Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
5920-40b8-8f14-0c41b73b9f1b | dcaecnsl02 | ACTIVE | oam_onap_3QKg=10.99.0.4, 10.12.6.178 | ubuntu-16-04-cloud-amd64 | m1.medium | | 5e6fd14b-e75b-41f2-ad61-b690834df458 | dcaeorcl00 | ACTIVE | oam_onap_3QKg=10.99.0.8, 10.12.6.185 | CentOS-7 | m1.medium | | 5217dabb-abd7-4e57-972a-86efdd5252f5 | dcae-dcae-bootstrap | ACTIVE | oam_onap_3QKg=10.99.0.3, 10.12.6.183 | ubuntu-16-04-cloud-amd64 | m1.small | | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | oam_onap_w37L=10.0.16.1, 10.12.6.124 | ubuntu-16-04-cloud-amd64 | m1.xxlarge | | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE | appc-multicloud-integration=10.10.5.14, 10.12.6.49 | | v1.xlarge | +--+-+++--++ root@heat-bootstrap:/opt/heat# Thanks to Alexis 2 days ago with his help He actually passed me this set – and I missed the floating one (since I was working on my non-corp laptop to access the VPN) - I was working off memory – should have reverified what I was passed Missed these openstack floating ip list -c ID -c Port -f value | grep None | awk ' { print $1 } ' | xargs openstack floating ip delete Did these manually openstack port list -c ID -c Status -f value | grep DOWN | awk ' { print $1 } ' | xargs openstack port delete openstack zone list -c id -f value | xargs openstack port delete I'll add these troubleshooting workarounds to the documentation in the wiki and RTD. http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sections/installation_heat.html https://wiki.onap.org/display/DW/vFWCL+instantiation%2C+testing%2C+and+debuging https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+OpenStack https://jira.onap.org/browse/LOG-167 https://jira.onap.org/browse/DOC-245 /michael From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Michael O'Brien Sent: Wednesday, February 7, 2018 17:47 To: Alexis de Talhouët Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Team, Alexis and I had a quick call – my understanding of the dual 25.2 and 25.5(dns entries only) openstacks in openlab is a lot better Turns out my issue was a hardcoded stack name in the entrypoint script for the dcaegen2 docker container – preventing a 2nd DCAE install per tenant – thanks Alexis Workaround is to prepend a random string to the name and bounce the dcae container. https://git.onap.org/oom/tree/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh?h=amsterdam#n111 Or pull in the fix Prepend random string to dcae stack_name in dcaegen2 container entrypoint.sh https://jira.onap.org/browse/OOM-673 thank you /michael From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Michael O'Brien Sent: Wednesday, February 7, 2018 11:24 To: Alexis de Talhouët mailto:adetalhoue...@gmail.com>> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Alexis, Yes, I pulled yesterday from amsterdam. I did another pull just now and - wow! I really need your extra 2 eyes – my VM in OOM is not on amsterdam! We are fixed in 615 – so It didn’t make sense – does now. https://jira.onap.org/browse/OOM-615 Will send my onap-parameters.yaml separately When I switched VM’s from my Logging to the OOM tenant today – I did not think to check my git status there – yes I was running master in OOM as soon as I pulled I noticed it. My mistake when switching – rerunning now. For the arguments I am using a different OAM network id, dns entry, tenant user/id, dns proxy ip - but the same OS and DNS tenants, ubuntu@onap-oom-obrien:~/oom$ git checkout kubernetes/config/onap-parameters.yaml ubuntu@onap-oom-obrien:~/oom$ git pull From http://gerrit.onap.org/r/oom 18c2dbc..ce7844b master -> origin/master Already up-to-date. Wrong VM ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. still having issues with the collision - does not make sense because your OOM-615 is fixed - triaging {noformat} ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. Changes not staged for commit: modified: kubernetes/config/onap-parameters.yaml ubunt
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Team, Alexis and I had a quick call – my understanding of the dual 25.2 and 25.5(dns entries only) openstacks in openlab is a lot better Turns out my issue was a hardcoded stack name in the entrypoint script for the dcaegen2 docker container – preventing a 2nd DCAE install per tenant – thanks Alexis Workaround is to prepend a random string to the name and bounce the dcae container. https://git.onap.org/oom/tree/kubernetes/config/docker/init/src/config/dcaegen2/heat/entrypoint.sh?h=amsterdam#n111 Or pull in the fix Prepend random string to dcae stack_name in dcaegen2 container entrypoint.sh https://jira.onap.org/browse/OOM-673 thank you /michael From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Michael O'Brien Sent: Wednesday, February 7, 2018 11:24 To: Alexis de Talhouët Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Alexis, Yes, I pulled yesterday from amsterdam. I did another pull just now and - wow! I really need your extra 2 eyes – my VM in OOM is not on amsterdam! We are fixed in 615 – so It didn’t make sense – does now. https://jira.onap.org/browse/OOM-615 Will send my onap-parameters.yaml separately When I switched VM’s from my Logging to the OOM tenant today – I did not think to check my git status there – yes I was running master in OOM as soon as I pulled I noticed it. My mistake when switching – rerunning now. For the arguments I am using a different OAM network id, dns entry, tenant user/id, dns proxy ip - but the same OS and DNS tenants, ubuntu@onap-oom-obrien:~/oom$ git checkout kubernetes/config/onap-parameters.yaml ubuntu@onap-oom-obrien:~/oom$ git pull From http://gerrit.onap.org/r/oom 18c2dbc..ce7844b master -> origin/master Already up-to-date. Wrong VM ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. still having issues with the collision - does not make sense because your OOM-615 is fixed - triaging {noformat} ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. Changes not staged for commit: modified: kubernetes/config/onap-parameters.yaml ubuntu@onap-oom-obrien:~/oom$ kubectl -n onap-dcaegen2 logs -f heat-bootstrap-4010086101-9c8b2 + echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...' ++ openstack zone create --email=o...@onap.org<mailto:--email=o...@onap.org> '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id ++ awk '{ print $2} ' Unable to create zone because another tenant owns a subzone of the zone Create recordSet for simpledemo.onap.org. {noformat} From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 10:53 To: Michael O'Brien mailto:frank.obr...@amdocs.com>> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, Regarding the arguments you had to change, those are specific per deployment, e.g. mine might not work for yours… Unable to create zone because another tenant owns a subzone of the zone Are you using latest Amsterdam? Because that particular issue was fixed here: https://jira.onap.org/browse/OOM-615 ++ openstack zone create --email=o...@onap.org<mailto:email=o...@onap.org> '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org<http://simpledemo.onap.org>. -f=yaml -c id This let me think you’re not using latest. Please double check and migrate to use latest. Thanks, Alexis On Feb 7, 2018, at 10:36 AM, Michael O'Brien mailto:frank.obr...@amdocs.com>> wrote: Alexis, Getting a lot further - thanks Retrofitted my environment with additional edits - we are aligned exactly except for the 2 dcae keys, my domain and my user/pass OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2 As you mention I think we need a DNS collision strategy/workarounds for multiple DCAE installs in the same tenant Q) how can I get Designate configured with the Logging project the way it is for OOM - so I have that second Designate tenant id and we can coexist For now before you delete yours - I will experiment with creating a different target simpledemo.obrien.onap.org<http://simpledemo.obrien.onap.org> - just to verify I can get the VMs up for now. If you don't need your DCAE vms then you could also delete them to test this. When I rerun I get the following DNS collision on your DCAE setup - I am wondering if more than one DCAE setup can be conf
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Alexis, Yes, I pulled yesterday from amsterdam. I did another pull just now and - wow! I really need your extra 2 eyes – my VM in OOM is not on amsterdam! We are fixed in 615 – so It didn’t make sense – does now. https://jira.onap.org/browse/OOM-615 Will send my onap-parameters.yaml separately When I switched VM’s from my Logging to the OOM tenant today – I did not think to check my git status there – yes I was running master in OOM as soon as I pulled I noticed it. My mistake when switching – rerunning now. For the arguments I am using a different OAM network id, dns entry, tenant user/id, dns proxy ip - but the same OS and DNS tenants, ubuntu@onap-oom-obrien:~/oom$ git checkout kubernetes/config/onap-parameters.yaml ubuntu@onap-oom-obrien:~/oom$ git pull From http://gerrit.onap.org/r/oom 18c2dbc..ce7844b master -> origin/master Already up-to-date. Wrong VM ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. still having issues with the collision - does not make sense because your OOM-615 is fixed - triaging {noformat} ubuntu@onap-oom-obrien:~/oom$ git status On branch amsterdam Your branch is up-to-date with 'origin/amsterdam'. Changes not staged for commit: modified: kubernetes/config/onap-parameters.yaml ubuntu@onap-oom-obrien:~/oom$ kubectl -n onap-dcaegen2 logs -f heat-bootstrap-4010086101-9c8b2 + echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...' ++ openstack zone create --email=o...