SD-WAN

I have just fresh install SDN controller. It always said "Invalid user & password combination specified!" when i try to login with sdn/skyline.

 

Please help me on this issue.

 

Attached file shown my user-list

Hi pokintania,

 

Thanks for your query.

We hope that you have successfully executed all steps to install the SDN Controller.

Could you please let us know the below-

1. Version of the Controller
2. Controller logs
3. Command used to install keystone
4. Are you able to login using other account(e.g. rsdoc)

 

Thanks,

HP SDN Team

Experiencing the same issue 

 

here is the details 

 

1) SDN controller Version :hp-sdn-ctl_2.2.5.0016_amd64.deb

 

command used :sudo dpkg -i hp-sdn-ctl_2.2.5.0016_amd64.deb (as mentioned in the installation guide)

 

2)Keystone command :

 

sudo apt-get install openjdk-7-jre-headless postgresql
keystone keystone-doc python-keystone iptables unzip

 

3) could login to the rsdoc interface .

 

Unable to login to the SDN controller  using  default  Username ="sdn" password="skylake"

 

Please specify the steps to follow to login to the SDN controller Console GUI.

and also  how to create the username and password  in keystone authentication server .

 

Hi RASHMIBS,

 

As per your post you are not able to login using sdn as user and skylake as the password.

Please note that default password is skyline so try with skyline and let us know if you still face the issue.

 

Please make sure you executed all installation steps(including dependency installation) successfully

In case you still face the issue please provide controller logs and the steps/commands you executed in order to install controller.Also please share the environment details where you are installing the controller.

 

You can change the password by using steps mentioned in Installation Guide[page 9 onwards ]

 

Thanks,

HP SDN Team

Hello.

There is new behavior of installation VAN SDN 2.3 - no users are added by setup to keystone during installation (for version <2.3 this is done by install package automatically). You must add it manually (see "install guide 2.3" step 2.2.2 on page 8 (for example run script on page 16).

Martin Cerveny

 

I've the same problem
	>> I have just fresh install SDN controller. 
	>> It always said "Invalid user & password combination specified!" 
	>> when i try to login with sdn/skyline.

i'have installed keystone with 
	# apt-get install keystone
	Reading package lists... Done
	Building dependency tree       
	Reading state information... Done
	The following NEW packages will be installed:
	  keystone
	0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
	Need to get 0 B/25.2 kB of archives.
	After this operation, 160 kB of additional disk space will be used.
	Selecting previously unselected package keystone.
	(Reading database ... 59879 files and directories currently installed.)
	Unpacking keystone (from .../keystone_1%3a2013.2.3-0ubuntu1~cloud0_all.deb) ...
	Processing triggers for man-db ...
	Processing triggers for ureadahead ...
	Setting up keystone (1:2013.2.3-0ubuntu1~cloud0) ...
	keystone start/running, process 18349
so I've executed your script add_to_keystone.sh
and I've the current user-list
	# keystone --token ADMIN --endpoint http://localhost:35357/v2.0/ user-list
	+----------------------------------+------+---------+-------+
	|                id                | name | enabled | email |
	+----------------------------------+------+---------+-------+
	| 0eecd42191cc4ab8bc9fdfd5446e3eae | sdn  |   True  |       |
	+----------------------------------+------+---------+-------+
then I've setup hp-sdn-ctl
	# dpkg -i hp-sdn-ctl_2.3.5.6505_amd64.deb 
	Selecting previously unselected package hp-sdn-ctl.
	(Reading database ... 59902 files and directories currently installed.)
	Unpacking hp-sdn-ctl (from .../hp-sdn-ctl_2.3.5.6505_amd64.deb) ...
	Setup has detected a compatible jre-headless - 1.7.0_55
	Verifying keystone server...
	Creating system group 'sdn'...
	...done.
	Creating system user 'sdn'...
	...done.
	Creating system user 'sdnadmin'...
	...done.
	Found pg_hba.conf at /etc/postgresql/9.1/main/pg_hba.conf
	Configuring PostgreSQL database...
	 * Restarting PostgreSQL 9.1 database server                                                                        [ OK ] 
	...done.
	Setting up hp-sdn-ctl (2.3.5.6505) ...
	Certificate was added to keystore
	Finalize configuration for keystone...
	... done
	sdna start/running, process 18591
	sdnc start/running, process 18597
	Processing triggers for ureadahead ...
but when I login to https://localhost:8443/sdn/ui
I get "Invalid user & password combination specified!"
the result of 
	#tail -f /var/log/sdn/virgo/logs/log.log
	[2014-08-12 12:36:07.365] INFO  http-bio-8443-exec-1         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:07.631] INFO  http-bio-8443-exec-9         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:30.752] INFO  http-bio-8443-exec-2         com.sun.jersey.server.impl.application.WebApplicationImpl         Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' 
	[2014-08-12 12:36:32.062] ERROR http-bio-8443-exec-2         hp.keystone                                                       Failed to authenticate sdn domain user sdn due to com.hp.api.auth.AuthenticationException: Validation error code 401 
I can connect to "https://localhost:8443/admin"with default user and password
and "https://localhost:8443/api/" get "200 : OK"

passing {"login":{"user":"sdn","password":"skyline"}}
to https://localhost:8443/api/#!/auth/
I get 200 Response Code and this Response Body
	{
	  "record": {
	    "token": "MIICagYJKoZIhvcNAQcCoIICWzCCAlcCAQExCTAHBgUrDgMCGjCCAUMGCSqGSIb3DQEHAaCCATQEggEweyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxNC0wOC0xMlQxMDo0Mjo1Mi4xMzA0NzEiLCAiZXhwaXJlcyI6ICIyMDE0LTA4LTEzVDEwOjQyOjUyWiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogInNkbiIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiMGVlY2Q0MjE5MWNjNGFiOGJjOWZkZmQ1NDQ2ZTNlYWUiLCAicm9sZXMiOiBbXSwgIm5hbWUiOiAic2RuIn0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCMnST-qTZN2qXTwBtg3GO38q-YZ1ClAb6n0dA6GfPInjDWdxKBwEemNqnLuM9FK3rIfGEblOsLcHui5ZX4SB7-db6wpfPpt7hnHF6ynvEfJQQAarLtbeGMzmvMOplsrIPqde6FOJRavQbajVZJM4nWvbzQ603ZcZwqTRfrdhlO6Q==",
	    "expiration": 1407926572000,
	    "expirationDate": "2014-08-13 12-42-52 +0200",
	    "userId": "0eecd42191cc4ab8bc9fdfd5446e3eae",
	    "userName": "sdn",
	    "domainId": "",
	    "domainName": ""
	  }
	}
but if I specify "domain":"sdn" in login value
	{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}	
I get Response Code 401 and Response Body
{
  "error": "com.hp.api.auth.AuthenticationException",
  "message": "Authentication required"
}

 can I have help ???

Hi cedLevoni

 

1. Did you remember to do the apt-get update before installing keystone ?

2. From th HP VAN SDN INstallation guide 2.3 on page 9

 

Edit the /etc/keystone/keystone.conf file with the following line to set UUID as the

provider type, you will need to add this in the [token] section:

 

provider=keystone.token.providers.uuid.Provider

 

Then restart the keystone service.

 

HTH

Gerhard

 

 

I am seeing the same behavior from a fresh install this morning. Just tried your suggestions and it is still a no go.

done
>>1. Did you remember to do the apt-get update before installing keystone ?

done
>>2. From th HP VAN SDN INstallation guide 2.3 on page 9
>>Edit the /etc/keystone/keystone.conf file with the following
>> line to set UUID as the provider type, you will need to add this
>>in the [token] section:
>> provider=keystone.token.providers.uuid.Provider

done
>>Then restart the keystone service.

no success
[2014-08-13 08:47:34.374] ERROR http-bio-8443-exec-5 hp.keystone Failed to authenticate sdn domain user sdn due to com.hp.api.auth.AuthenticationException: Validation error code 401

HI cedLevoni and dysanf

 

1.Which version of keystone are you using ( Icehouse / Havanna / Grizzly … )
2.Can you please collect the output of the following command “keystone –version” from the controller
3.Can you please collect the output of the following command “uname -a” from the controller
4.Can you please collect the output of the following command “lsb_release -a” from the controller

5.Keystone user mapping
Lets run through this on the controller Please collect the output . I will include a sample inline. Please be aware some of the commands might line wrap but they are all in a single line. SOme of the tables in my example wrapped but sorry not much I can do about that.

 

List tenants
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
Output:
+----------------------------------+------+---------+
|                id                | name | enabled |
+----------------------------------+------+---------+
| f7209570ff8a49708b1995492cbfab28 | sdn  |   True  |
+----------------------------------+------+---------+

 

List Users
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-list
Output:
+----------------------------------+------+---------+-------+
|                id                | name | enabled | email |
+----------------------------------+------+---------+-------+
| 3d93720e361847acac98150661e2c655 | sdn  |   True  |       |
+----------------------------------+------+---------+-------+

 

List Roles
Command:
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 role-list
Output:
+----------------------------------+-----------+
|                id                |    name   |
+----------------------------------+-----------+
| 9fe2ff9ee4384b1894a90878d3e92bab |  _member_ |
| c10f9e5469574da0a90326b8cf660185 | sdn-admin |
| 008893e266cc4dfd80e613721d8363c3 |  sdn-user |
+----------------------------------+-----------+

 

Get the user to role mappings for the given tenant
This is where it gets tricky we need to find which user has been mapped to which role for the sdn tenant
In the following command the value after tenant is the id for the sdn tenant from the earlier commands, and the value for user is id for the sdn user
Command :
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-role-list --tenant <SDNTENANTIDHERE>  --user <SDNUSERIDHERE>
Example
keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0 user-role-list --tenant f7209570ff8a49708b1995492cbfab28  --user 3d93720e361847acac98150661e2c655

+----------------------------------+-----------+----------------------------------+----------------------------------+
|                id                |    name   |             user_id              |            tenant_id             |
+----------------------------------+-----------+----------------------------------+----------------------------------+
| c10f9e5469574da0a90326b8cf660185 | sdn-admin | 3d93720e361847acac98150661e2c655 | f7209570ff8a49708b1995492cbfab28 |
| 008893e266cc4dfd80e613721d8363c3 |  sdn-user | 3d93720e361847acac98150661e2c655 | f7209570ff8a49708b1995492cbfab28 |
+----------------------------------+-----------+----------------------------------+----------------------------------+

6. Can you please attempt the following curl for me please from the command liune for the HP van SDN Controller and collect the output please without the domain.

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline"}}' https://127.0.0.1:8443/sdn/v2.0/auth

7. Can you please attempt the following curl for me please from the command liune for the HP van SDN Controller and collect the output please with the domain.

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}' https://127.0.0.1:8443/sdn/v2.0/auth

Thanks in advance
Gerhard Roets
HP SDN Team

 

sorry for the trouble
but the problem is solved

I performed the reinstallation of the package
and now everything works fine

thank you very much

I've tried this:

#apt-get purge keystone
#rm -Rf /var/lib/keystone/
#apt-get install keystone
#./add_users_keystone.sh
#vi /etc/keystone/keystone.conf
....
provider=keystone.token.providers.uuid.Provider
....
#service keystone restart
#service sdna restart
#service sdnc restart

I am still facing the issue. This is what I tried:

#sudo apt-get purge keystone
#sudo rm -Rf /var/lib/keystone/
#sudo apt-get update
#sudo apt-get install keystone
#sudo ./add_to_keystone.sh
#sudo vi /etc/keystone/keystone.conf
....
provider=keystone.token.providers.uuid.Provider
....
#sudo service keystone restart
#sudo service sdna restart
#sudo service sdnc restart

I am getting authentication error when I am using the following curl:

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline"}}' https://127.0.0.1:8443/sdn/v2.0/auth
{"error":"com.hp.api.auth.AuthenticationException","message":"Authentication required"}

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}' https://127.0.0.1:8443/sdn/v2.0/auth
{"error":"com.hp.api.auth.AuthenticationException","message":"Authentication required"}

The add_to_keystone.sh I used is attached.

