No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Troubleshooting Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Deleting Failure Data If TRM Project Creation and Rollback Failed

Deleting Failure Data If TRM Project Creation and Rollback Failed

Symptom

Creating a project fails consecutively for the first time and the second time.

Possible Causes

The rollback fails after creating the project fails for the first time.

Troubleshooting Method

  1. Delete aeskey.

    1. Use PuTTY to log in to the manage_lb1_ip node.

      The default username is paas, and the default password is QAZ2wsx@123!.

    2. Run the following command and enter the password of the root user to switch to the root user:

      su - root

      Default password: QAZ2wsx@123!

    3. Obtain the secrets of the project aeskey and the token based on the project name.
      NOTE:

      This troubleshooting method uses the project name trm-test001 as an example.

      kubectl get secret --all-namespaces | grep trm-test001

      If information similar to the following is displayed, secrets of aeskey and token are displayed:

      trm-test001    aeskey                                 Opaque                             2         8s
      trm-test001    default-token-nklqp               kubernetes.io/service-account           3         7s
    4. Delete the secrets of aeskey and token.
      1. Delete the secret of aeskey.

        kubectl delete secret aeskey -n trm-test001

        aeskey is the secret of aeskey obtained in 1.c.

        If information similar to the following is displayed, the deletion is successful:

        secret "aeskey" deleted
      2. Delete the secret of token.

        kubectl delete secret default-token-nklqp -n trm-test001

        default-token-nklqp is the secret of the token obtained in 1.c.

        If information similar to the following is displayed, the deletion is successful:

        secret "default-token-nklqp" deleted

  2. Run the curl command to delete namespace.

    1. Obtain the token of passadmin.

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -X POST -d'{"auth": {"identity":{"methods": ["password"],"password":{"user": {"name": "paasadmin","password":"QAZ2wsx@123!","domain": {"name":"op_service"}}}},"scope": {"domain":{"name": "op_service"}}}}' https://$Tenant management domain login address:31943/v3/auth/tokens

      X-Subject-Token: MIIESAYJKoZIhvcNAQcCoIIEOTCCBDUCAQExDTALBglghkgBZQMEAgEwggKWBgkqhkiG9w0BBwGgggKHBIICg3sidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDE6NTQ6MzYuMzQ0MDAwWiIsIm1ldGhvZHMiOlsicGFzc3dvcmQiXSwiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJyb2xlcyI6W3sibmFtZSI6InRlX2FnZW5jeSIsImlkIjoiOTgyZDBkMmEyNmYwNDYyNmE3MjU5NWZkZjg1NTg5NDYifSx7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI5OTgxNjNjZjdiODE0MDkwYWI4ODkyYmZiYzAzMzVmYyJ9LHsibmFtZSI6Im9wX2NyZWQiLCJpZCI6ImI0OGY0MzYyYWFhZDQyMmU4ZDFkMjk4ZjQ3YzUwNDA1In0seyJuYW1lIjoib3BfYXV0aCIsImlkIjoiMGQ2YzZiYzcwNTM1NDE2NDljMGEzNmQ4ZGExOGNjOTgifSx7Im5hbWUiOiJvcF9yb2xlX3RhZyIsImlkIjoiMWE1NDMxOTgyNDhkNDRkZjkzM2IyNjI2NjEwODJiODYifV0sImlzc3VlZF9hdCI6IjIwMTgtMDctMjRUMDE6NTQ6MzYuMzQ0MDAwWiIsInVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJkYTU3Y2NhNDQ5OWE0ZWU2YjAwODAyYjM3ZDQ4YjAyOCJ9fX0xggGFMIIBgQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIIBACJrIKzWpwSd4AGaqnHMql-zhjzrMZM4ZXt-BJTROs2Ku9+hmVDKE-HYAKsy03lpCaop6kVt3Um3uMKsR2Vf+yD1E-yUlqKn5x267J0S06wl72e2KDI98-ziCflPjtYXKdm+o5e2bdp3L7q0kxm76dtXNNzCz4ssuJXKg6wAu-N+A7wIVpFtXUGSpySbSsS+boqcKGHxCy+9sfHwJxT9zK2pZeLzX24aSTaGy9g7MFj52UILRx-1CTloIJfBARyo3W+e0BHBajqQpK13fnYiK-mD1P4WNPVibjhH7LshWnv6tL5XKTrPZUlpzMZhS6dxYS-OHWi9vfx044yKosVzMpA=

      The value of field X-Subject-Token in the command output is the token.

