[onap-discuss] dcae-bootstrap vm cannot get token from openstack v2.0

Wed, 25 Apr 2018 02:01:22 -0700 

Hi,

I have ONAP on K8S up and running, the dcae-bootstrap VM up.

However, the script dcae_vm_init.sh cannot get a token from my Openstack v2.0 
api, and the srcipt exits.

If I try to get the token manually from my Openstack v2.0, I can get the token 
OK, as you can see below.

I also show below the registration done by the script in AAI, I noticed that 
the script used to add "v3" to my identity URL, which is wrong, so i changed 
this value to be correct "v2.0", but still the script cannot get the token.

I tried looking into the MSB-IAG container logs, but it only shows the GET 
request, and i don't see the response from my openstack, and since it's SSL, i 
cannot use wireshark to see the response from openstack.

How can i troubleshoot this issue, to see the HTTP TOKEN request and response 
between MSB and Openstack v2.0 ?

Also, why do we need to get the token via multicloud, if my DCAE vm and OOM are 
on the same tenant, using the same keystone ? do we need the multicloud proxy 
here ?


This is a manual GET TOKEN request:

root@dcae-dcae-bootstrap:/opt# curl -v -H 'Content-Type: application/json' -X 
POST -d 
'{"auth":{"passwordCredentials":{"username":"[email protected]","password":"xxxx"},"tenantName":
 "0750179787_ITNSchool"}}}' https://identity.fr1.cloudwatt.com/v2.0/tokens
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 185.23.94.20...
* Connected to identity.fr1.cloudwatt.com (185.23.94.20) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: *.fr1.cloudwatt.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: C=FR,L=Paris,O=Orange,OU=Orange Cloud for 
Business,CN=*.fr1.cloudwatt.com
*        start date: Mon, 12 Feb 2018 00:00:00 GMT
*        expire date: Fri, 16 Nov 2018 12:00:00 GMT
*        issuer: C=US,O=DigiCert Inc,CN=DigiCert Global CA G2
*        compression: NULL
* ALPN, server did not agree to a protocol
> POST /v2.0/tokens HTTP/1.1
> Host: identity.fr1.cloudwatt.com
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 143
>
* upload completely sent off: 143 out of 143 bytes
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Cache-Control: no-cache
< Server: Jetty (horse API)
< Content-Length: 7319
< Strict-Transport-Security: max-age=55779513; includeSubDomains
<
{"access":{"token":{"id":"gAAAAABa4D83is432vt2OSzjl_ej6WVVKiCFASVNfTl-M-
...


This is the GET TOKEN request from dcae_vm_init.sh using multicloud proxy:

root@dcae-dcae-bootstrap:/opt# curl -v -H 'Content-Type: application/json' -X 
POST -d '{"auth":{"tenantName": "0750179787_ITNSchool"}}' 
http://vm1.openo.7Ho5.simpledemo.onap.org/api/multicloud-titanium_cloud/v0/pod25_fr1/identity/v3/auth/tokens
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 84.39.51.47...
* Connected to vm1.openo.7Ho5.simpledemo.onap.org (84.39.51.47) port 80 (#0)
> POST /api/multicloud-titanium_cloud/v0/pod25_fr1/identity/v3/auth/tokens 
> HTTP/1.1
> Host: vm1.openo.7Ho5.simpledemo.onap.org
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 47
>
* upload completely sent off: 47 out of 47 bytes
< HTTP/1.1 500 Internal Server Error
< Server: nginx/1.12.2
< Date: Wed, 25 Apr 2018 08:35:06 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Cookie
< X-Frame-Options: SAMEORIGIN
< Allow: GET, POST, HEAD, OPTIONS
<
* Connection #0 to host vm1.openo.7Ho5.simpledemo.onap.org left intact
{"error":"'token'"}


This is the cloud region registration in AAI:

root@dcae-dcae-bootstrap:/opt# curl -k -X GET -H "X-FromAppId: AAI-Temp-Tool" 
-H "X-TransactionId: AAI-Temp-Tool"" -H "Content-Type: application/json" -H 
"Accept: application/json" -u AAI:AAI 
https://vm1.aai.7Ho5.simpledemo.onap.org:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/pod25/fr1?depth=all
 | json_pp
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1350  100  1350    0     0   5702      0 --:--:-- --:--:-- --:--:--  5720
{
   "owner-defined-type" : "owner-defined-type",
   "esr-system-info-list" : {
      "esr-system-info" : [
         {
            "password" : "xxxx",
            "cloud-domain" : "default",
            "system-type" : "VIM",
            "ssl-insecure" : true,
            "type" : "example-type-val-85254",
            "service-url" : "https://identity.fr1.cloudwatt.com/v2.0";,
            "ip-address" : "example-ip-address-val-44431",
            "port" : "example-port-val-93234",
            "system-name" : "example-system-name-val-29070",
            "resource-version" : "1524600009342",
            "vendor" : "example-vendor-val-94515",
            "esr-system-info-id" : "432ac032-e996-41f2-84ed-9c7a1766eb29",
            "version" : "example-version-val-71880",
            "default-tenant" : "0750179787_ITNSchool",
            "ssl-cacert" : "example-ssl-cacert-val-75021",
            "user-name" : "[email protected]"
         }
      ]
   },
   "resource-version" : "1524569196405",
   "cloud-extra-info" : 
"{\"epa-caps\":{\"huge_page\":\"true\",\"cpu_pinning\":\"true\",\"cpu_thread_policy\":\"true\",\"numa_aware\":\"true\",\"sriov\":\"true\",\"dpdk_vswitch\":\"true\",\"rdt\":\"false\",\"numa_locality_pci\":\"true\"},\"dns-delegate\":{\"cloud-owner\":\"pod25dns\",\"cloud-region-id\":\"RegionOne\"}}",
   "cloud-type" : "openstack",
   "sriov-automation" : false,
   "cloud-region-version" : "titanium_cloud",
   "complex-name" : "complex name",
   "cloud-zone" : "cloud zone",
   "cloud-region-id" : "fr1",
   "identity-url" : 
"http://vm1.openo.7Ho5.simpledemo.onap.org/api/multicloud-titanium_cloud/v0/pod25_fr1/identity/v2.0";,
   "cloud-owner" : "pod25"
}

Abdelmuhaimen Seaudi
Orange Labs Egypt


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.


_______________________________________________
onap-discuss mailing list
[email protected]
https://lists.onap.org/mailman/listinfo/onap-discuss

Reply via email to