@onap.org '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id ++ awk '{ print $2} ' Unable to create zone because another tenant owns a subzone of the zone Create recordSet for simpledemo.onap.org. {noformat} From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 10:53 To: Michael O'Brien Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, Regarding the arguments you had to change, those are specific per deployment, e.g. mine might not work for yours… Unable to create zone because another tenant owns a subzone of the zone Are you using latest Amsterdam? Because that particular issue was fixed here: https://jira.onap.org/browse/OOM-615 ++ openstack zone create --email=o...@onap.org<mailto:email=o...@onap.org> '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org<http://simpledemo.onap.org>. -f=yaml -c id This let me think you’re not using latest. Please double check and migrate to use latest. Thanks, Alexis On Feb 7, 2018, at 10:36 AM, Michael O'Brien mailto:frank.obr...@amdocs.com>> wrote: Alexis, Getting a lot further - thanks Retrofitted my environment with additional edits - we are aligned exactly except for the 2 dcae keys, my domain and my user/pass OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2 As you mention I think we need a DNS collision strategy/workarounds for multiple DCAE installs in the same tenant Q) how can I get Designate configured with the Logging project the way it is for OOM - so I have that second Designate tenant id and we can coexist For now before you delete yours - I will experiment with creating a different target simpledemo.obrien.onap.org<http://simpledemo.obrien.onap.org> - just to verify I can get the VMs up for now. If you don't need your DCAE vms then you could also delete them to test this. When I rerun I get the following DNS collision on your DCAE setup - I am wondering if more than one DCAE setup can be configured - because our recordset entries will both point to the same simpledemo.onap.org<http://simpledemo.onap.org> - make sense we collide. "Unable to create zone because another tenant owns a subzone of the zone" logs + EXISTING_ZONES='9rMR.simpledemo.onap.org<http://9rMR.simpledemo.onap.org>. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>. 4Xpi.simpledemo.onap.org<http://4Xpi.simpledemo.onap.org>. KfD9.simpledemo.onap.org<http://KfD9.simpledemo.onap.org>. KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>. Idp8.simpledemo.onap.org<http://Idp8.simpledemo.onap.org>. Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>. Phx4.simpledemo.onap.org<http://Phx4.simpledemo.onap.org>. Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.' + [[ 9rMR.simpledemo.onap.org<http://9rMR.simpledemo.onap.org>. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>. 4Xpi
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Michael, Regarding the arguments you had to change, those are specific per deployment, e.g. mine might not work for yours… > Unable to create zone because another tenant owns a subzone of the zone Are you using latest Amsterdam? Because that particular issue was fixed here: https://jira.onap.org/browse/OOM-615 <https://jira.onap.org/browse/OOM-615> > ++ openstack zone create --email=o...@onap.org '--description=DNS zone > bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id This let me think you’re not using latest. Please double check and migrate to use latest. Thanks, Alexis > On Feb 7, 2018, at 10:36 AM, Michael O'Brien wrote: > > Alexis, > Getting a lot further - thanks > Retrofitted my environment with additional edits - we are aligned exactly > except for the 2 dcae keys, my domain and my user/pass > OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2 > > As you mention I think we need a DNS collision strategy/workarounds for > multiple DCAE installs in the same tenant > > Q) how can I get Designate configured with the Logging project the way it > is for OOM - so I have that second Designate tenant id and we can coexist >For now before you delete yours - I will experiment with creating a > different target simpledemo.obrien.onap.org - just to verify I can get the > VMs up for now. >If you don't need your DCAE vms then you could also delete them to test > this. > > When I rerun I get the following DNS collision on your DCAE setup - I am > wondering if more than one DCAE setup can be configured - because our > recordset entries will both point to the same simpledemo.onap.org - make > sense we collide. > > "Unable to create zone because another tenant owns a subzone of the zone" > > > logs > + EXISTING_ZONES='9rMR.simpledemo.onap.org. > 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > 4Xpi.simpledemo.onap.org. > KfD9.simpledemo.onap.org. > KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > Idp8.simpledemo.onap.org. > Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > Phx4.simpledemo.onap.org. > Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org.' > + [[ 9rMR.simpledemo.onap.org. > 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > 4Xpi.simpledemo.onap.org. > KfD9.simpledemo.onap.org. > KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > Idp8.simpledemo.onap.org. > Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. > Phx4.simpledemo.onap.org. > Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org. =~ > (^|[[:space:]])simpledemo.onap.org.($|[[:space:]]) ]] > + echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...' > Zone simpledemo.onap.org. doens't exist, creating ... > ++ awk '{ print $2} ' > ++ openstack zone create --email=o...@onap.org '--description=DNS zone > bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id > Unable to create zone because another tenant owns a subzone of the zone > Create recordSet for simpledemo.onap.org. > + SIMPLEDEMO_ONAP_ORG_ZONE_ID= > + echo 'Create recordSet for simpledemo.onap.org.' > + openstack recordset create --type=A --ttl=10 --records=10.12.6.150 vm1.aai > usage: openstack recordset create [-h] [-f {json,shell,table,value,yaml}] > [-c COLUMN] [--max-width ] > [--fit-width] [--print-empty] [--noindent] > [--prefix PREFIX] --record RECORD --type > TYPE [--ttl TTL] [--description DESCRIPTION] > [--all-projects] [--edit-managed] > [--sudo-project-id SUDO_PROJECT_ID] > zone_id name > openstack recordset create: error: too few arguments > > > > > -----Original Message- > From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] > Sent: Wednesday, February 7, 2018 09:50 > To: Michael O'Brien > Cc: onap-discuss@lists.onap.org > Subject: Re: [onap-discuss] Help with DCAE Designate url authentication > during dcae-controller DNS record creation - my creds/url combo is rejected > > Michael, > > Let me know if that works for you. > Also, I can clear my deployment, or feel free to do so, if you want. I no > longer need it. That would free up some space. > > Alexis > >> On Feb 7, 2018, at 9:28 AM, Michael O'Brien wrote: >> >> Alexis, >> Sounds good, thanks for clearing this up with the tenant-designate required >> link. >> I was triaging different auth/url combinations directly in the container in >> both RC files and the
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Alexis, Getting a lot further - thanks Retrofitted my environment with additional edits - we are aligned exactly except for the 2 dcae keys, my domain and my user/pass OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2 As you mention I think we need a DNS collision strategy/workarounds for multiple DCAE installs in the same tenant Q) how can I get Designate configured with the Logging project the way it is for OOM - so I have that second Designate tenant id and we can coexist For now before you delete yours - I will experiment with creating a different target simpledemo.obrien.onap.org - just to verify I can get the VMs up for now. If you don't need your DCAE vms then you could also delete them to test this. When I rerun I get the following DNS collision on your DCAE setup - I am wondering if more than one DCAE setup can be configured - because our recordset entries will both point to the same simpledemo.onap.org - make sense we collide. "Unable to create zone because another tenant owns a subzone of the zone" logs + EXISTING_ZONES='9rMR.simpledemo.onap.org. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. 4Xpi.simpledemo.onap.org. KfD9.simpledemo.onap.org. KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Idp8.simpledemo.onap.org. Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Phx4.simpledemo.onap.org. Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org.' + [[ 9rMR.simpledemo.onap.org. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. 4Xpi.simpledemo.onap.org. KfD9.simpledemo.onap.org. KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Idp8.simpledemo.onap.org. Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Phx4.simpledemo.onap.org. Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org. =~ (^|[[:space:]])simpledemo.onap.org.($|[[:space:]]) ]] + echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...' Zone simpledemo.onap.org. doens't exist, creating ... ++ awk '{ print $2} ' ++ openstack zone create --email=o...