Alexis,
Getting a lot further - thanks
Retrofitted my environment with additional edits - we are aligned exactly
except for the 2 dcae keys, my domain and my user/pass
OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2
As you mention I think we need a DNS collision strategy/workarounds for
multiple DCAE installs in the same tenant
Q) how can I get Designate configured with the Logging project the way it is
for OOM - so I have that second Designate tenant id and we can coexist
For now before you delete yours - I will experiment with creating a
different target simpledemo.obrien.onap.org - just to verify I can get the VMs
up for now.
If you don't need your DCAE vms then you could also delete them to test
this.
When I rerun I get the following DNS collision on your DCAE setup - I am
wondering if more than one DCAE setup can be configured - because our recordset
entries will both point to the same simpledemo.onap.org - make sense we collide.
"Unable to create zone because another tenant owns a subzone of the zone"
logs
+ EXISTING_ZONES='9rMR.simpledemo.onap.org.
9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
4Xpi.simpledemo.onap.org.
KfD9.simpledemo.onap.org.
KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
Idp8.simpledemo.onap.org.
Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
Phx4.simpledemo.onap.org.
Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org.'
+ [[ 9rMR.simpledemo.onap.org.
9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
4Xpi.simpledemo.onap.org.
KfD9.simpledemo.onap.org.
KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
Idp8.simpledemo.onap.org.
Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org.
Phx4.simpledemo.onap.org.
Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org. =~
(^|[[:space:]])simpledemo.onap.org.($|[[:space:]]) ]]
+ echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...'
Zone simpledemo.onap.org. doens't exist, creating ...
++ awk '{ print $2} '
++ openstack zone create --email=o...@onap.org '--description=DNS zone bridging
DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id
Unable to create zone because another tenant owns a subzone of the zone
Create recordSet for simpledemo.onap.org.
+ SIMPLEDEMO_ONAP_ORG_ZONE_ID=
+ echo 'Create recordSet for simpledemo.onap.org.'
+ openstack recordset create --type=A --ttl=10 --records=10.12.6.150 vm1.aai
usage: openstack recordset create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX] --record RECORD --type
TYPE [--ttl TTL] [--description DESCRIPTION]
[--all-projects] [--edit-managed]
[--sudo-project-id SUDO_PROJECT_ID]
zone_id name
openstack recordset create: error: too few arguments
-----Original Message-----
From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Wednesday, February 7, 2018 09:50
To: Michael O'Brien <frank.obr...@amdocs.com>
Cc: onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during
dcae-controller DNS record creation - my creds/url combo is rejected
Michael,
Let me know if that works for you.
Also, I can clear my deployment, or feel free to do so, if you want. I no
longer need it. That would free up some space.
Alexis
> On Feb 7, 2018, at 9:28 AM, Michael O'Brien <frank.obr...@amdocs.com> wrote:
>
> Alexis,
> Sounds good, thanks for clearing this up with the tenant-designate required
> link.
> I was triaging different auth/url combinations directly in the container in
> both RC files and then retrofitting them back out to onap-parameters.yaml in
> a delete/create pod cycle to verify each.
> Good to know it is config that can be fixed.
>
> I have a VM both in the OOM and Logging tenants - there is still enough
> space for one more DCAE setup (96G) in the OOM tenant.
> I will try to get my Logging tenant enabled for Designate as then I can
> free up space on OOM.
>
> Retrying on my OOM VM now
>
> Differences
> DNSAAS_API_VERSION is v3 not v2.0 anymore
> DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm!
> DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27
> DCAE_DOMAIN was not specific enough added my LF id in the domain
> name
>
> And
> DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I
> will need to get one of these to align with the Logging tenant as well right?
>
>
> Thank you
>
> /michael
>
> -----Original Message-----
> From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
> Sent: Wednesday, February 7, 2018 07:41
> To: Michael O'Brien <frank.obr...@amdocs.com>
> Cc: onap-discuss@lists.onap.org
> Subject: Re: [onap-discuss] Help with DCAE Designate url
> authentication during dcae-controller DNS record creation - my
> creds/url combo is rejected
>
> Michael,
>
> The reason you’re not able to get authorization to the OpenStack providing
> the DNS Designate is probably because of the tenantID you used. The lab has
> two OpenStack, .2, where you create the workload and so on, and .5 providing
> DNS Designate support. When configuring the DNAAS_* parameters, you need to
> reference the information of .5; the tenant OOM is the same, but its ID is
> different.
>
> I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work,
> it means initial config is wrong (as highlighted above). This is
> implementation details that user shouldn’t care about.
>
> I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant,
> privately.
