Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi Geora, Thanks for raising this issue, I will be fixing it. BR, Huabing Original Mail Sender: To: zhaohuabing10201488 CC: Date: 2017/09/09 05:33 Subject: RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hello, I pulled the latest oom/msb from gerrit, but it was failing during the deployment into k8s due to missing docker repo secret attribute in all msb deployment.yaml(s) imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" I added it in my local environment and it solved the issue of Failed to pull image "nexus3.onap.org:10001/onap/msb/msb_discovery:latest": rpc error: code = 2 desc = unauthorized: authentication required Thanks Geora Barsky 647-946-5290 Follow us on Facebook, Twitter, LinkedIn, YouTube, Google+ and the Amdocs blog network. From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Arul Nambi Sent: Friday, September 8, 2017 4:03 PM To: zhao.huab...@zte.com.cn kanagaraj.manic...@huawei.com Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi, To Shed a little bit of light on that. That is created from the aai credentials that can be found in the robot script. In postman, if you select basic auth and enter the credentials, you can see that this header gets added to your requests. Regards Arul From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn Sent: Tuesday, September 5, 2017 10:37 PM To: kanagaraj.manic...@huawei.com Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions The standard URL format is http://[host]:[port]/api/{service name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as t
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hello, I pulled the latest oom/msb from gerrit, but it was failing during the deployment into k8s due to missing docker repo secret attribute in all msb deployment.yaml(s) imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" I added it in my local environment and it solved the issue of Failed to pull image "nexus3.onap.org:10001/onap/msb/msb_discovery:latest": rpc error: code = 2 desc = unauthorized: authentication required Thanks Geora Barsky 647-946-5290 [amdocs-a] Follow us on Facebook<http://www.facebook.com/amdocs/>, Twitter<http://twitter.com/amdocs>, LinkedIn<http://www.linkedin.com/company/amdocs>, YouTube<http://www.youtube.com/amdocsinc>, Google+<https://plus.google.com/105657940751678445194> and the Amdocs blog network<http://blogs.amdocs.com/>. From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Arul Nambi Sent: Friday, September 8, 2017 4:03 PM To: zhao.huab...@zte.com.cn; kanagaraj.manic...@huawei.com Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi, To Shed a little bit of light on that. That is created from the aai credentials that can be found in the robot script. In postman, if you select basic auth and enter the credentials, you can see that this header gets added to your requests. Regards Arul From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn<mailto:zhao.huab...@zte.com.cn> Sent: Tuesday, September 5, 2017 10:37 PM To: kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> The standard URL format is http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: mailto:kanagaraj.manic...@huawei.com>>; To: zhaohuabing10201488; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents a
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi, To Shed a little bit of light on that. That is created from the aai credentials that can be found in the robot script. In postman, if you select basic auth and enter the credentials, you can see that this header gets added to your requests. Regards Arul From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn Sent: Tuesday, September 5, 2017 10:37 PM To: kanagaraj.manic...@huawei.com Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> The standard URL format is http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: mailto:kanagaraj.manic...@huawei.com>>; To: zhaohuabing10201488; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions> and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions<http://%7baai_ip%7d:%7baai_port%7d/aai/v11/cloud-infrastructure/cloude-regions> ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as the entry point for central authentication, to achieve that, we need to reach consensus with the overall security Architecture first and MSB need to integrate with AAF. Indivial projects also need to modify their codes. I don't think we can achieve that in A
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi Kanagaraj, AAI group the APIs into multiple "tags" under one port 8443, including cloudInfrastructure business search actions service-design-and-creation network esr Currently, these different tags have been mapped to different service name inside MSB. So we need tag name like aai-cloudInfrastructure to differentiate these microservices. Otherwise, we have to take the group tag as part of the resource url and only register one service name for aai. I suggest that different group tag should be mapped to different service because I guess the initial intention of group of AAI APIs is to group APIs for different purpose. @Jimmy, what's your preference as the AAI PTL? Here is the service list provided by AAI. https://wiki.onap.org/download/attachments/13598793/aai_swagger_v11.html?api=v2 https://wiki.onap.org/display/DW/ONAP+Services+List#ONAPServicesList-A&AI Thanks, Huabing Original Mail Sender: To: zhaohuabing10201488 CC: Date: 2017/09/06 13:00 Subject: RE: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Dear Huabing, For registering, it should be { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then it should be ok, url should be having only the root-context and cloud-infrastructure should be removed from it. For the authentication, yes, clients should to authentication with respective services and there is no common auth model exist so far (AAF). Regarding this, I will send a separate mail to get the decision point on how the user model will be supported in amesterdam release. Thanks Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Wednesday, September 06, 2017 8:07 AM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com onap-discuss@lists.onap.org Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions The standard URL format is http://[host]:[port]/api/{service name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastruc
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Dear Huabing, For registering, it should be { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then it should be ok, url should be having only the root-context and cloud-infrastructure should be removed from it. For the authentication, yes, clients should to authentication with respective services and there is no common auth model exist so far (AAF). Regarding this, I will send a separate mail to get the decision point on how the user model will be supported in amesterdam release. Thanks Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Wednesday, September 06, 2017 8:07 AM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com; onap-discuss@lists.onap.org Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> The standard URL format is http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: mailto:kanagaraj.manic...@huawei.com>>; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: mailto:kanagaraj.manic...@huawei.com>>; To: zhaohuabing10201488; CC: mailto:frank.obr...@amdocs.com>>; mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions The standard URL format is http://[host]:[port]/api/{service name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as the entry point for central authentication, to achieve that, we need to reach consensus with the overall security Architecture first and MSB need to integrate with AAF. Indivial projects also need to modify their codes. I don't think we can achieve that in Amsterdam. Thank you. Regards Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Tuesday, September 05, 2017 2:01 PM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com onap-discuss@lists.onap.org Subject: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service name}]/v{version number} part for service registration and request routing. {resource} part is what resource t
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions The standard URL format is http://[host]:[port]/api/{service name}]/v{version number}/{resource}, api is missing in the previous response. Original Mail Sender: zhaohuabing10201488 To: CC: Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as the entry point for central authentication, to achieve that, we need to reach consensus with the overall security Architecture first and MSB need to integrate with AAF. Indivial projects also need to modify their codes. I don't think we can achieve that in Amsterdam. Thank you. Regards Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Tuesday, September 05, 2017 2:01 PM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com onap-discuss@lists.onap.org Subject: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service name}]/v{version number} part for service registration and request routing. {resource} part is what resource the consumer want to create/retrieve/update/delete and MSB just pass it transparently to service provider. There're two approaches to access the individual services by leveraging MSB. MSB Java SDK(aka Client side discovery): the example codes can be found here: https://gerrit.onap.org/r/gitweb?p=msb/java-sdk.gita=treef=exampleh=1
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Original Mail Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as the entry point for central authentication, to achieve that, we need to reach consensus with the overall security Architecture first and MSB need to integrate with AAF. Indivial projects also need to modify their codes. I don't think we can achieve that in Amsterdam. Thank you. Regards Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Tuesday, September 05, 2017 2:01 PM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com onap-discuss@lists.onap.org Subject: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service name}]/v{version number} part for service registration and request routing. {resource} part is what resource the consumer want to create/retrieve/update/delete and MSB just pass it transparently to service provider. There're two approaches to access the individual services by leveraging MSB. MSB Java SDK(aka Client side discovery): the example codes can be found here: https://gerrit.onap.org/r/gitweb?p=msb/java-sdk.gita=treef=exampleh=1c331f86cbcbdb8cc2935d8ac41169da1a523ec5hb=refs/heads/master MSB API Gateway(aka Server side discovery), CLI just need to send the request to MSB API Gateway(Internal API Gateway for CLI). For example, the service definition of AAI coludInfrastructure microservice is { "serviceName": "aai-cloudInfrastructure", "version": "v1", "url": "/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl"
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions> and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions<http://%7baai_ip%7d:%7baai_port%7d/aai/v11/cloud-infrastructure/cloude-regions> ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. Thank you. Regards Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: zhao.huab...@zte.com.cn [mailto:zhao.huab...@zte.com.cn] Sent: Tuesday, September 05, 2017 2:01 PM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com; onap-discuss@lists.onap.org Subject: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number} part for service registration and request routing. {resource} part is what resource the consumer want to create/retrieve/update/delete and MSB just pass it transparently to service provider. There're two approaches to access the individual services by leveraging MSB. MSB Java SDK(aka Client side discovery): the example codes can be found here: https://gerrit.onap.org/r/gitweb?p=msb/java-sdk.git;a=tree;f=example;h=1c331f86cbcbdb8cc2935d8ac41169da1a523ec5;hb=refs/heads/master MSB API Gateway(aka Server side discovery), CLI just need to send the request to MSB API Gateway(Internal API Gateway for CLI). For example, the service definition of AAI coludInfrastructure microservice is { "serviceName": "aai-cloudInfrastructure", "version": "v1", "url": "/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Access the service http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/{resource}<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/%7bresource%7d> Here are the slides I presented and the recording at the MSB tutorial session in case you need more details: https://wiki.onap.org/display/DW/MSB+Tutorial-2017-08-23 Thanks, Huabing Original Mail Sender: mailto:kanagaraj.manic...