Keystone V3 you must do a post, to create the config entry in SO, the data you
have below is not valid for v3. V3 requires more information to authenticate in
openstack.
You can do a post to the catalog-db pod at /cloudSite with below payload.
Identity Server type should be “KEYSTONE_V3”
{
"id": "${site_name}",
"region_id": "${region_id}",
"aic_version": "3.0",
"clli": "${clli}",
"identityService": {
"identity_url": "${identity_url}",
"mso_id": "${mso_id}",
"mso_pass": "${mso_pass}",
"admin_tenant": "${admin_tenant}",
"member_role": "${member_role}",
"tenant_meta_data": true,
"id": "${identity_id}",
"identity_server_type": "${identity_server_type}",
"identity_authentication_type": "${authentication_type}",
"project_domain_name": "${project_domain_name}",
"user_domain_name": "${user_domain_name}"
}
}
Thanks
-Steve
From: Vivekanandan Muthukrishnan <[email protected]>
Date: Tuesday, March 5, 2019 at 11:31 AM
To: "SMOKOWSKI, STEVEN" <[email protected]>
Cc: "[email protected]" <[email protected]>, MALINCONICO
ANIELLO PAOLO <[email protected]>
Subject: Re: [onap-discuss] Casablanca vFW deployment failed with MSO error
request status 404
Hi Steve,
Yes, our keystone API version v3 (Openstack Ocata release). Is this not
supported ?
We tried with 2.0 as well, but we got the same results from SO openstack
adaptor.
Regards
Vivek
On Tue, Mar 5, 2019 at 9:53 PM SMOKOWSKI, STEVEN
<[email protected]<mailto:[email protected]>> wrote:
Are you trying to use keystone v3 here? How did you load it into SO?
Thanks
-Steve
From: <[email protected]<mailto:[email protected]>> on
behalf of "SMOKOWSKI, STEVEN" <[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>, "SMOKOWSKI,
STEVEN" <[email protected]<mailto:[email protected]>>
Date: Tuesday, March 5, 2019 at 11:22 AM
To: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>,
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>,
MALINCONICO ANIELLO PAOLO
<[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] Casablanca vFW deployment failed with MSO error
request status 404
***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
That error would indicate the client cannot talk to keystone. I cannot verify
your settings however.
Thanks
-Steve
From: <[email protected]<mailto:[email protected]>> on
behalf of Vivekanandan Muthukrishnan
<[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>,
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Date: Tuesday, March 5, 2019 at 11:17 AM
To: MALINCONICO ANIELLO PAOLO
<[email protected]<mailto:[email protected]>>
Cc: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] Casablanca vFW deployment failed with MSO error
request status 404
Hi Aniello,
We are still getting the same error in openstack-adapter and below are the log
snippets for your reference.
Could you please review the below log snippet and see, if everything is ok?
I am attaching herewith is the log files for dev-so-so-bpmn-infra.log,
dev-so-so-openstack-adapter.log and so-openstack-adapter_values.yaml
(so-openstack-adapter/values.yaml) as well for your reference.
Regards
Vivek
# Logs snippets from dev-so-so-openstack-adapter-5cdc6cd74-nrsnk POD
2019-03-05T14:38:41.179Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
o.onap.so.logging.jaxrs.filter.SpringClientFilter - Headers : {Set-Cookie=
[JSESSIONID=A99B03673077B13BCD6BD6B3E8D76501; Path=/; HttpOnly],
X-Application-Context=[application:8082], X-Content-Type-Options=[nosniff],
X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0,
must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY],
Content-Type=[application/hal+json;charset=UTF-8], Transfer-Encoding=[chunked],
Date=[Tue, 05 Mar 2019 14:38:41 GMT]}
2019-03-05T14:38:41.183Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
o.onap.so.logging.jaxrs.filter.SpringClientFilter - Response body: {
"id" : "regionOne",
"identityService" : {
"id" : "DEFAULT_KEYSTONE",
"handler" : { },
"hibernateLazyInitializer" : { },
"identityServerTypeAsString" : "KEYSTONE",
"identity_url" :
"http://192.168.37.13:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.37.13-3A5000_v3&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=5lLiKb-cOnKbD2wyBwDeRDruM5Qp3GKZ4vQioLZAaUw&e=>",
"mso_id" : "admin",
"mso_pass" :
"bf8db9c9ff076bc8fdc17eae6202553cdf27c2e4a24aa4aa5169df736e062071",
"admin_tenant" : "service",
"member_role" : "admin",
"tenant_metadata" : true,
"identity_server_type" : "KEYSTONE",
"identity_authentication_type" : "USERNAME_PASSWORD",
"last_updated_by" : "FLYWAY",
"creation_timestamp" : "2019-03-03T16:15:02.000+0000",
"update_timestamp" : "2019-03-03T16:15:02.000+0000"
},
"uri" : null, # What should be the value here ?
"region_id" : "regionOne",
"aic_version" : "2.5", # Should it be 3 ?
"clli" : "regionOne",
# Is this expected to be null ?
"platform" : null,
"orchestrator" : null,
"cloudify_id" : null,
"identity_service_id" : "DEFAULT_KEYSTONE",
"last_updated_by" : "FLYWAY",
"creation_timestamp" : "2019-03-03T16:15:02.000+0000",
"update_timestamp" : "2019-03-03T16:15:02.000+0000",
"_links" : {
"self" : {
"href" :
"http://so-catalog-db-adapter.onap:8082/cloudSite/regionOne<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_regionOne&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=B9eS6x4UoMdMh-HXA6eCrHHOcWIfV5ZXnS68cxHcfp0&e=>"
},
"cloudSite" : {
"href" :
"http://so-catalog-db-adapter.onap:8082/cloudSite/regionOne<https://urldefense.proofpoint.com/v2/url?u=http-3A__so-2Dcatalog-2Ddb-2Dadapter.onap-3A8082_cloudSite_regionOne&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=B9eS6x4UoMdMh-HXA6eCrHHOcWIfV5ZXnS68cxHcfp0&e=>"
}
}
}
2019-03-05T14:38:41.184Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
o.onap.so.logging.jaxrs.filter.SpringClientFilter -
=======================response
end=================================================
2019-03-05T14:38:41.395Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.openstack.utils.MsoHeatUtils - Found:
CloudSite_.._jvst344_31[regionId=regionOne,identityServiceId=DEFAULT_KEYSTONE,cloudVersion=2.5,clli=regionOne,cloudifyId=<null>,platform=<null>,orchestrator=<null>]
2019-03-05T14:38:41.398Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.openstack.utils.MsoHeatUtils - Found:
CloudIdentity[id=DEFAULT_KEYSTONE,identityUrl=http://192.168.37.13:5000/v3,msoId=admin,adminTenant=service,memberRole=admin,tenantMetadata=true,identityServerType=KEYSTONE,identityAuthenticationType=USERNAME_PASSWORD<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.37.13-3A5000_v3-2CmsoId-3Dadmin-2CadminTenant-3Dservice-2CmemberRole-3Dadmin-2CtenantMetadata-3Dtrue-2CidentityServerType-3DKEYSTONE-2CidentityAuthenticationType-3DUSERNAME-5FPASSWORD&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=iFrv-4uAax9xhaOblChFYTTmhk6Mrp19f8TgWp8GujY&e=>]
2019-03-05T14:38:41.400Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.openstack.utils.MsoHeatUtils -
keystoneUrl=http://192.168.37.13:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.37.13-3A5000_v3&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=5lLiKb-cOnKbD2wyBwDeRDruM5Qp3GKZ4vQioLZAaUw&e=>
2019-03-05T14:38:41.631Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.openstack.utils.MsoCommonUtils - RA_CONNECTION_EXCEPTION
2019-03-05T14:38:41.633Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.openstack.utils.MsoHeatUtils - RA_CONNECTION_EXCEPTION
2019-03-05T14:38:41.644Z|8c5035f6-fd87-4355-80c4-fe97e1460f8e|
org.onap.so.adapters.vnf.MsoVnfAdapterImpl - RA_QUERY_VNF_ERR
org.onap.so.openstack.exceptions.MsoOpenstackException: The resource could not
be found.
at
org.onap.so.openstack.utils.MsoCommonUtils.keystoneErrorToMsoException(MsoCommonUtils.java:157)
at
org.onap.so.openstack.utils.MsoHeatUtils.getHeatClient(MsoHeatUtils.java:914)
at
org.onap.so.openstack.utils.MsoHeatUtils.queryStack(MsoHeatUtils.java:571)
at
org.onap.so.adapters.vnf.MsoVnfAdapterImpl.createVfModule(MsoVnfAdapterImpl.java:658)
at
org.onap.so.adapters.vnf.MsoVnfAdapterImpl$$FastClassBySpringCGLIB$$8b1f101c.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
at
org.onap.so.adapters.vnf.MsoVnfAdapterImpl$$EnhancerBySpringCGLIB$$2b1b798a.createVfModule(<generated>)
at
org.onap.so.adapters.vnf.VnfAdapterRest$CreateVfModuleTask.run(VnfAdapterRest.java:440)
=== our openstack overcloudrc.v3 file
export OS_USERNAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_BAREMETAL_API_VERSION=1.29
export NOVA_VERSION=1.1
export OS_PROJECT_NAME=admin
export OS_PASSWORD=XXXX
export OS_NO_CACHE=True
export COMPUTE_API_VERSION=1.1
export no_proxy=,192.168.37.13,192.0.2.10
export OS_CLOUDNAME=overcloud
export
OS_AUTH_URL=http://192.168.37.13:5000/v3<https://urldefense.proofpoint.com/v2/url?u=http-3A__192.168.37.13-3A5000_v3&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=5lLiKb-cOnKbD2wyBwDeRDruM5Qp3GKZ4vQioLZAaUw&e=>
export IRONIC_API_VERSION=1.29
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_TYPE=password
On Sun, Mar 3, 2019 at 11:39 PM MALINCONICO ANIELLO PAOLO
<[email protected]<mailto:[email protected]>> wrote:
The keystone identity url should be with the openstack version as
http://xx.xx.xx.xx:5000/v2.0<https://urldefense.proofpoint.com/v2/url?u=http-3A__xx.xx.xx.xx-3A5000_v2.0&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=FZNLcpSwTMXxVSswPRk7KpMJ5bYek4cb8ye-e7BYJZo&e=>
.
Try to override the value by adding the OS keystone version to the identity url.
My override file for Service Orchestrator:
dmaapTopic: "AUTO"
# openstack configuration
openStackKeyStoneUrl:
"http://xx:xx:xx:xx:5000/v2.0";<https://urldefense.proofpoint.com/v2/url?u=http-3A__xx-3Axx-3Axx-3Axx-3A5000_v2.0-2522&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=Zo0g5K8gFGrr-PtexP3-HUhv9fOHuZLQL59liErlvsM&s=JTg9QmUx9zyrhECsiONcf20u2mUnik4ceREMn7TB4qE&e=>
openStackKeystoneAPIVersion: "v2.0"
openStackPublicNetId: "2c921f24-7e22-40f0-af62-e6801bff0ae1"
openStackTenantId: "34f1fe41d1a0483dbd1aa94c26dc5545"
openStackUserName: "dc1"
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "3xxxxxxxx0"
openStackRegion: "RegionOne"
openStackProjectName: "datacenter1"
Aniello Paolo Malinconico
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#15889): https://lists.onap.org/g/onap-discuss/message/15889
Mute This Topic: https://lists.onap.org/mt/30202870/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
