Alexis,
Yes, I pulled yesterday from amsterdam. I did another pull just now and -
wow! I really need your extra 2 eyes – my VM in OOM is not on amsterdam!
We are fixed in 615 – so It didn’t make sense – does now.
https://jira.onap.org/browse/OOM-615
Will send my onap-parameters.yaml separately
When I switched VM’s from my Logging to the OOM tenant today – I did not
think to check my git status there – yes I was running master in OOM as soon as
I pulled I noticed it.
My mistake when switching – rerunning now.
For the arguments I am using a different OAM network id, dns entry, tenant
user/id, dns proxy ip - but the same OS and DNS tenants,
ubuntu@onap-oom-obrien:~/oom$ git checkout
kubernetes/config/onap-parameters.yaml
ubuntu@onap-oom-obrien:~/oom$ git pull
From http://gerrit.onap.org/r/oom
18c2dbc..ce7844b master -> origin/master
Already up-to-date.
Wrong VM
ubuntu@onap-oom-obrien:~/oom$ git status
On branch amsterdam
Your branch is up-to-date with 'origin/amsterdam'.
still having issues with the collision - does not make sense because your
OOM-615 is fixed - triaging
{noformat}
ubuntu@onap-oom-obrien:~/oom$ git status
On branch amsterdam
Your branch is up-to-date with 'origin/amsterdam'.
Changes not staged for commit:
modified: kubernetes/config/onap-parameters.yaml
ubuntu@onap-oom-obrien:~/oom$ kubectl -n onap-dcaegen2 logs -f
heat-bootstrap-4010086101-9c8b2
+ echo 'Zone simpledemo.onap.org. doens'\''t exist, creating ...'
++ openstack zone create --email=o...@onap.org '--description=DNS zone bridging
DCAE and OOM' --type=PRIMARY simpledemo.onap.org. -f=yaml -c id
++ awk '{ print $2} '
Unable to create zone because another tenant owns a subzone of the zone
Create recordSet for simpledemo.onap.org.
{noformat}
From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Wednesday, February 7, 2018 10:53
To: Michael O'Brien <frank.obr...@amdocs.com>
Cc: onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during
dcae-controller DNS record creation - my creds/url combo is rejected
Michael,
Regarding the arguments you had to change, those are specific per deployment,
e.g. mine might not work for yours…
Unable to create zone because another tenant owns a subzone of the zone
Are you using latest Amsterdam? Because that particular issue was fixed here:
https://jira.onap.org/browse/OOM-615
++ openstack zone create --email=o...@onap.org<mailto:email=o...@onap.org>
'--description=DNS zone bridging DCAE and OOM' --type=PRIMARY
simpledemo.onap.org<http://simpledemo.onap.org>. -f=yaml -c id
This let me think you’re not using latest.
Please double check and migrate to use latest.
Thanks,
Alexis
On Feb 7, 2018, at 10:36 AM, Michael O'Brien
<frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>> wrote:
Alexis,
Getting a lot further - thanks
Retrofitted my environment with additional edits - we are aligned exactly
except for the 2 dcae keys, my domain and my user/pass
OPENSTACK_IMAGE to 16 NOT 14, DCAE_IP_ADDR 10.99.0.3 NOT 2
As you mention I think we need a DNS collision strategy/workarounds for
multiple DCAE installs in the same tenant
Q) how can I get Designate configured with the Logging project the way it is
for OOM - so I have that second Designate tenant id and we can coexist
For now before you delete yours - I will experiment with creating a
different target simpledemo.obrien.onap.org<http://simpledemo.obrien.onap.org>
- just to verify I can get the VMs up for now.
If you don't need your DCAE vms then you could also delete them to test this.
When I rerun I get the following DNS collision on your DCAE setup - I am
wondering if more than one DCAE setup can be configured - because our recordset
entries will both point to the same
simpledemo.onap.org<http://simpledemo.onap.org> - make sense we collide.
"Unable to create zone because another tenant owns a subzone of the zone"
logs
+ EXISTING_ZONES='9rMR.simpledemo.onap.org<http://9rMR.simpledemo.onap.org>.
9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
4Xpi.simpledemo.onap.org<http://4Xpi.simpledemo.onap.org>.
KfD9.simpledemo.onap.org<http://KfD9.simpledemo.onap.org>.
KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
Idp8.simpledemo.onap.org<http://Idp8.simpledemo.onap.org>.
Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
Phx4.simpledemo.onap.org<http://Phx4.simpledemo.onap.org>.
Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.'
+ [[ 9rMR.simpledemo.onap.org<http://9rMR.simpledemo.onap.org>.
9rMR.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
4Xpi.simpledemo.onap.org<http://4Xpi.simpledemo.onap.org>.
KfD9.simpledemo.onap.org<http://KfD9.simpledemo.onap.org>.
KfD9.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
Idp8.simpledemo.onap.org<http://Idp8.simpledemo.onap.org>.
Idp8.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
Phx4.simpledemo.onap.org<http://Phx4.simpledemo.onap.org>.
Phx4.dcaeg2.adetalhouet.oom.amsterdam.onap.org<http://adetalhouet.oom.amsterdam.onap.org>.
=~
(^|[[:space:]])simpledemo.onap.org<http://simpledemo.onap.org>.($|[[:space:]])
]]
+ echo 'Zone simpledemo.onap.org<http://simpledemo.onap.org>. doens'\''t exist,
creating ...'
Zone simpledemo.onap.org<http://simpledemo.onap.org>. doens't exist, creating
...
++ awk '{ print $2} '
++ openstack zone create --email=o...@onap.org<mailto:email=o...@onap.org>
'--description=DNS zone bridging DCAE and OOM' --type=PRIMARY
simpledemo.onap.org<http://simpledemo.onap.org>. -f=yaml -c id
Unable to create zone because another tenant owns a subzone of the zone
Create recordSet for simpledemo.onap.org<http://simpledemo.onap.org>.
+ SIMPLEDEMO_ONAP_ORG_ZONE_ID=
+ echo 'Create recordSet for simpledemo.onap.org<http://simpledemo.onap.org>.'
+ openstack recordset create --type=A --ttl=10 --records=10.12.6.150 vm1.aai
usage: openstack recordset create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX] --record RECORD --type
TYPE [--ttl TTL] [--description DESCRIPTION]
[--all-projects] [--edit-managed]
[--sudo-project-id SUDO_PROJECT_ID]
zone_id name
openstack recordset create: error: too few arguments
-----Original Message-----
From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Wednesday, February 7, 2018 09:50
To: Michael O'Brien <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>
Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] Help with DCAE Designate url authentication during
dcae-controller DNS record creation - my creds/url combo is rejected
Michael,
Let me know if that works for you.
Also, I can clear my deployment, or feel free to do so, if you want. I no
longer need it. That would free up some space.
Alexis
On Feb 7, 2018, at 9:28 AM, Michael O'Brien
<frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>> wrote:
Alexis,
Sounds good, thanks for clearing this up with the tenant-designate required
link.
I was triaging different auth/url combinations directly in the container in
both RC files and then retrofitting them back out to onap-parameters.yaml in a
delete/create pod cycle to verify each.
Good to know it is config that can be fixed.
I have a VM both in the OOM and Logging tenants - there is still enough space
for one more DCAE setup (96G) in the OOM tenant.
I will try to get my Logging tenant enabled for Designate as then I can free
up space on OOM.
Retrying on my OOM VM now
Differences
DNSAAS_API_VERSION is v3 not v2.0 anymore
DCAE_PROXIED_KEYSTONE_URL was supposed to my my OOM vm!
DCAE_OS_OAM_NETWORK_CIDR should have been 28 not 27
DCAE_DOMAIN was not specific enough added my LF id in the domain
name
And
DNSAAS_TENANT_ID is not the OOM or Logging tenant id - it is different - I
will need to get one of these to align with the Logging tenant as well right?
Thank you
/michael
-----Original Message-----
From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Wednesday, February 7, 2018 07:41
To: Michael O'Brien <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>
Cc: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] Help with DCAE Designate url
authentication during dcae-controller DNS record creation - my
creds/url combo is rejected
Michael,
The reason you’re not able to get authorization to the OpenStack providing the
DNS Designate is probably because of the tenantID you used. The lab has two
OpenStack, .2, where you create the workload and so on, and .5 providing DNS
Designate support. When configuring the DNAAS_* parameters, you need to
reference the information of .5; the tenant OOM is the same, but its ID is
different.
I don’t think you want someone’s DNS-openrc-v2.sh file, if it doesn’t work, it
means initial config is wrong (as highlighted above). This is implementation
details that user shouldn’t care about.
I’ll send you my onap-parameters.yaml for the OpenLab, for the OOM tenant,
privately.
Thanks,
Alexis
On Feb 7, 2018, at 12:43 AM, Michael O'Brien
<frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>> wrote:
Team,
Hi, I need your assistance for anyone bringing up DCAE in the intel lab. I am
bringing up DCAEGEN2 via OOM using Alexis’ dcae-controller – I am having issues
authenticating with designate in openlab. There is no issue with the code,
there are 2 installs of DCAE from the heat teamplate generated on the
Kubernetes side – already in the lab. My issue is the env parameters inside
the amsterdam version of onap-parameters.yaml.
