Alexis, Getting a lot further - thanks Retrofitted my environment with additional edits - we are aligned exactly except for the 2 dcae keys, my domain and my user/pass OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2
As you mention I think we need a DNS collision strategy/workarounds for multiple DCAE installs in the same tenant Q) how can I get Designate configured with the Logging project the way it is for OOM - so I have that second Designate tenant id and we can coexist For now before you delete yours - I will experiment with creating a different target simpledemo.obrien.onap.org - just to verify I can get the VMs up for now. If you don't need your DCAE vms then you could also delete them to test this. When I rerun I get the following DNS collision on your DCAE setup - I am wondering if more than one DCAE setup can be configured - because our recordset entries will both point to the same simpledemo.onap.org - make sense we collide. "Unable to create zone because another tenant owns a subzone of the zone" logs + EXISTING_ZONES='9rMR.simpledemo.onap.org. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. 4Xpi.simpledemo.onap.org. KfD9.simpledemo.onap.org. KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Idp8.simpledemo.onap.org. Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Phx4.simpledemo.onap.org. Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org.' + [[ 9rMR.simpledemo.onap.org. 9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org. 4Xpi.simpledemo.onap.org. KfD9.simpledemo.onap.org. KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Idp8.simpledemo.onap.org. Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org. Phx4.simpledemo.onap.org. Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org. =~ (^|[[:space:]])simpledemo.onap.org.($|[[:space:]]) ]] + echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...' Zone simpledemo.onap.org. doens't exist, creating ... ++ awk '{ print $2} ' ++ openstack zone create --email=o...@onap.org '--description=DNS zone bridging DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id Unable to create zone because another tenant owns a subzone of the zone Create recordSet for simpledemo.onap.org. + SIMPLEDEMO_ONAP_ORG_ZONE_ID= + echo 'Create recordSet for simpledemo.onap.org.' + openstack recordset create --type=A --ttl=10 --records=10.12.6.150 vm1.aai usage: openstack recordset create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--fit-width] [--print-empty] [--noindent] [--prefix PREFIX] --record RECORD --type TYPE [--ttl TTL] [--description DESCRIPTION] [--all-projects] [--edit-managed] [--sudo-project-id SUDO_PROJECT_ID] zone_id name openstack recordset create: error: too few arguments -----Original Message----- From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] Sent: Wednesday, February 7, 2018 09:50 To: Michael O'Brien <frank.obr...@amdocs.com> Cc: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during dcae-controller DNS record creation - my creds/url combo is rejected Michael, Let me know if that works for you. Also, I can clear my deployment, or feel free to do so, if you want. I no longer need it. That would free up some space. Alexis > On Feb 7, 2018, at 9:28 AM, Michael O'Brien <frank.obr...@amdocs.com> wrote: > > Alexis, > Sounds good, thanks for clearing this up with the tenant-designate required > link. > I was triaging different auth/url combinations directly in the container in > both RC files and then retrofitting them back out to onap-parameters.yaml in > a delete/create pod cycle to verify each. > Good to know it is config that can be fixed. > > I have a VM both in the OOM and Logging tenants - there is still enough > space for one more DCAE setup (96G) in the OOM tenant. > I will try to get my Logging tenant enabled for Designate as then I can > free up space on OOM. > > Retrying on my OOM VM now > > Differences > DNSAAS_API_VERSION is v3 not v2.0 anymore > DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm! > DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27 > DCAE_DOMAIN was not specific enough added my LF id in the domain > name > > And > DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I > will need to get one of these to align with the Logging tenant as well right? > > > Thank you > > /michael > > -----Original Message----- > From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com] > Sent: Wednesday, February 7, 2018 07:41 > To: Michael O'Brien <frank.obr...@amdocs.com> > Cc: onap-discuss@lists.onap.org > Subject: Re: [onap-discuss] Help with DCAE Designate url > authentication during dcae-controller DNS record creation - my > creds/url combo is rejected > > Michael, > > The reason you’re not able to get authorization to the OpenStack providing > the DNS Designate is probably because of the tenantID you used. The lab has > two OpenStack, .2, where you create the workload and so on, and .5 providing > DNS Designate support. When configuring the DNAAS_* parameters, you need to > reference the information of .5; the tenant OOM is the same, but its ID is > different. > > I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, > it means initial config is wrong (as highlighted above). This is > implementation details that user shouldn’t care about. > > I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant, > privately. > > Thanks, > Alexis > >> On Feb 7, 2018, at 12:43 AM, Michael O'Brien <frank.obr...@amdocs.com> wrote: >> >> Team, >> Hi, I need your assistance for anyone bringing up DCAE in the intel lab. >> I am bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am >> having issues authenticating with designate in openlab. There is no issue >> with the code, there are 2 installs of DCAE from the heat teamplate >> generated on the Kubernetes side – already in the lab. My issue is the env >> parameters inside the amsterdam version of onap-parameters.yaml. >> >> My issue is with DNS record creation, I don’t think the DCAE creation will >> have an issue – because opensource commands work in side the container on >> this RC – but it is blocked by my designate config. >> >> So this goes out to anyone that is doing a manual or automated >> installation of OOM. >> The OOM Teams’ automated CD system is not yet configured to test >> DCAEGEN2 – hence the health numbers are always below 28/30 >> http://jenkins.onap.info/job/oom-cd/ >> >> – I would like to fix this as well as get logs from the DCAE side. >> >> I am posting details of reproducing the dcae install in Alexis’ >> page >> https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Ope >> n >> Stack >> >> Issue: >> 1) When I source the DCAE rc – I am able to run openstack commands via >> the kubernetes dcae controller – as usual >> 2) But when I source the DNS rc – I get an authentication failure using >> the demo/onapdemo credentials >> >> >> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi >> DNS-openrc-v2.sh >> >> Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0 >> export OS_AUTH_URL=http://10.12.25.2:5000/v2.0 >> export OS_TENANT_ID=a85a0.......802c9fc50a7 >> export OS_TENANT_NAME=Logging >> export OS_USERNAME=demo >> export OS_PASSWORD=onapdemo >> export OS_REGION_NAME=RegionOne >> >> >> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack recordset list The request >> you have made requires authentication. (HTTP 401) (Request-ID: >> req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598) >> ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it >> heat-bootstrap-4010086101-8cdwz bash >> root@heat-bootstrap:/# cd /opt/heat >> >> >> root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack server list >> | 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE | >> oam_onap_w37L=10.0.16.1, 10.12.6.124 | >> ubuntu-16-04-cloud-amd64 | m1.xxlarge | >> | d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE | >> appc-multicloud-integration=10.10.5.14, 10.12.6.49 | >> | v1.xlarge | >> >> >> root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh >> root@heat-bootstrap:/opt/heat# openstack server list The request you >> have made requires authentication. (HTTP 401) (Request-ID: >> req-82cfa5be-e351-49d0-bf87-18834c8affa0) >> >> >> The password/username for the pod25 Designate DNS as a Service - >> should be demo/onapdemo >> ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat >> DNS-openrc-v2.sh export OS_USERNAME="demo" >> export OS_PASSWORD="onapdemo" >> >> I am not using multicloud proxying so the following url would not >> resolve anyway for me (no instance) - I am using the regular keystone >> url - which likely won't recognize the demo/onapdemo credentials >> http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/ide >> n >> tity/v2.0 >> >> >> If I set the user/pass to my tenant - then the DNS rc works for >> openstack commands - testing to see if this will pass the dns record >> creation commands now >> Q: could anyone pass me their DNS-openrc-v2.sh file from their >> /dockerdata-nfs dir from their working Intel openlab environment so I >> can compare them - I specifically would like to see the DNS keystone >> url thank you >> >> DNSaaS references >> http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sec >> t ions/installation_heat.html#heat-template-parameters >> Alexis, original fix to parameterize the hardcoded user/pass to >> designate >> https://lists.onap.org/pipermail/onap-discuss/2018-January/007549.htm >> l >> https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=boot/dcae2_vm_init.sh;h=b071dffd53f0a431bbdff1c1228edce8ecddef2d;hb=refs/heads/amsterdam >> 163 local DNSAAS_USERNAME='demo' >> 164 local DNSAAS_PASSWORD='onapdemo' >> >> thank you >> /michael >> >> >> Michael O’Brien >> Amdocs Technology >> 16135955268 >> 55268 >> <image001.jpg> >> >> This message and the information contained herein is proprietary and >> confidential and subject to the Amdocs policy statement, you may >> review at https://www.amdocs.com/about/email-disclaimer >> _______________________________________________ >> onap-discuss mailing list >> onap-discuss@lists.onap.org >> https://lists.onap.org/mailman/listinfo/onap-discuss > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, > > you may review at https://www.amdocs.com/about/email-disclaimer > <https://www.amdocs.com/about/email-disclaimer> This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer> _______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss