Hi, Yan, That’s great news – glad it works.
Thanks, jimmy From: <[email protected]> on behalf of Yan Yang <[email protected]> Reply-To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Date: Friday, September 13, 2019 at 10:04 AM To: "[email protected]" <[email protected]>, "FORSYTH, JAMES" <[email protected]>, 'Keong Lim' <[email protected]>, 'Pavel Paroulek' <[email protected]> Subject: 答复: 答复: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi Jimmy, Both version are Dublin , after I redeployed AAF, it can work now o(╯□╰)o. Thanks for your help. BR, Yan 发件人: [email protected] [mailto:[email protected]] 代表 Jimmy Forsyth 发送时间: 2019年9月13日 21:49 收件人: [email protected]; [email protected]; 'Keong Lim'; 'Pavel Paroulek' 主题: Re: 答复: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Perhaps you have a mismatch in AAF / AAI? I’m wondering if maybe you are using the latest AAF but an older version of AAI? Thanks, jimmy From: <[email protected]<mailto:[email protected]>> on behalf of Yan Yang <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Friday, September 13, 2019 at 9:46 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>>, 'Pavel Paroulek' <[email protected]<mailto:[email protected]>> Subject: 答复: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi Jimmy, I restart the aaf-locate ,but the problem is still there. Not sure what’s the reason, I redeployed AAI with the default configuration in OOM, but it still have the same error. Should I redeploy AAF and retry? BTW, if I redeploy AAI, do I need to do some clear steps? BR, Yan 发件人: [email protected]<mailto:[email protected]> [mailto:[email protected]] 代表 Jimmy Forsyth 发送时间: 2019年9月13日 0:53 收件人: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; 'Keong Lim'; Pavel Paroulek 主题: Re: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hmm… perhaps disabling AAF is not effective if you are seeing this with AAF enabled = false. Pavel, can you have a look and let us know if Yan is disabling it correctly? I recommend that you check your AAF deployment, in the past I’ve seen this when the aaf-locate pod appears to be running but restarting it solves the problem. Thanks, jimmy From: <[email protected]<mailto:[email protected]>> on behalf of Yan Yang <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, September 12, 2019 at 12:03 PM To: "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>> Subject: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Following is the logs on aai-resources pod: 2019-09-12T15:59:22.793+0000 INFO [cadi] Persist Cache: removed 0 of 0 items from memory and 0 of 0 from disk 2019-09-12T15:59:41.295+0000 AUDIT [cadi] ID AAI converted to [email protected]<mailto:[email protected]> 2019-09-12T15:59:41.318+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:50768 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T15:59:41.318+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:50768 2019-09-12T15:59:41.322+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=27.823477,validate=27.811932,code=0.000000 2019-09-12T16:00:42.548+0000 AUDIT [cadi] ID AAI converted to [email protected]<mailto:[email protected]> 2019-09-12T16:00:42.625+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:51148 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T16:00:42.626+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:51148 2019-09-12T16:00:42.644+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=96.419441,validate=96.406677,code=0.000000 2019-09-12T16:01:22.794+0000 INFO [cadi] Persist Cache: removed 0 of 0 items from memory and 0 of 0 from disk 2019-09-12T16:01:42.888+0000 AUDIT [cadi] ID AAI converted to [email protected]<mailto:[email protected]> 2019-09-12T16:01:42.987+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:51530 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T16:01:42.987+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:51530 2019-09-12T16:01:42.989+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=100.579651,validate=100.569031,code=0.000000 BR, Yan 发件人: FORSYTH, JAMES [mailto:[email protected]] 发送时间: 2019年9月12日 23:58 收件人: Yan Yang; [email protected]<mailto:[email protected]>; 'Keong Lim' 主题: Re: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi, Yan, What do you see when you do “kubectl logs” on the aai-resources pod? Thanks, jimmy From: Yan Yang <[email protected]<mailto:[email protected]>> Date: Thursday, September 12, 2019 at 11:57 AM To: "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>> Subject: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi Jimmy, Thank you for your quick reply. Before we disable AAF, we also try to call AAI, but got authentication error, so we re-deployed AAI with aaf_enable false. BR, Yan 发件人: FORSYTH, JAMES [mailto:[email protected]] 发送时间: 2019年9月12日 23:53 收件人: Yan Yang; [email protected]<mailto:[email protected]>; 'Keong Lim' 主题: Re: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi, Yan, Is there a reason for disabling AAF? Thanks, jimmy From: Yan Yang <[email protected]<mailto:[email protected]>> Date: Thursday, September 12, 2019 at 11:51 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>> Subject: [AAI] When access AAI, get 403 Forbdiden Access Denied Dear Jimmy and AAI team, When we call AAI to get the cloud list ,we got the following error: {"timestamp":1568302764354,"status":403,"error":"Forbdiden","message":"Access Denied","path":"/aai/v13/cloud-infrastructure/cloud-regions"} When we deploy AAI Dublin release, we make the aaf_enable: false. I’m not sure what’s the reason, could you give some help? BTW aaf also run in our env and the aaf pods are running. BR, Yan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18949): https://lists.onap.org/g/onap-discuss/message/18949 Mute This Topic: https://lists.onap.org/mt/34127527/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