>
> Thanks,
> Alexis
>
>> On Feb 7, 2018, at 12:43 AM, Michael O'Brien <frank.obr...@amdocs.com> wrote:
>>
>> Team,
>> Hi, I need your assistance for anyone bringing up DCAE in the intel lab.
>> I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am
>> having issues authenticating with designate in openlab. There is no issue
>> with the code, there are 2 installs of DCAE from the heat teamplate
>> generated on the Kubernetes side – already in the lab. My issue is the env
>> parameters inside the amsterdam version of onap-parameters.yaml.
>>
>> My issue is with DNS record creation, I don’t think the DCAE creation will
>> have an issue – because opensource commands work in side the container on
>> this RC – but it is blocked by my designate config.
>>
>> So this goes out to anyone that is doing a manual or automated
>> installation of OOM.
>> The OOM Teams’ automated CD system is not yet configured to test
>> DCAEGEN2 – hence the health numbers are always below 28/30
>> http://jenkins.onap.info/job/oom-cd/
>>
>> – I would like to fix this as well as get logs from the DCAE side.
>>
>> I am posting details of reproducing the dcae install in Alexis’
>> page
>> https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Ope
>> n
>> Stack
>>
>> Issue:
>> 1) When I source the DCAE rc – I am able to run openstack commands via
>> the kubernetes dcae controller – as usual
>> 2) But when I source the DNS rc – I get an authentication failure using
>> the demo/onapdemo credentials
>>
>>
>> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi
>> DNS-openrc-v2.sh
>>
>> Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0
>> export OS_AUTH_URL=http://10.12.25.2:5000/v2.0
>> export OS_TENANT_ID=a85a0.......802c9fc50a7
>> export OS_TENANT_NAME=Logging
>> export OS_USERNAME=demo
>> export OS_PASSWORD=onapdemo
>> export OS_REGION_NAME=RegionOne
>>
>>
>> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh
>> root@heat-bootstrap:/opt/heat# openstack recordset list The request
>> you have made requires authentication. (HTTP 401) (Request-ID:
>> req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598)
>> ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it
>> heat-bootstrap-4010086101-8cdwz bash
>> root@heat-bootstrap:/# cd /opt/heat
>>
>>
>> root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh
>> root@heat-bootstrap:/opt/heat# openstack server list
>> | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE |
>> oam_onap_w37L=10.0.16.1, 10.12.6.124 |
>> ubuntu-16-04-cloud-amd64 | m1.xxlarge |
>> | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE |
>> appc-multicloud-integration=10.10.5.14, 10.12.6.49 |
>> | v1.xlarge |
>>
>>
>> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh
>> root@heat-bootstrap:/opt/heat# openstack server list The request you
>> have made requires authentication. (HTTP 401) (Request-ID:
>> req-82cfa5be-e351-49d0-bf87-18834c8affa0)
>>
>>
>> The password/username for the pod25 Designate DNS as a Service -
>> should be demo/onapdemo
>> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat
>> DNS-openrc-v2.sh export OS_USERNAME="demo"
>> export OS_PASSWORD="onapdemo"
>>
>> I am not using multicloud proxying so the following url would not
>> resolve anyway for me (no instance) - I am using the regular keystone
>> url - which likely won't recognize the demo/onapdemo credentials
>> http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/ide
>> n
>> tity/v2.0
>>
>>
>> If I set the user/pass to my tenant - then the DNS rc works for
>> openstack commands - testing to see if this will pass the dns record
>> creation commands now
>> Q: could anyone pass me their DNS-openrc-v2.sh file from their
>> /dockerdata-nfs dir from their working Intel openlab environment so I
>> can compare them - I specifically would like to see the DNS keystone
>> url thank you
>>
>> DNSaaS references
>> http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sec
>> t ions/installation_heat.html#heat-template-parameters
>> Alexis, original fix to parameterize the hardcoded user/pass to
>> designate
>> https://lists.onap.org/pipermail/onap-discuss/2018-January/007549.htm
>> l
>> https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=boot/dcae2_vm_init.sh;h=b071dffd53f0a431bbdff1c1228edce8ecddef2d;hb=refs/heads/amsterdam
>> 163 local DNSAAS_USERNAME='demo'
>> 164 local DNSAAS_PASSWORD='onapdemo'
>>
>> thank you
>> /michael
>>
>>
>> Michael O’Brien
>> Amdocs Technology
>> 16135955268
>> 55268
>> <image001.jpg>
>>
>> This message and the information contained herein is proprietary and
>> confidential and subject to the Amdocs policy statement, you may
>> review at https://www.amdocs.com/about/email-disclaimer
>> _______________________________________________
>> onap-discuss mailing list
>> onap-discuss@lists.onap.org
>> https://lists.onap.org/mailman/listinfo/onap-discuss
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss
