will need to get one of these to align with the Logging tenant as well right? > > > Thank you > > /michael > > -----Original Message----- > From: Alexis de Talhouët [mailto:[email protected]] > Sent: Wednesday, February 7, 2018 07:41 > To: Michael O'Brien <[email protected]> > Cc: [email protected] > Subject: Re: [onap-discuss] Help with DCAE Designate url authentication > during dcae-controller DNS record creation - my creds/url combo is rejected > > Michael, > > The reason you’re not able to get authorization to the OpenStack providing > the DNS Designate is probably because of the tenantID you used. The lab has > two OpenStack, .2, where you create the workload and so on, and .5 providing > DNS Designate support. When configuring the DNAAS_* parameters, you need to > reference the information of .5; the tenant OOM is the same, but its ID is > different. > > I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, > it means initial config is wrong (as highlighted above). This is > implementation details that user shouldn’t care about. > > I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, > privately. > > Thanks, > Alexis > >> On Feb 7, 2018, at 12:43 AM, Michael O'Brien <[email protected]> wrote: >> >> Team, >> Hi, I need your assistance for anyone bringing up DCAE in the intel lab. >> I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am >> having issues authenticating with designate in openlab. There is no issue >> with the code, there are 2 installs of DCAE from the heat teamplate >> generated on the Kubernetes side – already in the lab. My issue is the env >> parameters inside the amsterdam version of onap-parameters.yaml. >> >> My issue is with DNS record creation, I don’t think the DCAE creation will >> have an issue – because opensource commands work in side the container on >> this RC – but it is blocked by my designate config. >> >> So this goes out to anyone that is doing a manual or automated >> installation of OOM. >> The OOM Teams’ automated CD system is not yet configured to test >> DCAEGEN2 – hence the health numbers are always below 28/30 >> http://jenkins.onap.info/job/oom-cd/ >> >> – I would like to fix this as well as get logs from the DCAE side. >> >> I am posting details of reproducing the dcae install in Alexis’ >> page >> https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Open >> Stack >> >> Issue: >> 1) When I source the DCAE rc – I am able to run openstack commands via >> the kubernetes dcae controller – as usual >> 2) But when I source the DNS rc – I get an authentication failure using >> the demo/onapdemo credentials >> >> >> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi >> DNS-openrc-v2.sh >> >> Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 >> export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 >> export OS_TENANT_ID=a85a0.......802c9fc50a7 >> export OS_TENANT_NAME=Logging >> export OS_USERNAME=demo >> export OS_PASSWORD=onapdemo >> export OS_REGION_NAME=RegionOne >> >> >> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack recordset list The request >> you have made requires authentication. (HTTP 401) (Request-ID: >> req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598) >> ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it >> heat-bootstrap-4010086101-8cdwz bash >> root@heat-bootstrap:/# cd /opt/heat >> >> >> root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack server list >> | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | >> oam_onap_w37L=10.0.16.1, 10.12.6.124 | >> ubuntu-16-04-cloud-amd64 | m1.xxlarge | >> | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE | >> appc-multicloud-integration=10.10.5.14, 10.12.6.49 | >> | v1.xlarge | >> >> >> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack server list The request you >> have made requires authentication. (HTTP 401) (Request-ID: >> req-82cfa5be-e351-49d0-bf87-18834c8affa0) >> >> >> The password/username for the pod25 Designate DNS as a Service - >> should be demo/onapdemo >> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat >> DNS-openrc-v2.sh export OS_USERNAME="demo" >> export OS_PASSWORD="onapdemo" >> >> I am not using multicloud proxying so the following url would not >> resolve anyway for me (no instance) - I am using the regular keystone >> url - which likely won't recognize the demo/onapdemo credentials >> http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/iden >> tity/v2.0 >> >> >> If I set the user/pass to my tenant - then the DNS rc works for >> openstack commands - testing to see if this will pass the dns record >> creation commands now >> Q: could anyone pass me their DNS-openrc-v2.sh file from their >> /dockerdata-nfs dir from their working Intel openlab environment so I >> can compare them - I specifically would like to see the DNS keystone >> url thank you >> >> DNSaaS references >> http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sect >> ions/installation_heat.html#heat-template-parameters >> Alexis, original fix to parameterize the hardcoded user/pass to >> designate >> https://lists.onap.org/pipermail/onap-discuss/2018-January/007549.html >> https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=boot/dcae2_vm_init.sh;h=b071dffd53f0a431bbdff1c1228edce8ecddef2d;hb=refs/heads/amsterdam >> 163 local DNSAAS_USERNAME='demo' >> 164 local DNSAAS_PASSWORD='onapdemo' >> >> thank you >> /michael >> >> >> Michael O’Brien >> Amdocs Technology >> 16135955268 >> 55268 >> <image001.jpg> >> >> This message and the information contained herein is proprietary and >> confidential and subject to the Amdocs policy statement, you may >> review at https://www.amdocs.com/about/email-disclaimer >> _______________________________________________ >> onap-discuss mailing list >> [email protected] >> https://lists.onap.org/mailman/listinfo/onap-discuss > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, > > you may review at https://www.amdocs.com/about/email-disclaimer > <https://www.amdocs.com/about/email-disclaimer> _______________________________________________ onap-discuss mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-discuss
