No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Alarm and Event Reference 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ALM-2015 Built-in Tenant Token Invalid

ALM-2015 Built-in Tenant Token Invalid

Description

This alarm is generated when cse-config-center or cse-service-center fails to connect to the IAM service.

Attribute

Alarm ID

Alarm Severity

Alarm Type

2015

Major

Environmental alarm

Parameters

Parameter

Description

Namespace

Indicates the namespace of the service for which the alarm is generated.

ServiceName

Indicates the name of the service for which the alarm is generated.

InstanceName

Indicates the name of the service instance for which the alarm is reported.

NodeIp

Indicates the IP address of the host where the microservice instance is deployed.

Impact on the System

If the token of a built-in tenant is invalid, the AK/SHA (AK/SK) authentication request fails. As a result, the microservices that use this authentication mode cannot be registered and the dashboard information cannot be reported.

Possible Causes

  • The permission or content of the attached built-in tenant authentication information is incorrect.
  • The IAM service cannot be properly called.

Procedure

  1. Use PuTTY to log in to the manage_lb1_ip node.

    The default username is paas, and the default password is QAZ2wsx@123!.

  2. Run the following command and enter the password of the root user to switch to the root user:

    su - root

    Default password: QAZ2wsx@123!

  3. Check the configuration of the built-in tenant.

    kubectl edit deployment -n fst-manage cse-service-center

    Check whether there is a pair of name and value fields together set to INNER_DOMAIN and op_svc_servicestage, respectively, in the deployment file of cse-service-center.

    If it is not, change the value and restart all pods of cse-service-center. The following uses the pod of cse-service-center-3608034112-ht6lx as an example to describe how to restart a pod:

    kubectl delete pod -n fst-manage cse-service-center-3608034112-ht6lx

    After the command is executed, the pod of cse-service-center-3608034112-ht6lx is deleted and another pod whose name starts with cse-service-center is generated.

  4. Check whether the authentication information of the built-in tenant is correct.

    Run the following commands to access the pod of the Cloud Service Engine (CSE) service for which the alarm is generated (cse-service-center-3608034112-ht6lx is used as an example):

    kubectl -n fst-manage exec -it cse-service-center-3608034112-ht6lx sh

    Run the following command in the container:

    ls -al /opt/CSE/etc/auth/

    The authentication information is correct if the following information is displayed.

  5. Check whether the IAM service can be called properly.

    1. Run the following command to access the pod of the CSE service for which the alarm is generated (cse-service-center-3608034112-ht6lx is used as an example):

      kubectl -n fst-manage exec -it cse-service-center-3608034112-ht6lx sh

    2. Run the following command in the pod:

      curl -kv https://er.manageone.com:31943/v3/auth/tokens

      In the preceding command, https://er.manageone.com:31943 indicates the IP address and port of the IAM service. You can run the env | grep -i iam_address command to obtain and replace the IP address and port.

      The IAM service can be properly invoked if information similar to the following is displayed:

      * About to connect() to er.manageone.com port 31943 (#0)
      *   Trying 172.22.14.32...
      * Connected to er.manageone.com (172.22.14.32) port 31943 (#0)

      If the IAM service fails to be called, check whether the IAM service address is correct. If the IAM service address is incorrect, perform the following steps:

      Run the following command to modify the deployment file of the service mapping the alarm (The following uses the deployment file of cse-service-center as an example):

      kubectl edit deployment -n fst-manage cse-service-center

      Change the value of IAM_ADDRESS, save the modification, and exit.

      After the modification, the system automatically deletes the old pod and another pod whose name starts with cse-service-center is generated.

  6. Check whether the alarm is cleared.

    • If yes, no further action is required.
    • If no, contact technical support for assistance.

Alarm Clearing

This alarm will be automatically cleared after the fault is rectified.

Related Information

None

Translation
Download
Updated: 2019-08-30

Document ID: EDOC1100062365

Views: 34658

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next