@huawei.com>>; To: mailto:frank.obr...@amdocs.com>>;zhaohuabing10201488; CC: mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 15:27 Subject: RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Dear Huabing and Michael, CLI has dependency on the MSB to discover the service before issuing the commands to that service. I believe this OOM and MSB integration will compliment CLI and thank you. And I have a question related to it, kindly help: When OOM register the service in to MSB, what the is the format of Service URL followed
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi Michael, We need to bring up msb and registrator before other containers. I'm trying to deploy AAI in kubernetes cluster, If AAI can be deployed successfully I can show an example calling AAI service, otherwise I will use an simple mock service. Thanks, Huabing Original Mail Sender: To: zhaohuabing10201488 CC: Date: 2017/09/04 22:30 Subject: RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Huabing, Very nice work, I personally would be interested in seeing how other services communicate to AAI via V11 calls for example. Bringing up the new 4 onap-msb containers for a look now (I see we need to add them to the root of the dependency tree) – before the other 44. Looking forward to the demo at the OOM meeting on Wed at 2300h CST / 1100h EDT /michael From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn Sent: Sunday, September 3, 2017 21:26 To: david.sauvag...@bell.ca Mike Elliott Roger Maitland Cc: onap-discuss@lists.onap.org Subject: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integration finished Hi David and OOM Team, I'm glad to let you know that oom registrator has been successfully deployed in k8s cluster which filled the last part of map. Now every ONAP microservices deployed by OOM will be automatically registered to MSB by oom registrator, and microservices can leverage MSB SDK or API Gateway to communicate with each other easily. I could show the demo in this week's meeting if we have time, it will cost about 5 minutes. I'd also like to discuss some minor issues like how to start MSB and registrator first in the OOM script so they're ready when other onap Microservices are spun up by OOM. Cheers, Huabing This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,you may review at https://www.amdocs.com/about/email-disclaimer___ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss
Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished
Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service name}]/v{version number} part for service registration and request routing. {resource} part is what resource the consumer want to create/retrieve/update/delete and MSB just pass it transparently to service provider. There're two approaches to access the individual services by leveraging MSB. MSB Java SDK(aka Client side discovery): the example codes can be found here: https://gerrit.onap.org/r/gitweb?p=msb/java-sdk.gita=treef=exampleh=1c331f86cbcbdb8cc2935d8ac41169da1a523ec5hb=refs/heads/master MSB API Gateway(aka Server side discovery), CLI just need to send the request to MSB API Gateway(Internal API Gateway for CLI). For example, the service definition of AAI coludInfrastructure microservice is { "serviceName": "aai-cloudInfrastructure", "version": "v1", "url": "/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Access the service http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/{resource} Here are the slides I presented and the recording at the MSB tutorial session in case you need more details: https://wiki.onap.org/display/DW/MSB+Tutorial-2017-08-23 Thanks, Huabing Original Mail Sender: To: zhaohuabing10201488 CC: Date: 2017/09/05 15:27 Subject: RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Dear Huabing and Michael, CLI has dependency on the MSB to discover the service before issuing the commands to that service. I believe this OOM and MSB integration will compliment CLI and thank you. And I have a question related to it, kindly help: When OOM register the service in to MSB, what the is the format of Service URL followed ? For example, every service has URL in the form of ://:/ In this format, when OOM register the service, what portion of this service URL will be used? Here, CLI would look for the ://: from MSB as base path. Thanks Kanagaraj M *** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!** *** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *** From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Michael O'Brien Sent: Monday, September 04, 2017 8:00 PM To: zhao.huab...@zte.com.cn Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integration finished Huabing, Very nice work, I personally would be interested in seeing how other services communicate to AAI via V11 calls for example. Bringing up the new 4 onap-msb containers for a look now (I see we need to add them to the root of the dependency tree) – before the other 44. Looking forward to the demo at the OOM meeting on Wed at 2300h CST / 1100h EDT /michael From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn Sent: Sunday, September 3, 2017 21:26 To: david.sauvag...@bell.ca Mike Elliott Roger Maitland Cc: onap-discuss@lists.onap.org Subject: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integration finished Hi David and OOM Team, I'm glad to let you know that oom registrator has been successfully deployed in k8s cluster which filled the last part of map. Now every ONAP microservices deployed by OOM will be automatically registered to MSB by oom registrator, and microservices can leverage MSB SDK or API Gateway to communicate with each other easily. I could show the demo in this week's meeting if we have time, it will cost about 5 minutes. I'd also like to discuss some minor issues like how to s