indigo-dc/orchestrator

Deployment error in OpenStack Rocky

alexcos78 opened this issue · 0 comments

alexcos78 commented

Environment

  • Orchestrator 2.1.2-final
  • IM 1.8.2
  • DODAS@CNAF PaaS services
  • Openstack_Rocky@CNAF infrastructure

Test performed
Submission of a TOSCA template via Orchestrator and IM to OpenStack Rocky infrastructure

description: 
  TOSCA test for launching compute node with a specified image and getting as an output the IP and SSH credentials to access

Error from deployment via IM

$ curl -L -i -k -H 'Content-type: text/yaml' -H "Authorization: id = ost; type = OpenStack; host = https://$API_ENDPOINT:5000/v3/; username = dodas; password = $IAM_ACCESS_TOKEN; tenant = oidc; auth_version = 3.x_oidc_access_token; service_region
= sdds;\nid = im; type = InfrastructureManager; token = $IAM_ACCESS_TOKEN" -X POST http://$IM:8800/infrastructures --data-binary @"simple_tosca_cnaf-ng_im.yaml"
HTTP/1.1 100 Continue

HTTP/1.1 400 Bad Request
Content-Length: 58
Content-Type: text/plain
Date: Fri, 26 Jul 2019 13:33:09 GMT
Server: Cheroot/6.5.2

Error Creating Inf.: Invalid credentials with the provider

Deployment via orchent: logs from Orchestrator

...
orchestrator            | 2019-07-28 19:24:27.146 ERROR req-54a71ac4-c89a-4727-a0aa-1747e5239072 11e9b16a-7df8-38e2-ab3e-0242c0a80004 1 --- [askExecutor-143] i.r.o.service.commands.BaseJavaDelegate  : Task Poll for deploy complete - ENDED WITH ERROR:
orchestrator            | Error while checking the deployment status
orchestrator            |
orchestrator            | it.reply.orchestrator.exception.service.DeploymentException: Error executing request to IM
orchestrator            | Error 400: Error Getting Inf. prop: Invalid InfrastructureManager credentials. Code: 503. Message: <html>
orchestrator            | <head><title>503 Service Temporarily Unavailable</title></head>
orchestrator            | <body bgcolor="white">
orchestrator            | <center><h1>503 Service Temporarily Unavailable</h1></center>
orchestrator            | <hr><center>nginx/1.13.12</center>
orchestrator            | </body>
orchestrator            | </html>
...

Deployment via IM goes well if replacing variable tenant = oidc with tenant = openid (1)
The same problem should affect the Orchestrator.

(1) as from the documentation related to OpenStack Keystone Federation.

A possible solution (?)
Parametrize the value of the tenant variable.
The following part of the code should be interested.
src/test/java/it/reply/orchestrator/service/deployment/providers/factory/ImClientFactoryTest.java: + " ; type = OpenStack ; tenant = oidc ; username = oidc-organization ; password = "