Thanks Brain and Steve for the very quick response. We will take one of the approches and update you.
Regards, Praveen. Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: FREEMAN, BRIAN D <[email protected]> Sent: Tuesday, April 16, 2019 7:37:56 PM To: [email protected]; Velugubantla Praveen Cc: Mudit Simlote; RAKESH KHEMANI Subject: RE: [ONAP]-[SO]-[vCPE]-SO-Keystone authentication issue You have to use multicloud in Casablanca to talk to a v3 keystone. V2 from SO to Multicloud and v3 from Multicloud In Dublin SO directly supports v3 and there is a patched version of SO around that supports v3 that Seshu has I think. If you have a v3 enabled SO – then KEYSTONE_V3 is the identity type not KEYSTONE and you need to include the project_domain and user_domain fields in the cloud_sites table Brian From: [email protected] <[email protected]> On Behalf Of Velugubantla Praveen Sent: Tuesday, April 16, 2019 10:02 AM To: [email protected] Cc: Mudit Simlote <[email protected]>; RAKESH KHEMANI <[email protected]> Subject: [onap-discuss] [ONAP]-[SO]-[vCPE]-SO-Keystone authentication issue Hi Team, We are using ONAP Casablanca Release OOM based Deployment with Openstack Ocata for implementing the vCPE use case. All 5 services for vCPE have been created and distributed successfully. We used the vcpe.py infra to automatically deploy the infra service. However, while creating network, we face issue where SO Openstack Adaptor cannot authenticate with the Openstack Keystone service ( which is v3 in our case as v2.0 is deprecated ) Here is the "so-openstack-adapter" POD error snippet ( full details in log file attached) "id" : "RegionOne", "identityService" : { "id" : "DEFAULT_KEYSTONE", "handler" : { }, "hibernateLazyInitializer" : { }, "identityServerTypeAsString" : "KEYSTONE", "identity_url" : "http://192.168.9.24:5000/v3";<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=7kE4LKXHZzbtFWnXD_6xIePoEKmCJ03FrA0-fAXtkCk&e=>, "mso_id" : "admin", "mso_pass" : "15650822a7b470459dd57a73e3f4aca8", "admin_tenant" : "admin", "member_role" : "admin", "tenant_metadata" : true, "identity_server_type" : "KEYSTONE", "identity_authentication_type" : "USERNAME_PASSWORD", "last_updated_by" : "FLYWAY", "creation_timestamp" : "2019-04-11T12:46:53.000+0000", "update_timestamp" : "2019-04-11T12:46:53.000+0000" }, "uri" : null, "region_id" : "RegionOne", "aic_version" : "2.5", "clli" : "RegionOne", "platform" : null, "orchestrator" : null, "cloudify_id" : null, "identity_service_id" : "DEFAULT_KEYSTONE", "last_updated_by" : "FLYWAY", "creation_timestamp" : "2019-04-11T12:46:53.000+0000", "update_timestamp" : "2019-04-11T12:46:53.000+0000", "_links" : { "self" : { "href" : "http://so-catalog-db-adapter.onap:8082/cloudSite/RegionOne";<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_RegionOne-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=4PQi7LkDsZd2Wk3O9lrqX60x5iSdudyFZzNPAFqLLRU&e=> }, "cloudSite" : { "href" : "http://so-catalog-db-adapter.onap:8082/cloudSite/RegionOne";<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_RegionOne-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=4PQi7LkDsZd2Wk3O9lrqX60x5iSdudyFZzNPAFqLLRU&e=> } } } 2019-04-15T14:43:13.354Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| o.onap.so.logging.jaxrs.filter.SpringClientFilter - =======================response end================================================= 2019-04-15T14:43:13.356Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - Found: CloudSite_.._jvst697_31[regionId=RegionOne,identityServiceId=DEFAULT_KEYSTONE,cloudVersion=2.5,clli=RegionOne,cloudifyId=<null>,platform=<null>,orchestrator=<null>] 2019-04-15T14:43:13.356Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - Found: CloudIdentity[id=DEFAULT_KEYSTONE,identityUrl=http://192.168.9.24:5000/v3,msoId=admin,adminTenant=admin,memberRole=admin,tenantMetadata=true,identityServerType=KEYSTONE,identityAuthenticationType=USERNAME_PASSWORD<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3-2CmsoId-3Dadmin-2CadminTenant-3Dadmin-2CmemberRole-3Dadmin-2CtenantMetadata-3Dtrue-2CidentityServerType-3DKEYSTONE-2CidentityAuthenticationType-3DUSERNAME-5FPASSWORD&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=DBRQbd6wbIALknIN8Y-ikZ9NPB8LRjVbcEZgVvyUyIc&e=>] 2019-04-15T14:43:13.357Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - keystoneUrl=http://192.168.9.24:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=TQpEN5zg3CAGYyNTGnqOg0agnquibJ7RPsQKPD9QRik&e=> 2019-04-15T14:43:13.371Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoCommonUtils - RA_CONNECTION_EXCEPTION 2019-04-15T14:43:13.371Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - RA_CONNECTION_EXCEPTION 2019-04-15T14:43:13.372Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.adapters.network.MsoNetworkAdapterImpl - RA_QUERY_NETWORK_EXC org.onap.so.openstack.exceptions.MsoOpenstackException: The resource could not be found. Below is the dump of the SO mariadb relevant tables ( Cloud ID is "RegionOne", username is "admin" with membership role admin) MariaDB [catalogdb]> select * from cloud_sites -> ; +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ | ID | REGION_ID | IDENTITY_SERVICE_ID | CLOUD_VERSION | CLLI | CLOUDIFY_ID | PLATFORM | ORCHESTRATOR | LAST_UPDATED_BY | CREATION_TIMESTAMP | UPDATE_TIMESTAMP | +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ | Chicago | ORD | RAX_KEYSTONE | 2.5 | ORD | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | Dallas | DFW | RAX_KEYSTONE | 2.5 | DFW | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | DEFAULT | RegionOne | DEFAULT_KEYSTONE | 2.5 | RegionOne | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | Northern Virginia | IAD | RAX_KEYSTONE | 2.5 | IAD | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | RegionOne | RegionOne | DEFAULT_KEYSTONE | 2.5 | RegionOne | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ 5 rows in set (0.00 sec) MariaDB [catalogdb]> select * from identity_services; +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ | ID | IDENTITY_URL | MSO_ID | MSO_PASS | ADMIN_TENANT | MEMBER_ROLE | TENANT_METADATA | IDENTITY_SERVER_TYPE | IDENTITY_AUTHENTICATION_TYPE | LAST_UPDATED_BY | CREATION_TIMESTAMP | UPDATE_TIMESTAMP | +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ | DEFAULT_KEYSTONE | http://192.168.9.24:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=TQpEN5zg3CAGYyNTGnqOg0agnquibJ7RPsQKPD9QRik&e=> | admin | 15650822a7b470459dd57a73e3f4aca8 | admin | admin | 1 | KEYSTONE | USERNAME_PASSWORD | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | RAX_KEYSTONE | https://identity.api.rackspacecloud.com/v2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__identity.api.rackspacecloud.com_v2.0&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=q-VelBPAIMyjl4Fe9BGkWRu4ZhMrxTGUyd5WpU0idsU&e=> | RACKSPACE_ACCOUNT_ID | RACKSPACE_ACCOUNT_APIKEY | admin | admin | 1 | KEYSTONE | RACKSPACE_APIKEY | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ 2 rows in set (0.00 sec) We have already verified that the OS_ENCRYPTED_PASSWORD generated using SO_ENCRYPTION_KEY is correct and can be decrypted using openssl. Is this issue because SO tries to do a Keystone v2 based authentication ? What is the way to use Keystone v3 API ? Any help /pointers would be highly appreciated. Regards, PRAVEEN V Associate Engineer L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 Tel : +91 9154111420 L&T Technology Services Ltd www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=kCcGy09WX45KxFS6HDuPXt9g4pkASF7qml5nUqGYYS0&s=Wf4fD-wuO3HWCv92yYSQH0v-VyB987tuuCa_2tIjD_c&e=> This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16590): https://lists.onap.org/g/onap-discuss/message/16590 Mute This Topic: https://lists.onap.org/mt/31200824/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