@onap.org '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id Unable to create zone because another tenant owns a subzone of the zone Create recordSet for simpledemo.onap.org. + SIMPLEDEMO_ONAP_ORG_ZONE_ID= + echo 'Create recordSet for simpledemo.onap.org.' + openstack recordset create --type=A --ttl=10 --records=10.12.6.150 vm1.aai usage: openstack recordset create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width ] [--fit-width] [--print-empty] [--noindent] [--prefix PREFIX] --record RECORD --type TYPE [--ttl TTL] [--description DESCRIPTION] [--all-projects] [--edit-managed] [--sudo-project-id SUDO_PROJECT_ID] zone_id name openstack recordset create: error: too few arguments -Original Message- From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 09:50 To: Michael O'Brien Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, Let me know if that works for you. Also, I can clear my deployment, or feel free to do so, if you want. I no longer need it. That would free up some space. Alexis > On Feb 7, 2018, at 9:28 AM, Michael O'Brien wrote: > > Alexis, > Sounds good, thanks for clearing this up with the tenant-designate required > link. > I was triaging different auth/url combinations directly in the container in > both RC files and then retrofitting them back out to onap-parameters.yaml in > a delete/create pod cycle to verify each. > Good to know it is config that can be fixed. > > I have a VM both in the OOM and Logging tenants - there is still enough > space for one more DCAE setup (96G) in the OOM tenant. > I will try to get my Logging tenant enabled for Designate as then I can > free up space on OOM. > > Retrying on my OOM VM now > > Differences > DNSAAS_API_VERSION is v3 not v2.0 anymore > DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! > DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 > DCAE_DOMAIN was not specific enough added my LF id in the domain > name > > And > DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I > will need to get one of these to align with the Logging tenant as well right? > > > Thank you > > /michael > > -----Original Message----- > From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] > Sent: Wednesday, February 7, 2018 07:41 > To: Michael O'Brien &
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Michael, Let me know if that works for you. Also, I can clear my deployment, or feel free to do so, if you want. I no longer need it. That would free up some space. Alexis > On Feb 7, 2018, at 9:28 AM, Michael O'Brien wrote: > > Alexis, > Sounds good, thanks for clearing this up with the tenant-designate required > link. > I was triaging different auth/url combinations directly in the container in > both RC files and then retrofitting them back out to onap-parameters.yaml in > a delete/create pod cycle to verify each. > Good to know it is config that can be fixed. > > I have a VM both in the OOM and Logging tenants - there is still enough > space for one more DCAE setup (96G) in the OOM tenant. > I will try to get my Logging tenant enabled for Designate as then I can > free up space on OOM. > > Retrying on my OOM VM now > > Differences > DNSAAS_API_VERSION is v3 not v2.0 anymore > DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! > DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 > DCAE_DOMAIN was not specific enough added my LF id in the domain name > > And > DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I > will need to get one of these to align with the Logging tenant as well right? > > > Thank you > > /michael > > -Original Message- > From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] > Sent: Wednesday, February 7, 2018 07:41 > To: Michael O'Brien > Cc: onap-discuss@lists.onap.org > Subject: Re: [onap-discuss] Help with DCAE Designate url authentication > during dcae-controller DNS record creation - my creds/url combo is rejected > > Michael, > > The reason you’re not able to get authorization to the OpenStack providing > the DNS Designate is probably because of the tenantID you used. The lab has > two OpenStack, .2, where you create the workload and so on, and .5 providing > DNS Designate support. When configuring the DNAAS_* parameters, you need to > reference the information of .5; the tenant OOM is the same, but its ID is > different. > > I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, > it means initial config is wrong (as highlighted above). This is > implementation details that user shouldn’t care about. > > I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, > privately. > > Thanks, > Alexis > >> On Feb 7, 2018, at 12:43 AM, Michael O'Brien wrote: >> >> Team, >> Hi, I need your assistance for anyone bringing up DCAE in the intel lab. >> I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am >> having issues authenticating with designate in openlab. There is no issue >> with the code, there are 2 installs of DCAE from the heat teamplate >> generated on the Kubernetes side – already in the lab. My issue is the env >> parameters inside the amsterdam version of onap-parameters.yaml. >> >> My issue is with DNS record creation, I don’t think the DCAE creation will >> have an issue – because opensource commands work in side the container on >> this RC – but it is blocked by my designate config. >> >> So this goes out to anyone that is doing a manual or automated >> installation of OOM. >> The OOM Teams’ automated CD system is not yet configured to test >> DCAEGEN2 – hence the health numbers are always below 28/30 >> http://jenkins.onap.info/job/oom-cd/ >> >> – I would like to fix this as well as get logs from the DCAE side. >> >> I am posting details of reproducing the dcae install in Alexis’ >> page >> https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Open >> Stack >> >> Issue: >> 1) When I source the DCAE rc – I am able to run openstack commands via >> the kubernetes dcae controller – as usual >> 2) But when I source the DNS rc – I get an authentication failure using >> the demo/onapdemo credentials >> >> >> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi >> DNS-openrc-v2.sh >> >> Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 >> export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 >> export OS_TENANT_ID=a85a0...802c9fc50a7 >> export OS_TENANT_NAME=Logging >> export OS_USERNAME=demo >> export OS_PASSWORD=onapdemo >> export OS_REGION_NAME=RegionOne >> >> >> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack recordset list The request >> you have made requires authentication. (HTTP 401) (Request-ID: >
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Alexis, Sounds good, thanks for clearing this up with the tenant-designate required link. I was triaging different auth/url combinations directly in the container in both RC files and then retrofitting them back out to onap-parameters.yaml in a delete/create pod cycle to verify each. Good to know it is config that can be fixed. I have a VM both in the OOM and Logging tenants - there is still enough space for one more DCAE setup (96G) in the OOM tenant. I will try to get my Logging tenant enabled for Designate as then I can free up space on OOM. Retrying on my OOM VM now Differences DNSAAS_API_VERSION is v3 not v2.0 anymore DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 DCAE_DOMAIN was not specific enough added my LF id in the domain name And DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I will need to get one of these to align with the Logging tenant as well right? Thank you /michael -Original Message- From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 07:41 To: Michael O'Brien Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, The reason you’re not able to get authorization to the OpenStack providing the DNS Designate is probably because of the tenantID you used. The lab has two OpenStack, .2, where you create the workload and so on, and .5 providing DNS Designate support. When configuring the DNAAS_* parameters, you need to reference the information of .5; the tenant OOM is the same, but its ID is different. I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, it means initial config is wrong (as highlighted above). This is implementation details that user shouldn’t care about. I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, privately. Thanks, Alexis > On Feb 7, 2018, at 12:43 AM, Michael O'Brien wrote: > > Team, >Hi, I need your assistance for anyone bringing up DCAE in the intel lab. > I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am having > issues authenticating with designate in openlab. There is no issue with the > code, there are 2 installs of DCAE from the heat teamplate generated on the > Kubernetes side – already in the lab. My issue is the env parameters inside > the amsterdam version of onap-parameters.yaml. > >My issue is with DNS record creation, I don’t think the DCAE creation will > have an issue – because opensource commands work in side the container on > this RC – but it is blocked by my designate config. > >So this goes out to anyone that is doing a manual or automated > installation of OOM. >The OOM Teams’ automated CD system is not yet configured to test > DCAEGEN2 – hence the health numbers are always below 28/30 > http://jenkins.onap.info/job/oom-cd/ > > – I would like to fix this as well as get logs from the DCAE side. > >I am posting details of reproducing the dcae install in Alexis’ > page > https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Open > Stack > >Issue: > 1) When I source the DCAE rc – I am able to run openstack commands via > the kubernetes dcae controller – as usual > 2) But when I source the DNS rc – I get an authentication failure using > the demo/onapdemo credentials > > > ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi > DNS-openrc-v2.sh > > Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 > export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 > export OS_TENANT_ID=a85a0...802c9fc50a7 > export OS_TENANT_NAME=Logging > export OS_USERNAME=demo > export OS_PASSWORD=onapdemo > export OS_REGION_NAME=RegionOne > > > root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack recordset list The request > you have made requires authentication. (HTTP 401) (Request-ID: > req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598) > ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it > heat-bootstrap-4010086101-8cdwz bash > root@heat-bootstrap:/# cd /opt/heat > > > root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack server list > | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | > oam_onap_w37L=10.0.16.1, 10.12.6.124 | ubuntu-16-04-cloud-amd64 > | m1.xxlarge | > | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenki
Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected
Michael, The reason you’re not able to get authorization to the OpenStack providing the DNS Designate is probably because of the tenantID you used. The lab has two OpenStack, .2, where you create the workload and so on, and .5 providing DNS Designate support. When configuring the DNAAS_* parameters, you need to reference the information of .5; the tenant OOM is the same, but its ID is different. I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, it means initial config is wrong (as highlighted above). This is implementation details that user shouldn’t care about. I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, privately. Thanks, Alexis > On Feb 7, 2018, at 12:43 AM, Michael O'Brien wrote: > > Team, >Hi, I need your assistance for anyone bringing up DCAE in the intel lab. > I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am having > issues authenticating with designate in openlab. There is no issue with the > code, there are 2 installs of DCAE from the heat teamplate generated on the > Kubernetes side – already in the lab. My issue is the env parameters inside > the amsterdam version of onap-parameters.yaml. > >My issue is with DNS record creation, I don’t think the DCAE creation will > have an issue – because opensource commands work in side the container on > this RC – but it is blocked by my designate config. > >So this goes out to anyone that is doing a manual or automated > installation of OOM. >The OOM Teams’ automated CD system is not yet configured to test DCAEGEN2 > – hence the health numbers are always below 28/30 > http://jenkins.onap.info/job/oom-cd/ > > – I would like to fix this as well as get logs from the DCAE side. > >I am posting details of reproducing the dcae install in Alexis’ page > https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+OpenStack > >Issue: > 1) When I source the DCAE rc – I am able to run openstack commands via > the kubernetes dcae controller – as usual > 2) But when I source the DNS rc – I get an authentication failure using > the demo/onapdemo credentials > > > ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi > DNS-openrc-v2.sh > > Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 > export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 > export OS_TENANT_ID=a85a0...802c9fc50a7 > export OS_TENANT_NAME=Logging > export OS_USERNAME=demo > export OS_PASSWORD=onapdemo > export OS_REGION_NAME=RegionOne > > > root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack recordset list > The request you have made requires authentication. (HTTP 401) (Request-ID: > req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598) > ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it > heat-bootstrap-4010086101-8cdwz bash > root@heat-bootstrap:/# cd /opt/heat > > > root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack server list > | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | > oam_onap_w37L=10.0.16.1, 10.12.6.124 | ubuntu-16-04-cloud-amd64 > | m1.xxlarge | > | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE | > appc-multicloud-integration=10.10.5.14, 10.12.6.49 | > | v1.xlarge | > > > root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh > root@heat-bootstrap:/opt/heat# openstack server list > The request you have made requires authentication. (HTTP 401) (Request-ID: > req-82cfa5be-e351-49d0-bf87-18834c8affa0) > > > The password/username for the pod25 Designate DNS as a Service - should be > demo/onapdemo > ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat > DNS-openrc-v2.sh > export OS_USERNAME="demo" > export OS_PASSWORD="onapdemo" > > I am not using multicloud proxying so the following url would not resolve > anyway for me (no instance) - I am using the regular keystone url - which > likely won't recognize the demo/onapdemo credentials > http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/identity/v2.0 > > > If I set the user/pass to my tenant - then the DNS rc works for openstack > commands - testing to see if this will pass the dns record creation commands > now > Q: could anyone pass me their DNS-openrc-v2.sh file from their > /dockerdata-nfs dir from their working Intel openlab environment so I can > compare them - I specifically would like to see the DNS keystone url > thank you > > DNSaaS references > http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sections/installation_heat.html#heat-template-parameters > Alexis, original fix to parameterize the hardcoded user/pass to designate > https://lists.onap.org/pipermail/onap-discuss/2018-Janu