    2. Set the token value to adminToken.

      adminToken={token obtained in 2.a}

    3. Obtain the domain_id of the tenant who creates the project.

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8'-H 'X-Auth-token=$token' -X POST -d'{"auth": {"identity":{"methods": ["password"],"password":{"user": {"name": "$Tenant username","password":"$Tenant password","domain": {"name":"$Tenant username"}}}},"scope": {"domain":{"name": "Tenant username"}}}}' https://$Tenant management domain login address:31943/v3/auth/tokens

      {"token":{"expires_at":"2018-07-25T02:31:52.689000Z","methods":["password"],"catalog":[],"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"roles":[{"name":"te_agency","id":"1d105a00e7f64f768a5475269afd044c"},{"name":"te_admin","id":"68d5c9563d7d48b68064f4f6c73cfc72"},{"name":"secu_admin","id":"e697df16689e414a9b119921975dd539"},{"name":"op_gated_approved","id":"0"}],"issued_at":"2018-07-24T02:31:52.689000Z","user":{"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"name":"trm_test","id":"8405f707ca5b4c5f907262ff1b530518"}}}

      The ID corresponding to the tenant name in the command output is domain_id, as shown in bold in the preceding information.

    4. Set the value of domain_id to domainID.

      domainID={domain_id obtained in 2.c}

    5. Use the token, domain_id, and project_name of passadmin to obtain assumedToken.

      curl -i -k -H "X-Auth-Token:$adminToken" -H 'Content-Type:application/json' -X POST -d '{"auth": {"identity": {"methods": ["hw_assume_role"],"hw_assume_role": {"xrole_name":"op_service","domain_id": "'$domainID'" ,"restrict": ["te_admin"]} },},"scope": {"project":{"name":"trm-test001"}}}' https://$Tenant management domain login address:31943/v3/auth/tokens

      X-Subject-Token: MIIEIgYJKoZIhvcNAQcCoIIEEzCCBA8CAQExDTALBglghkgBZQMEAgEwggJwBgkqhkiG9w0BBwGgggJhBIICXXsidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDI6NDk6MDMuNTkxMDAwWiIsIm1ldGhvZHMiOlsiaHdfYXNzdW1lX3JvbGUiXSwiZG9tYWluIjp7Im5hbWUiOiJ0cm1fdGVzdCIsImlkIjoiNTdiNGQ5M2MzNmQyNDNiOGFhODQ3NTNiZTI0MTA0ZDAifSwicm9sZXMiOlt7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJjZTk3ODYyNGU0NTM0N2MwODc1ZWNmYWY4ZTYyNzQ4NSJ9LHsibmFtZSI6Im9wX2dhdGVkX2FwcHJvdmVkIiwiaWQiOiIwIn1dLCJpc3N1ZWRfYXQiOiIyMDE4LTA3LTI0VDAyOjQ5OjAzLjU5MTAwMFoiLCJ1c2VyIjp7ImRvbWFpbiI6eyJuYW1lIjoidHJtX3Rlc3QiLCJpZCI6IjU3YjRkOTNjMzZkMjQzYjhhYTg0NzUzYmUyNDEwNGQwIn0sIm5hbWUiOiJ0cm1fdGVzdC9vcF9zZXJ2aWNlIiwiaWQiOiI1Y2RjMDBmNmY1Nzk0OWJjYWExMzZiY2MxNGZmMDYwNSJ9LCJhc3N1bWVkX2J5Ijp7InVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJkMGUxMDcxZGZlYjI0ZjQ5OGMxYTFiY2E5ODM5NjYwMCJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJiZGM1OThmNmQ1MWE0ZjNjYjQ3N2NlNDRlNDJiNTkwNSJ9fX19MYIBhTCCAYECAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBXuZ18cTZfp034iTyfAnQMuajag13dtJBW6cJCsNswXA4tbkmyRS0eG3j4RyXRfNZVi8q6-7x64C1zwEQAU-btCItphki4OedOzM1FBgJOsyY0QTts4aHLij7kgCIIiAgoG-tSyYkCBJGeo30zVUQMIEnBbmIAQCTHhfuMtfsEQ26FVUPgWI30mKhxOnoXjhrSXAOJU5iAebjUI0mKLgS5kgK4jvBKxl5C40hy+s3rd9pnPi-mY4bQTQElEADxNkMUffZz5g6Pn58azuRRtLXi2zNMMkZJWGS8BVEOxBPIWFF+VHuW+r1g2e6cQq9HYTssXlQITPQkuNJReMfHqulG

      The value of field X-Subject-Token in the command output is the assumedToken.

    6. Set the obtained assumedToken to assumedToken.

      assumedToken={assumedToken obtained in 2.e}

    7. Run the assumedToken and project_name (namespace) command to delete the specified namespace.

      curl -i -k -H 'Accept:application/json' -H "Authorization:bearer $assumedToken" -X DELETE https://kube-apiserver.fst-manage.svc.cluster.local:5443/api/v1/namespaces/trm-test001

      HTTP/1.1 200 OK

  3. If the fault persists, contact technical support for assistance.
Translation
Download
Updated: 2019-06-01

Document ID: EDOC1100062375

Views: 2114

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next