Yea you need to cherry pick the commit and rebuild the image. Thanks
-Steve From: Velugubantla Praveen <[email protected]> Date: Wednesday, April 17, 2019 at 5:43 AM To: "[email protected]" <[email protected]>, "SMOKOWSKI, STEVEN" <[email protected]> Cc: Mudit Simlote <[email protected]>, RAKESH KHEMANI <[email protected]> Subject: Re: [onap-discuss] [ONAP]-[SO]-[vCPE]-SO-Keystone authentication issue Hello Steve, Since, we do not have v3 enabled SO, I doubt whether this approach will work. This testsuite tries to push v3 configuration to SO Catalog DB. But without v3 enabled SO, we do not have additional fields for "project_domain_name" and "user_domain_name" in "identity_services" table. Also the "identity_server_type" field's value of KEYSTONE_V3 would not be supported in SO without v3 support. Please correct me If i am missing something Regards, PRAVEEN V Associate Engineer L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 Tel : +91 9154111420 ________________________________ From: [email protected] <[email protected]> on behalf of Steve Smokowski via Lists.Onap.Org <[email protected]> Sent: Tuesday, April 16, 2019 7:35 PM To: [email protected]; Velugubantla Praveen Cc: Mudit Simlote; RAKESH KHEMANI Subject: Re: [onap-discuss] [ONAP]-[SO]-[vCPE]-SO-Keystone authentication issue https://gerrit.onap.org/r/#/c/85377/<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_-23_c_85377_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=za_kLC86kWnsu-J_RvabYp9akpJmo70JodFllaxlh4w&s=uE5fQ6gmbSRNBNlIe97Tw-le9brqSBIZiT0u--QuoSA&e=> This Robot script calls SO API to put v3 keystone information into SO for usage, please try this approach. Thanks -Steve From: <[email protected]> on behalf of Velugubantla Praveen <[email protected]> Reply-To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Date: Tuesday, April 16, 2019 at 10:02 AM To: "[email protected]" <[email protected]> Cc: Mudit Simlote <[email protected]>, RAKESH KHEMANI <[email protected]> Subject: [onap-discuss] [ONAP]-[SO]-[vCPE]-SO-Keystone authentication issue Hi Team, We are using ONAP Casablanca Release OOM based Deployment with Openstack Ocata for implementing the vCPE use case. All 5 services for vCPE have been created and distributed successfully. We used the vcpe.py infra to automatically deploy the infra service. However, while creating network, we face issue where SO Openstack Adaptor cannot authenticate with the Openstack Keystone service ( which is v3 in our case as v2.0 is deprecated ) Here is the "so-openstack-adapter" POD error snippet ( full details in log file attached) "id" : "RegionOne", "identityService" : { "id" : "DEFAULT_KEYSTONE", "handler" : { }, "hibernateLazyInitializer" : { }, "identityServerTypeAsString" : "KEYSTONE", "identity_url" : "http://192.168.9.24:5000/v3";<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=v9HLcSAsD57xmqR1AhR3gItXyIEy7fIAb_Fbh493Udg&e=>, "mso_id" : "admin", "mso_pass" : "15650822a7b470459dd57a73e3f4aca8", "admin_tenant" : "admin", "member_role" : "admin", "tenant_metadata" : true, "identity_server_type" : "KEYSTONE", "identity_authentication_type" : "USERNAME_PASSWORD", "last_updated_by" : "FLYWAY", "creation_timestamp" : "2019-04-11T12:46:53.000+0000", "update_timestamp" : "2019-04-11T12:46:53.000+0000" }, "uri" : null, "region_id" : "RegionOne", "aic_version" : "2.5", "clli" : "RegionOne", "platform" : null, "orchestrator" : null, "cloudify_id" : null, "identity_service_id" : "DEFAULT_KEYSTONE", "last_updated_by" : "FLYWAY", "creation_timestamp" : "2019-04-11T12:46:53.000+0000", "update_timestamp" : "2019-04-11T12:46:53.000+0000", "_links" : { "self" : { "href" : "http://so-catalog-db-adapter.onap:8082/cloudSite/RegionOne";<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_RegionOne-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=FOIeG7qRsbUltZOe5HdTNtVLUIMUVoeQOWlTXAauZAc&e=> }, "cloudSite" : { "href" : "http://so-catalog-db-adapter.onap:8082/cloudSite/RegionOne";<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_RegionOne-2522&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=FOIeG7qRsbUltZOe5HdTNtVLUIMUVoeQOWlTXAauZAc&e=> } } } 2019-04-15T14:43:13.354Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| o.onap.so.logging.jaxrs.filter.SpringClientFilter - =======================response end================================================= 2019-04-15T14:43:13.356Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - Found: CloudSite_.._jvst697_31[regionId=RegionOne,identityServiceId=DEFAULT_KEYSTONE,cloudVersion=2.5,clli=RegionOne,cloudifyId=<null>,platform=<null>,orchestrator=<null>] 2019-04-15T14:43:13.356Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - Found: CloudIdentity[id=DEFAULT_KEYSTONE,identityUrl=http://192.168.9.24:5000/v3,msoId=admin,adminTenant=admin,memberRole=admin,tenantMetadata=true,identityServerType=KEYSTONE,identityAuthenticationType=USERNAME_PASSWORD<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3-2CmsoId-3Dadmin-2CadminTenant-3Dadmin-2CmemberRole-3Dadmin-2CtenantMetadata-3Dtrue-2CidentityServerType-3DKEYSTONE-2CidentityAuthenticationType-3DUSERNAME-5FPASSWORD&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=j2Zazriw6051WZnoxwimiTVA5hz6jW391lGcb95kC6k&e=>] 2019-04-15T14:43:13.357Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - keystoneUrl=http://192.168.9.24:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=KdHeVyN-Do-kSQd_bVsOMw9DQrsswC5lfvpgZBLas3A&e=> 2019-04-15T14:43:13.371Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoCommonUtils - RA_CONNECTION_EXCEPTION 2019-04-15T14:43:13.371Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.openstack.utils.MsoHeatUtils - RA_CONNECTION_EXCEPTION 2019-04-15T14:43:13.372Z|3cb1ef96-486c-4aa5-addd-9929c8b6f8df| org.onap.so.adapters.network.MsoNetworkAdapterImpl - RA_QUERY_NETWORK_EXC org.onap.so.openstack.exceptions.MsoOpenstackException: The resource could not be found. Below is the dump of the SO mariadb relevant tables ( Cloud ID is "RegionOne", username is "admin" with membership role admin) MariaDB [catalogdb]> select * from cloud_sites -> ; +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ | ID | REGION_ID | IDENTITY_SERVICE_ID | CLOUD_VERSION | CLLI | CLOUDIFY_ID | PLATFORM | ORCHESTRATOR | LAST_UPDATED_BY | CREATION_TIMESTAMP | UPDATE_TIMESTAMP | +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ | Chicago | ORD | RAX_KEYSTONE | 2.5 | ORD | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | Dallas | DFW | RAX_KEYSTONE | 2.5 | DFW | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | DEFAULT | RegionOne | DEFAULT_KEYSTONE | 2.5 | RegionOne | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | Northern Virginia | IAD | RAX_KEYSTONE | 2.5 | IAD | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | RegionOne | RegionOne | DEFAULT_KEYSTONE | 2.5 | RegionOne | NULL | NULL | NULL | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | +-------------------+-----------+---------------------+---------------+-----------+-------------+----------+--------------+-----------------+---------------------+---------------------+ 5 rows in set (0.00 sec) MariaDB [catalogdb]> select * from identity_services; +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ | ID | IDENTITY_URL | MSO_ID | MSO_PASS | ADMIN_TENANT | MEMBER_ROLE | TENANT_METADATA | IDENTITY_SERVER_TYPE | IDENTITY_AUTHENTICATION_TYPE | LAST_UPDATED_BY | CREATION_TIMESTAMP | UPDATE_TIMESTAMP | +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ | DEFAULT_KEYSTONE | http://192.168.9.24:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.9.24-3A5000_v3&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=KdHeVyN-Do-kSQd_bVsOMw9DQrsswC5lfvpgZBLas3A&e=> | admin | 15650822a7b470459dd57a73e3f4aca8 | admin | admin | 1 | KEYSTONE | USERNAME_PASSWORD | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | | RAX_KEYSTONE | https://identity.api.rackspacecloud.com/v2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__identity.api.rackspacecloud.com_v2.0&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=dmy0Lo4I0G4fsu0JsGAD-WJquhkRSZEERWCWeHoZ7Kk&e=> | RACKSPACE_ACCOUNT_ID | RACKSPACE_ACCOUNT_APIKEY | admin | admin | 1 | KEYSTONE | RACKSPACE_APIKEY | FLYWAY | 2019-04-11 12:46:53 | 2019-04-11 12:46:53 | +------------------+----------------------------------------------+----------------------+----------------------------------+--------------+-------------+-----------------+----------------------+------------------------------+-----------------+---------------------+---------------------+ 2 rows in set (0.00 sec) We have already verified that the OS_ENCRYPTED_PASSWORD generated using SO_ENCRYPTION_KEY is correct and can be decrypted using openssl. Is this issue because SO tries to do a Keystone v2 based authentication ? What is the way to use Keystone v3 API ? Any help /pointers would be highly appreciated. Regards, PRAVEEN V Associate Engineer L&T TECHNOLOGY SERVICES LIMITED L3 Building, Manyata Embassy Business Park, Nagawara Hobli, Bengaluru-560045 Tel : +91 9154111420 L&T Technology Services Ltd www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=siM4G303p2P_QcQwSBr6NsfVHuiLiihGQNTCeHi1sW4&s=Eh0ZtTiEx_J2-G2FD995geZQZwCr94bvYk-oy3jrNOQ&e=> This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. L&T Technology Services Ltd www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=za_kLC86kWnsu-J_RvabYp9akpJmo70JodFllaxlh4w&s=aJ6MHFSJ94A_ZJlrXHOCzlolor3gZXB5qNjRVjwZ3ak&e=> This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16604): https://lists.onap.org/g/onap-discuss/message/16604 Mute This Topic: https://lists.onap.org/mt/31200824/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
