No NS in the qual-1VNF-1PoP

[DarioValocchi]

After SP deployment in qualification environment, the BSS doesn't show any NSD in the Available Network Services tab.

Activating -e -x on the Jenkins shell, the jobs fails at the following point:

10:12:54 + curl -f -v -i -X POST -F package=@qual-1VNF-1PoP.son http://1pop.sp.sonata-nfv.eu/api/v2/packages
10:12:54 Note: Unnecessary use of -X or --request, POST is already inferred.
10:12:54   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
10:12:54                                  Dload  Upload   Total   Spent    Left  Speed
10:12:54 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.30.0.244...
10:12:54 * Connected to 1pop.sp.sonata-nfv.eu (10.30.0.244) port 80 (#0)
10:12:54 > POST /api/v2/packages HTTP/1.1
10:12:54 > Host: 1pop.sp.sonata-nfv.eu
10:12:54 > User-Agent: curl/7.47.0
10:12:54 > Accept: */*
10:12:54 > Content-Length: 4359
10:12:54 > Expect: 100-continue
10:12:54 > Content-Type: multipart/form-data; boundary=------------------------d46f4970b9f6dec5
10:12:54 > 
10:12:54 < HTTP/1.1 100 Continue
10:12:54 } [165 bytes data]
10:12:54 * The requested URL returned error: 401 Unauthorized
10:12:54 
100  4359    0     0  100  4359      0  35833 --:--:-- --:--:-- --:--:-- 36024
10:12:54 * Closing connection 0
10:12:54 curl: (22) The requested URL returned error: 401 Unauthorized
10:12:54 HTTP/1.1 100 Continue

So I guess there's something to modify in the jobs to adapt to the security features of the SP.

[dang03]

In order to meet the security requirements, a user is required before posting a package to the SP. I suggest to add next steps to the job: register a "developer" user in first place, then authenticate the user to get the access token. Next, add the access token to the "authorization" header ("bearer ") to the curl POST of the package. The following code shows how to do it:

User registration:

qual_reg_data() { 
  cat << EOF 
  {"username":"qual","password":"1234","user_type":"developer","email":"qual.user@email.com"} 
  EOF 
} 

printf "\n\n======== POST Qual User Registration form to Gatekeeper ==\n\n\n" 
resp=$(curl -qSfsw '\n%{http_code}' -H "Content-Type: application/json" \ 
-d "$(qual_reg_data)" \ 
-X POST http://1pop.sp.sonata-nfv.eu/api/v2/users) 
echo $resp 

code=$(echo "$resp" | tail -n1) 
echo "Code: $code" 

if [[ $code != 201 ]] ; 
  then 
    echo "Response $code"
    exit -1
fi

User Login:

resp=$(curl -qSfsw '\n%{http_code}' -d '{"username":"qual","password":"1234"}' \
http://1pop.sp.sonata-nfv.eu/api/v2/sessions)
echo $resp

token=$(echo $resp | awk '{json=$1 FS $2 FS $3; print json}' | python -mjson.tool | grep "access_token" | awk -F ':[ \t]*' '{print $2}' | sed 's/,//g' | sed 's/"//g')
echo "TOKEN="$token

code=$(echo "$resp" | tail -n1)
echo "Code: $code"

if [[ $code != 200 ]] ;
  then
    echo "Error: Response error $code"
    exit -1
fi

POST package using access token:

resp=$(curl -qSfsw '\n%{http_code}' -F "package=@qual-1VNF-1PoP.son" \
-H "Authorization: Bearer $token" -X POST http://1pop.sp.sonata-nfv.eu/api/v2/packages)
echo $resp

[DarioValocchi]

Thanks @dang03 I added a code snippet similar to the one used in int-eng to cope with user registration and authentication. It seems to work, but still no package is available at the BSS. I'll investigate further.

[DarioValocchi]

The package seems to be pushed correctly

11:44:23 HTTP/1.1 201 Created
11:44:23 Server: nginx/1.11.10
11:44:23 Date: Thu, 22 Jun 2017 11:44:23 GMT
11:44:23 Content-Type: application/json
11:44:23 Content-Length: 1057
11:44:23 Connection: keep-alive
11:44:23 Location: http://10.30.0.244:5100/packages/6b7b75a1-d68a-4a78-8566-9c9eab7671ec
11:44:23 X-Content-Type-Options: nosniff
11:44:23 
11:44:23 {"created_at":"2017-06-22T11:44:23.249+00:00","md5":"49ce3e2f15aec5c012ef35575255ebfb","pd":{"description":"SONATA RING service for qualification environment","descriptor_version":"1.0","entry_service_template":"/service_descriptors/sonata-qual-1vnf-1pop.yml","maintainer":"Felipe Vicens, ATOS, felipe.vicens@atos.net","name":"sonata-ring-service","package_content":[{"content-type":"application/sonata.service_descriptor","md5":"3480169189d000dc70dfe5b022629c21","name":"/service_descriptors/sonata-qual-1vnf-1pop.yml"},{"content-type":"application/sonata.function_descriptor","md5":"7dac616660f603911ac6268aa3846095","name":"/function_descriptors/vring-vnf-vnfd.yml"}],"schema":"https://raw.githubusercontent.com/sonata-nfv/son-schema/master/package-descriptor/pd-schema.yml","sealed":true,"vendor":"eu.sonata-nfv.package","version":"0.1"},"signature":null,"status":"active","updated_at":"2017-06-22T11:44:23.249+00:00","username":"sonata-1498131847","uuid":"6b7b75a1-d68a-4a78-8566-9c9eab7671ec","son-package-uuid":"a9f1f544-884f-4b23-a5b1-f29588f5b6a2"}

Could it be an issue with the version of the BSS running in qual? @felipevicens @srodriguezOPT

[santiagordguez]

Hi @DarioValocchi ,

The BSS is requesting services invoking GET http://1pop.sp.sonata-nfv.eu/api/v2/services?status=active&limit=10&offset=0 and GK responses with "{"error":{"code":400,"message":"Unprocessable entity: authorization header must be \"Bearer \""}}"

I think that the BSS deployed version is not the right one. The current version has "Bearer token": https://github.com/sonata-nfv/son-bss/blob/master/application/code/app/login/loginService.js#L57

[santiagordguez]

Oh, wait!

@DarioValocchi , @felipevicens The BSS was deployed with the user management option disabled and is sending a fake token: https://github.com/sonata-nfv/son-bss/blob/master/application/code/app/login/loginService.js#L42

You need to redeploy the BSS with the user management enabled

[DarioValocchi]

Ok, I've put the flag withUserManagement to true. After the re-build the BSS shows correctly the NSD. Thanks guys.