My issue is with DNS record creation, I don’t think the DCAE creation will
have an issue – because opensource commands work in side the container on this
RC – but it is blocked by my designate config.
So this goes out to anyone that is doing a manual or automated installation of
OOM.
The OOM Teams’ automated CD system is not yet configured to test
DCAEGEN2 – hence the health numbers are always below 28/30
http://jenkins.onap.info/job/oom-cd/
– I would like to fix this as well as get logs from the DCAE side.
I am posting details of reproducing the dcae install in Alexis’
page
https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher+in+Ope
n
Stack
Issue:
1) When I source the DCAE rc – I am able to run openstack commands via the
kubernetes dcae controller – as usual
2) But when I source the DNS rc – I get an authentication failure using
the demo/onapdemo credentials
ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ sudo vi
DNS-openrc-v2.sh
Eexport OS_AUTH_URL=http://10.12.25.5:5000/v2.0
export OS_AUTH_URL=http://10.12.25.2:5000/v2.0
export OS_TENANT_ID=a85a0.......802c9fc50a7
export OS_TENANT_NAME=Logging
export OS_USERNAME=demo
export OS_PASSWORD=onapdemo
export OS_REGION_NAME=RegionOne
root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh
root@heat-bootstrap:/opt/heat# openstack recordset list The request
you have made requires authentication. (HTTP 401) (Request-ID:
req-8d3619cb-d3e4-46d2-b923-6c0cd3df6598)
ubuntu@onap-oom-obrien:~$ kubectl -n onap-dcaegen2 exec -it
heat-bootstrap-4010086101-8cdwz bash
root@heat-bootstrap:/# cd /opt/heat
root@heat-bootstrap:/opt/heat# source DCAE-openrc-v2.sh
root@heat-bootstrap:/opt/heat# openstack server list
| 87569b68-cd4c-4a1f-9c6c-96ea7ce3d9b9 | onap-oom-obrien | ACTIVE |
oam_onap_w37L=10.0.16.1, 10.12.6.124 | ubuntu-16-04-cloud-amd64 |
m1.xxlarge |
| d80f35ac-1257-47fc-828e-dddc3604d3c1 | oom-jenkins | ACTIVE |
appc-multicloud-integration=10.10.5.14, 10.12.6.49 | |
v1.xlarge |
root@heat-bootstrap:/opt/heat# source DNS-openrc-v2.sh
root@heat-bootstrap:/opt/heat# openstack server list The request you
have made requires authentication. (HTTP 401) (Request-ID:
req-82cfa5be-e351-49d0-bf87-18834c8affa0)
The password/username for the pod25 Designate DNS as a Service -
should be demo/onapdemo
ubuntu@onap-oom-obrien:/dockerdata-nfs/onap/dcaegen2/heat$ cat DNS-openrc-v2.sh
export OS_USERNAME="demo"
export OS_PASSWORD="onapdemo"
I am not using multicloud proxying so the following url would not
resolve anyway for me (no instance) - I am using the regular keystone
url - which likely won't recognize the demo/onapdemo credentials
http://10.0.14.1/api/multicloud-titanium_cloud/v0/pod25_RegionOne/ide
n
tity/v2.0
If I set the user/pass to my tenant - then the DNS rc works for
openstack commands - testing to see if this will pass the dns record
creation commands now
Q: could anyone pass me their DNS-openrc-v2.sh file from their
/dockerdata-nfs dir from their working Intel openlab environment so I
can compare them - I specifically would like to see the DNS keystone
url thank you
DNSaaS references
http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sec
t ions/installation_heat.html#heat-template-parameters
Alexis, original fix to parameterize the hardcoded user/pass to
designate
https://lists.onap.org/pipermail/onap-discuss/2018-January/007549.htm
l
https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=boot/dcae2_vm_init.sh;h=b071dffd53f0a431bbdff1c1228edce8ecddef2d;hb=refs/heads/amsterdam
163 local DNSAAS_USERNAME='demo'
164 local DNSAAS_PASSWORD='onapdemo'
thank you
/michael
Michael O’Brien
Amdocs Technology
16135955268
55268
<image001.jpg>
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement, you may
review at https://www.amdocs.com/about/email-disclaimer
_______________________________________________
onap-discuss mailing list
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
https://lists.onap.org/mailman/listinfo/onap-discuss
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss
