Hello, I pulled the latest oom/msb from gerrit, but it was failing during the deployment into k8s due to missing docker repo secret attribute in all msb deployment.yaml(s)
imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" I added it in my local environment and it solved the issue of Failed to pull image "nexus3.onap.org:10001/onap/msb/msb_discovery:latest": rpc error: code = 2 desc = unauthorized: authentication required Thanks Geora Barsky 647-946-5290 [amdocs-a] Follow us on Facebook<http://www.facebook.com/amdocs/>, Twitter<http://twitter.com/amdocs>, LinkedIn<http://www.linkedin.com/company/amdocs>, YouTube<http://www.youtube.com/amdocsinc>, Google+<https://plus.google.com/105657940751678445194> and the Amdocs blog network<http://blogs.amdocs.com/>. From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Arul Nambi Sent: Friday, September 8, 2017 4:03 PM To: zhao.huab...@zte.com.cn; kanagaraj.manic...@huawei.com Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi, To Shed a little bit of light on that. That is created from the aai credentials that can be found in the robot script. In postman, if you select basic auth and enter the credentials, you can see that this header gets added to your requests. Regards Arul From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn<mailto:zhao.huab...@zte.com.cn> Sent: Tuesday, September 5, 2017 10:37 PM To: kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished If I understand correctly, For authentication with AAI, you need to add an authentication header in the http request like this Authorization:Basic QUFJOkFBSQ== Original Mail Sender: zhaohuabing10201488 To: <kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com>>; CC: <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>; <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 10:20 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sorry, There is a minor mistake in the previous response. Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it The url should be http://{msb_iag_ip}:{msb_iag_port}/api/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> The standard URL format is http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource}, api is missing in the previous response. Sender: zhaohuabing10201488 To: <kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com>>; CC: <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>; <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/06 09:59 Subject: Re:RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Sender: <kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com>>; To: zhaohuabing10201488; CC: <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>; <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 18:30 Subject: RE: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Huabing, For example, to see the cloud details from aai, it provides the api /aai/v11/cloud-infrastructure/cloude-regions So access this URI via MSB, should I use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> It seems that the /aai/v11 part is missing from the registration info. For the version, I think we should align to v11. I will modify the registration info to { "serviceName": "aai-cloudInfrastructure", "version": "v11", "url": "/aai/v11/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Then, you could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v11/cloude-regions<http://%7Bmsb_iag_ip%7D:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/aai/v11/cloud-infrastructure/cloude-regions> to access it If so, then there are 2 different versions present v1 and v11 and two times service name presents aai and aai-cloudInfrastructure. I think this is not right. And the same problem will occur for every service. OR from CLI, I could use http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/cloud-infrastructure/cloude-regions> and MSB will redirect this To AAI with http://{aai_ip}:{aai_port}/aai/v11/cloud-infrastructure/cloude-regions<http://%7baai_ip%7d:%7baai_port%7d/aai/v11/cloud-infrastructure/cloude-regions> ? Kindly help. Also there is another problem. Every service in ONAP uses its own basic authentication and there is no common user management Across services to use with REST API. So How does MSB maintains the credentials and every service. The simple answer is MSB doesn't maintain the credentials for every service, if the service need authentication before access, the clients needs to go through the authentication process themselves. For long term, MSB propose to use API Gateway as the entry point for central authentication, to achieve that, we need to reach consensus with the overall security Architecture first and MSB need to integrate with AAF. Indivial projects also need to modify their codes. I don't think we can achieve that in Amsterdam. Thank you. Regards Kanagaraj M *************************************************************************************** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!************************************************************************************** *************************************************************************************** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *************************************************************************************** From: zhao.huab...@zte.com.cn<mailto:zhao.huab...@zte.com.cn> [mailto:zhao.huab...@zte.com.cn] Sent: Tuesday, September 05, 2017 2:01 PM To: Kanagaraj Manickam Cc: frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>; onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re:RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Hi Kanagaraj, The microservie endpoint url is a standard format http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number}/{resource} Regarding your question, MSB only need the http://[host]:[port]/api/{service<http://[host]:[port]/api/%7bservice> name}]/v{version number} part for service registration and request routing. {resource} part is what resource the consumer want to create/retrieve/update/delete and MSB just pass it transparently to service provider. There're two approaches to access the individual services by leveraging MSB. MSB Java SDK(aka Client side discovery): the example codes can be found here: https://gerrit.onap.org/r/gitweb?p=msb/java-sdk.git;a=tree;f=example;h=1c331f86cbcbdb8cc2935d8ac41169da1a523ec5;hb=refs/heads/master MSB API Gateway(aka Server side discovery), CLI just need to send the request to MSB API Gateway(Internal API Gateway for CLI). For example, the service definition of AAI coludInfrastructure microservice is { "serviceName": "aai-cloudInfrastructure", "version": "v1", "url": "/cloud-infrastructure", "protocol": "REST", "port": "8443", "enable_ssl":"True", "visualRange":"1" } Access the service http://{msb_iag_ip}:{msb_iag_port}/aai-cloudInfrastructure/v1/{resource}<http://%7bmsb_iag_ip%7d:%7bmsb_iag_port%7d/aai-cloudInfrastructure/v1/%7bresource%7d> Here are the slides I presented and the recording at the MSB tutorial session in case you need more details: https://wiki.onap.org/display/DW/MSB+Tutorial-2017-08-23 Thanks, Huabing Original Mail Sender: <kanagaraj.manic...@huawei.com<mailto:kanagaraj.manic...@huawei.com>>; To: <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>;zhaohuabing10201488; CC: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>; Date: 2017/09/05 15:27 Subject: RE: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integrationfinished Dear Huabing and Michael, CLI has dependency on the MSB to discover the service before issuing the commands to that service. I believe this OOM and MSB integration will compliment CLI and thank you. And I have a question related to it, kindly help: When OOM register the service in to MSB, what the is the format of Service URL followed ? For example, every service has URL in the form of <http(s)>://<service-dns>:<port>/<REST API URI> In this format, when OOM register the service, what portion of this service URL will be used? Here, CLI would look for the <http(s)>://<service-dns>:<port> from MSB as base path. Thanks Kanagaraj M *************************************************************************************** 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!************************************************************************************** *************************************************************************************** This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! *************************************************************************************** From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Michael O'Brien Sent: Monday, September 04, 2017 8:00 PM To: zhao.huab...@zte.com.cn<mailto:zhao.huab...@zte.com.cn> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integration finished Huabing, Very nice work, I personally would be interested in seeing how other services communicate to AAI via V11 calls for example. Bringing up the new 4 onap-msb containers for a look now (I see we need to add them to the root of the dependency tree) – before the other 44. Looking forward to the demo at the OOM meeting on Wed at 2300h CST / 1100h EDT /michael From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of zhao.huab...@zte.com.cn<mailto:zhao.huab...@zte.com.cn> Sent: Sunday, September 3, 2017 21:26 To: david.sauvag...@bell.ca<mailto:david.sauvag...@bell.ca>; Mike Elliott <mike.elli...@amdocs.com<mailto:mike.elli...@amdocs.com>>; Roger Maitland <roger.maitl...@amdocs.com<mailto:roger.maitl...@amdocs.com>> Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> Subject: [onap-discuss] [OOM][MSB][Integration] OOM MSB Integration finished Hi David and OOM Team, I'm glad to let you know that oom registrator has been successfully deployed in k8s cluster which filled the last part of map. Now every ONAP microservices deployed by OOM will be automatically registered to MSB by oom registrator, and microservices can leverage MSB SDK or API Gateway to communicate with each other easily. I could show the demo in this week's meeting if we have time, it will cost about 5 minutes. I'd also like to discuss some minor issues like how to start MSB and registrator first in the OOM script so they're ready when other onap Microservices are spun up by OOM. Cheers, Huabing This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
_______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss