Private IP addresses for the db_nodes in ExaCS is not the correct one
carlos-delgadocastano opened this issue · 21 comments
Hi,
Reviewing our tenant's database report, we have seen the following error.
For the ExaCS Virtual Machines (inside the Exadata VM Cluster) the private IPs for ExaCS are incorrect. In the report it is shown a private IP different (and incorrect) than in OCI. The same info for the DBCS machines are in fact correct.
Could you please help us with this error?
Thank you in advance
Carlos, Thank you for the information
I saw the issue the VNIC has multiple IP addresses, I will fix and let you know
Hi Carlos
I fixed it and will push to git on 4/16/2024 after proper testing
For your info
Thank you very much!!
Code was pushed to 4/16 version, please do check on 4/16 and let me know
Thank you
Thank you @adizohar for fixing this.
@carlos-delgadocastano is the issue fixed for you?
Carlos it was deployed, please let me know if fixed and please close the ticket if working.
Hi!
Thank you for the update. I have not been able to test it, because I had to rollback. I was in showoci.py 23.10.31 version and with this new version I have the following error:
Error in ShowOCIDomains:load_identity_domains_main: {'target_service': 'identity', 'status': 404, 'code': 'NotAuthorizedOrNotFound', 'opc-request-id': '9F3E18E768AD4B1C85E9DEC24F54955F/AB70F23F1B7C5644458C4C037E71F3FF/0D797CEBB7D5C20F19D595FD9C849040', 'message': 'Authorization failed or requested resource not found', 'operation_name': 'list_domains', 'timestamp': '2024-04-17T15:16:05.540195+00:00', 'client_version': 'Oracle-PythonSDK/2.125.3'
Do you know which could be the problem?
Thank you in advance,
Best Regards,
Hi Carlos, looks like you don't have access to check IAM Domains and your tenant upgraded to IAM Domains
you can use the flag -ani to skip identity.
I will improve the code to post proper error , it could be identity domain in different compartment.
Hi,
We need the users report also, so we can't use -ani flag.
Thank you for your help :)
Best Regards,
Hi Carlos
I pushed another code fix for 4/23/2024, it will loop on the IAM domains and will extract those you have access
But if you don't have access to IAM domain, you won't be able to extract users and groups.
Most of tenants upgraded to IAM Domains and you will need "read domains" access.
Can you please check your policies ?
I added additional flag that will extract the old identity with -iold, it will work as long the APIs still available (those deprecated)
Carlos, the new code will be deployed tomorrow, did you progress with permission to query IAM Domains ? and test the showoci ?
Carlos, code is deployed, please check.
Thank you very much,
I am waiting for my permissions to be reviewed. I'll try as soon as I can and let you know.
Best Regards!
Hi again and thank you so much for your interest!
I am testing the last version. IAM domain problem it seems fixed with this new flag, but I have a new problem.
The script it is "stucked" in the same point for more than 2 hours. After some minutes it shows errors like this:
Error in ShowOCIService:__load_paas_oce:{'target_service': 'oce_instance', 'status': 503, 'code': 'ServiceUnavailable', 'opc-request-id': '55CA0DD85DE3450F9B9F2C9392D4E032/424565190B10CCFEAE36CF99D5B6B57E/C6A41F8314C0D1439AF3D1F6AEA09A87', 'message': 'Service Unavailable', 'operation_name': 'list_oce_instances', 'timestamp': '2024-04-24T11:01:36.860954+00:00', 'client_version': 'Oracle-PythonSDK/2.125.3', 'request_endpoint': 'GET https:///oceInstances', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': "See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_503__503_serviceunavailable for more information about resolving this error. Also see https://docs.oracle.com/iaas/api/#/en/oce/20190912/OceInstanceSummary/ListOceInstances for details on this operation's requirements. If you are unable to resolve this oce_instance issue, please contact Oracle support and provide them this full error message."} in compartment <compartment_name>
At this moment I have 12 errors like this, each of them in one different compartment, so the execution is dragging on for many hours and I cannot determine when it will end.
Do you know what the problem might be, and is there a way to avoid checking this type of resource?
Thank you in advance for all your help! :)
Best Regards,
Hi Carlos
OCE will be retire at the end of the year
please use -exclude OCE
and let me know
btw, you can exclude different services with comma seperated
I am currently support services that shows with -excludelist:
BDS
CERTIFICATES
DATACATALOG
DATAFLOW
DATASAFE
DATASCIENCE
DEVOPS
DI
DNSZONE
GENAI
KMS
LIMITS
NETWORK
OAC
OCE
OCVS
ODA
OIC
OPENSEARCH
QUOTAS
VB
VCIRCUITS
Hi again,
I have tested it again:
- With -exclude OCE this problem is solved, thank you.
- The initial error in the private IPs for ExaCS it seems fixed, also. Please let me double check during today and tomorrow to confirm it!
- The ShowOCIDomains error it appears a lot of times in the log (one per compartment), but it works fine, because it does not waste time doing the checks.
So everything seems correct now! Thank you again! :)
Best Regards,
Hi Carlos
The Domain error is due to permission you don't have
If this issue solved, please close the ticket and open new one for new issue
Thank you
Hi!
Just to confirm that all the tests we have carried out are satisfactory, so the problem has been fixed.
I close the issue... Thank you!! :)
Thank you Carlos, appreciate it