Welcome to the Linux Foundation Forum!

Error on running onap_deploy_all.sh script

When launched ONAP deployment script got errors.

Could you take a look - is this again a file permission issue?

Or user credentials related issue - I used another user account than aarna,
of course ensured all master/workers nodes have ssh connectivity with it.
And actually the same "access denied" error when tried aarna account:

aarna@anod-master:~$ curl https://kubernetes-charts.storage.googleapis.com/index.yaml
<?xml version='1.0' encoding='UTF-8'?>AccessDeniedAccess denied.

Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.
aarna@anod-master:~$

So error accessing index.yaml "403 Forbidden", see below:

$ nohup ./onap_deploy_all.sh --all &

=>

$ tail -f nohup.out
. . .
Error: error initializing: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Failed to fetch https://kubernetes-charts.storage.googleapis.com/index.yaml : 403 Forbidden
Error: Couldn't load repositories file (/home/yurick/.helm/repository/repositories.yaml).
You might need to run helm init (or helm init --client-only if tiller is already installed)
Error: Couldn't load repositories file (/home/yurick/.helm/repository/repositories.yaml).
You might need to run helm init (or helm init --client-only if tiller is already installed)
~/onap-custom/util-scripts ~/onap-custom/setup-utils
Step 4: Creating Openstack resources and other configuration...
ERROR : Step 4
Create Openstack resources failed! Aborting the deployment!!

Comments

  • Hi @YuriiKantonistov,

    Please run the script from aarna use account only as all the scripts are designed to run from aarna user.

    Please share the complete nohup.out file.

    Make sure the tiller pod is Running. You can see the pod status by executing this command: kubectl get pods -n kube-system |grep -i tiller

  • Ok, thank you for the comment. Will redo all with aarna account and comment if get all fully completed.

  • When using aarna account this step supposed to be done in 4.1.1
    Where from can I download/get those aarna.pem and aarna.ppk?

    "IN-CLASS MAC/Linux USERS:
    What we are going to do
    Download aarna.pem and aarna.ppk.
    . . ."

  • You do not need the aarna.pem. Your GCP always resets the /home/aarna/.ssh/authorized_keys contents when it brings up an instance. So you cannot directly access the aarna user

    The workaround is to follow the below steps to login into your GCP instance.

    SSH into your GCP instance

    $ gcloud compute ssh lfn-jump-01

    Go to the sudo mode

    $ sudo -i

    Go the aarna user shell

    su - aarna

    Check the home folder is /home/aarna

    echo $HOME

    Now follow the deployment guide

    steps.

    Please note that you will have to go to the aarna user shell

    to execute all commands as per the LFN lab document

    If you can you can generate SSH key pair and include the Public key under

    /home/aarna/.ssh/authorized_keys file to directly access the aarna user .

  • Thank you, got to the last 4.3 exercise where I supposed to open Horizon UI and stuck there.

    *** If using gcloud compute ssh proxy and localhost:5000 - got an empty reply:

    $ gcloud compute ssh --zone us-central1-f openstack-01 -- -N -D localhost:5000

    =>

    $ curl -v localhost:5000/v3/

    • Trying 127.0.0.1:5000...
    • TCP_NODELAY set
    • Connected to localhost (127.0.0.1) port 5000 (#0)

    GET /v3/ HTTP/1.1
    Host: localhost:5000
    User-Agent: curl/7.68.0
    Accept: /

    >

    • Empty reply from server
    • Connection #0 to host localhost left intact
      curl: (52) Empty reply from server

    *** If trying to go directly to openstack-01 host by external-ip - got such json-response:

    http://:5000/v3/
    =>
    {"version": {"id": "v3.14", "status": "stable", "updated": "2020-04-07T00:00:00Z", "links": [{"rel": "self", "href": "http://35.222.10.214:5000/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}}

    *** If connect first to openstack-01 by "gcloud compute ssh" and then open http://:5000/v3/ - got the same json-response as with external-ip.

    Should I see instead an Openstack login page?
    Could you suggest how to troubleshoot Horizon/Openstack to find what is wrong here?

  • PremkumarAarna
    PremkumarAarna Posts: 5
    edited November 2021

    Hi @YuriiKantonistov

    Bellow command will create a tunnel from openstack-01 to your localhost.
    This will just create connection. And empty reply only you will get
    $ gcloud compute ssh --zone us-central1-f openstack-01 -- -N -D localhost:5000

    After that you need access the UI through the Firefox browser using the Internal IP address

    You can get the Horizon URL from OS_AUTH_URL and OS_PASSWORD
    attributes. It is usually http:///
    cat /home/aarna/overclourc.v3

    Example URL
    OpenStack Horizon URL = http://192.168.37.17
    OpenStack Horizon password = Zeb7AhmTn68pKbFBRXMBfjPPw

  • Thank you for the quick answer.

    Yes I can get to openstack-01 from local system by establishing gcloud ssh tunnel:

    overcloudrc.v3:
    export OS_AUTH_URL=http://10.128.0.19:5000/v3

    NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
    . . .
    openstack-01 us-central1-f custom-8-32768 10.128.0.19 35.222.10.214 RUNNING

    $ gcloud compute ssh --zone us-central1-f openstack-01 -- -N -D localhost:5000
    . . .

    Then when in a local Firefox browser go to Horizon URL: http://10.128.0.19:5000/v3 (or just http://10.128.0.19)
    I get always plain-text json (instead of login page html?):

    {"version": {"id": "v3.14", "status": "stable", "updated": "2020-04-07T00:00:00Z", "links": [{"rel": "self", "href": "http://10.128.0.19/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}}

    Could you comment how can I troubleshoot this? Or do you see something done wrongly here?

  • hi @YuriiKantonistov
    Could you please try access with https://10.128.0.19 check your able get the login page or not.

    I would like to take a look at this setup to debug, is it possible to enable access to this VM by adding my public key to .ssh/authorized_keys ? and share VM Public IP and username?.

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFYPj3SM4SUQadeWaoQE9YCR9GvUDFzc+f2edc/ycDUPc5tJXbCURwEi228k8Aa0vNL7A37ex4VRFoAeT/HVIMja2q93QuvE5UvJYG5erPapjBfoRpIzfw2QQ9bnAuJ2CRArER1lcogPP8OVPJ9os7nkHQlAn9Qq9I2aqnsGpb5peUgXBYGnHRCIZtol+1WlqCvPtLdoE4xWpc4frM8xvV1LbZ4kKsWNUtYcRPk/nOe8ZoJd9AF/KBOwHhydCk2Ic6OcISmsCZWCd3B8hHZSVCq7CpqCtrPw/ckw+7d+bl2sSrpe/yr9AE7x59gJN56om9J9/i1s1F6+lQTRAUDDz2z0FYY0rihB67lQw9+SLYXePEO7fvhVvkGKTJz3F7QF4FPmfg+8Z5ebY0qYimfnBs/4YfYEWekRPEk6QMFzJWVzvdV06nHUmIe1QI/LAvpqL2KVUACquxFz18/+yvKK7CigwZmiHuswWtR/Wso2yY1riVvPRf/cPEZpV0zOG4NGk= prem@DESKTOP-6FF9ECJ

Categories

Upcoming Training