No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionCloud 6.3.1.1 Troubleshooting Guide 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Deleting Failure Data If TRM Project Creation and Rollback Failed

Deleting Failure Data If TRM Project Creation and Rollback Failed

Symptom

Creating a project fails consecutively for the first time and the second time.

Possible Causes

The rollback fails after creating the project fails for the first time.

Troubleshooting Method

  1. Delete aeskey.

    1. Use PuTTY to log in to the om_core1_ip node.

      The default username is paas, and the default password is QAZ2wsx@123!.

    2. Query the status of the etcd container.

      kubectl get pod -n manage | grep etcd

      cse-etcd-0                                  1/1       Running   0          2d
      cse-etcd-1                                  1/1       Running   736        2d
      cse-etcd-2                                  1/1       Running   0          2d
      etcd-0                                      1/1       Running   0          3d
      etcd-1                                      1/1       Running   1          3d
      etcd-2                                      1/1       Running   0          1d
      etcd-backup-4104260855-bb2w5                1/1       Running   0          3d
      etcd-backup-4104260855-t609v                1/1       Running   0          3d
    3. Go to any one of the etcd containers in red in 1.b.

      etcd-0 is used as an example.

      kubectl exec -ti etcd-0 -n manage sh

    4. Obtain the secrets of the project aeskey and the token based on the project name.
      NOTE:

      This troubleshooting method uses the project name trm-test001 as an example.

      export ETCDCTL_API=3

      ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 get /registry/secrets/trm-test001 -keys-only

      If information similar to the following is displayed, secrets of aeskey and token are displayed:

      /registry/secrets/trm-test001/aeskey
      /registry/secrets/trm-test001/default-token-k4wsn
    5. Delete the secrets of aeskey and token. If the command output is 1, the deletion is successful.
      1. Delete the secret of aeskey.

        export ETCDCTL_API=3

        ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 del /registry/secrets/trm-test001/aeskey

      2. Delete the secret of token.

        export ETCDCTL_API=3

        ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 del /registry/secrets/trm-test001/default-token-k4wsn

  2. Run the curl command to delete namespaces.

    1. Obtain the token of passadmin.

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -X POST -d '{' auth ': {' identity ': {' methods': ['Password']], 'password': {'user': {'name':'paasadmin ',' password ':' QAZ2wsx@123! ',' domain ': {' name ':' op_service '}}}},' scope ': {' domain ': {' name ':' op_service '}}}}' https://$Tenant management domain login address :31943/v3/auth/tokens

      X-Subject-Token: MIIESAYJKoZIhvcNAQcCoIIEOTCCBDUCAQExDTALBglghkgBZQMEAgEwggKWBgkqhkiG9w0BBwGgggKHBIICg3sidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDE6NTQ6MzYuMzQ0MDAwWiIsIm1ldGhvZHMiOlsicGFzc3dvcmQiXSwiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJyb2xlcyI6W3sibmFtZSI6InRlX2FnZW5jeSIsImlkIjoiOTgyZDBkMmEyNmYwNDYyNmE3MjU5NWZkZjg1NTg5NDYifSx7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI5OTgxNjNjZjdiODE0MDkwYWI4ODkyYmZiYzAzMzVmYyJ9LHsibmFtZSI6Im9wX2NyZWQiLCJpZCI6ImI0OGY0MzYyYWFhZDQyMmU4ZDFkMjk4ZjQ3YzUwNDA1In0seyJuYW1lIjoib3BfYXV0aCIsImlkIjoiMGQ2YzZiYzcwNTM1NDE2NDljMGEzNmQ4ZGExOGNjOTgifSx7Im5hbWUiOiJvcF9yb2xlX3RhZyIsImlkIjoiMWE1NDMxOTgyNDhkNDRkZjkzM2IyNjI2NjEwODJiODYifV0sImlzc3VlZF9hdCI6IjIwMTgtMDctMjRUMDE6NTQ6MzYuMzQ0MDAwWiIsInVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJkYTU3Y2NhNDQ5OWE0ZWU2YjAwODAyYjM3ZDQ4YjAyOCJ9fX0xggGFMIIBgQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIIBACJrIKzWpwSd4AGaqnHMql-zhjzrMZM4ZXt-BJTROs2Ku9+hmVDKE-HYAKsy03lpCaop6kVt3Um3uMKsR2Vf+yD1E-yUlqKn5x267J0S06wl72e2KDI98-ziCflPjtYXKdm+o5e2bdp3L7q0kxm76dtXNNzCz4ssuJXKg6wAu-N+A7wIVpFtXUGSpySbSsS+boqcKGHxCy+9sfHwJxT9zK2pZeLzX24aSTaGy9g7MFj52UILRx-1CTloIJfBARyo3W+e0BHBajqQpK13fnYiK-mD1P4WNPVibjhH7LshWnv6tL5XKTrPZUlpzMZhS6dxYS-OHWi9vfx044yKosVzMpA=

      The value of field X-Subject-Token in the command output is the token.

    2. Set the token value to adminToken.

      adminToken= {Token obtained in 2.a}

    3. Obtain the domain_id of the tenant who creates the project.

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8'-H 'X-Auth-token=$token' -X POST -d'{"auth": {"identity":{"methods": ["password"],"password":{"user": {"name": "$Tenant username","password":"$Tenant password","domain": {"name":"$Tenant username"}}}},"scope": {"domain":{"name": "Tenant username"}}}}' https://$Tenant management domain login address:31943/v3/auth/tokens

      {"token":{"expires_at":"2018-07-25T02:31:52.689000Z","methods":["password"],"catalog":[],"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"roles":[{"name":"te_agency","id":"1d105a00e7f64f768a5475269afd044c"},{"name":"te_admin","id":"68d5c9563d7d48b68064f4f6c73cfc72"},{"name":"secu_admin","id":"e697df16689e414a9b119921975dd539"},{"name":"op_gated_approved","id":"0"}],"issued_at":"2018-07-24T02:31:52.689000Z","user":{"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"name":"trm_test","id":"8405f707ca5b4c5f907262ff1b530518"}}}

      Obtain the tenant ID in the command output, as shown in bold in the preceding information.

    4. Set the value of domain_id to domainID.

      domainID={Token obtained in 2.c}

    5. Use the token, domain_id, and project_name of passadmin to obtain assumedToken.

      curl -i -k -H "X-Auth-Token:$adminToken" -H 'Content-Type:application/json' -X POST -d '{"auth": {"identity": {"methods": ["hw_assume_role"],"hw_assume_role": {"xrole_name":"op_service","domain_id": "'$domainID'" ,"restrict": ["te_admin"]} },},"scope": {"project":{"name":"trm-test001"}}}' https://$Tenant management domain login address:31943/v3/auth/tokens

      X-Subject-Token: MIIEIgYJKoZIhvcNAQcCoIIEEzCCBA8CAQExDTALBglghkgBZQMEAgEwggJwBgkqhkiG9w0BBwGgggJhBIICXXsidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDI6NDk6MDMuNTkxMDAwWiIsIm1ldGhvZHMiOlsiaHdfYXNzdW1lX3JvbGUiXSwiZG9tYWluIjp7Im5hbWUiOiJ0cm1fdGVzdCIsImlkIjoiNTdiNGQ5M2MzNmQyNDNiOGFhODQ3NTNiZTI0MTA0ZDAifSwicm9sZXMiOlt7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJjZTk3ODYyNGU0NTM0N2MwODc1ZWNmYWY4ZTYyNzQ4NSJ9LHsibmFtZSI6Im9wX2dhdGVkX2FwcHJvdmVkIiwiaWQiOiIwIn1dLCJpc3N1ZWRfYXQiOiIyMDE4LTA3LTI0VDAyOjQ5OjAzLjU5MTAwMFoiLCJ1c2VyIjp7ImRvbWFpbiI6eyJuYW1lIjoidHJtX3Rlc3QiLCJpZCI6IjU3YjRkOTNjMzZkMjQzYjhhYTg0NzUzYmUyNDEwNGQwIn0sIm5hbWUiOiJ0cm1fdGVzdC9vcF9zZXJ2aWNlIiwiaWQiOiI1Y2RjMDBmNmY1Nzk0OWJjYWExMzZiY2MxNGZmMDYwNSJ9LCJhc3N1bWVkX2J5Ijp7InVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJkMGUxMDcxZGZlYjI0ZjQ5OGMxYTFiY2E5ODM5NjYwMCJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJiZGM1OThmNmQ1MWE0ZjNjYjQ3N2NlNDRlNDJiNTkwNSJ9fX19MYIBhTCCAYECAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBXuZ18cTZfp034iTyfAnQMuajag13dtJBW6cJCsNswXA4tbkmyRS0eG3j4RyXRfNZVi8q6-7x64C1zwEQAU-btCItphki4OedOzM1FBgJOsyY0QTts4aHLij7kgCIIiAgoG-tSyYkCBJGeo30zVUQMIEnBbmIAQCTHhfuMtfsEQ26FVUPgWI30mKhxOnoXjhrSXAOJU5iAebjUI0mKLgS5kgK4jvBKxl5C40hy+s3rd9pnPi-mY4bQTQElEADxNkMUffZz5g6Pn58azuRRtLXi2zNMMkZJWGS8BVEOxBPIWFF+VHuW+r1g2e6cQq9HYTssXlQITPQkuNJReMfHqulG

      The value of field X-Subject-Token in the command output is the token.

    6. Set the obtained token to assumedToken.

      assumedToken={Token obtained in 2.e}

    7. Run the assumedToken and project_name (nameSpace) command to delete the specified nameSpace.

      curl -i -k -H 'Accept:application/json' -H "Authorization:bearer $assumedToken" -X DELETE https://kube-apiserver.manage.svc.cluster.local:5443/api/v1/namespaces/trm-test001

      HTTP/1.1 200 OK

Translation
Download
Updated: 2019-06-10

Document ID: EDOC1100063248

Views: 22915

Downloads: 37

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next