Hi Abhik

 

would you mind posting the output of the following command please ?

 

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants" | python -mjson.tool

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users" | python -mjson.tool

curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles" | python -mjson.tool

 

 

Note each curl command is one line.

 

Sample from my system

gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants"  | python -mjson.tool
{
    "tenants": [
        {
            "description": "",
            "enabled": true,
            "id": "e13fd642ee754377be0d18e6969dc68d",
            "name": "sdn"
        }
    ],
    "tenants_links": []
}
gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users"  | python -mjson.tool
{
    "users": [
        {
            "enabled": true,
            "id": "a191b03bdc784855a1e7cdb64d959bf1",
            "name": "sdn",
            "username": "sdn"
        }
    ]
}
gpr@lyncsdn:~$
gpr@lyncsdn:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles"  | python -mjson.tool

{
    "roles": [
        {
            "description": "Default role for project membership",
            "enabled": "True",
            "id": "9fe2ff9ee4384b1894a90878d3e92bab",
            "name": "_member_"
        },
        {
            "id": "f9f75b4662b1421eb894476ad1442300",
            "name": "sdn-admin"
        },
        {
            "id": "c2f061d1740d44b8beabb1df7180ae90",
            "name": "sdn-user"
        }
    ]
}

 

Even if you get errors please post the output here.

 

Kind Regards

Gerhard

Hi Gerhard,

 

Thanks for your reply.

 

 

I tried the curl commands, but I am getting the error "couldn't connect to host". 

 

cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/tenants" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/users" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ curl --header "X-Auth-Token:ADMIN" -ksS --request GET --url "http://127.0.0.1:35357/v2.0/OS-KSADM/roles" | python -mjson.tool
curl: (7) couldn't connect to host
No JSON object could be decoded
cnlabs@cnlabs-VirtualBox:~$

 

Thanks

Abhik

Hi Abhik

 

That is odd.

 

Can you get the following output

 

service keystone status

netstat -na | grep 35357

lsb_realease -a

dpkg -l keystone

 

 

 

Do you have any firewalls running like iptables ?

 

Kind Regards

Gerhard

HP SDN Team

 

Hi Gerhard,

 

 

cnlabs@cnlabs-VirtualBox:~$ service keystone status
keystone start/running, process 2699
cnlabs@cnlabs-VirtualBox:~$ netstat -na | grep 35357
cnlabs@cnlabs-VirtualBox:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.4 LTS
Release: 12.04
Codename: precise
cnlabs@cnlabs-VirtualBox:~$ dpkg -l keystone
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii keystone 2012.2.4-0ubun OpenStack identity service - Daemons
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$
cnlabs@cnlabs-VirtualBox:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:9160
REJECT tcp -- anywhere anywhere tcp dpt:9160 rejec t-with icmp-port-unreachable
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:7199
REJECT tcp -- anywhere anywhere tcp dpt:7199 rejec t-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cnlabs@cnlabs-VirtualBox:~$

 

Does the patch 65 of java 7 still has the issue in handling SSL connections?

 

cnlabs@cnlabs-VirtualBox:~$ java -version
java version "1.7.0_65"
OpenJDK Runtime Environment (IcedTea 2.5.1) (7u65-2.5.1-4ubuntu1~0.12.04.2)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
cnlabs@cnlabs-VirtualBox:~$

 

Thanks

Abhik

Hi Abhik

 

It looks to me as if keystone is not listening on the default port, I would suggest you look in /etc/keystone/keystone.conf, and see if the admin_port value has been changed.

 

Kind Regards

Gerhard

 

 

Yes Gerhard, you were right. It is now working. Thanks :)

Hi,

 

I have now tried everything in this post without success. I still get "Invalid user & password combination specified!" everytime i try to login with "sdn" and "skyline"

 

Any suggestions on what i can try?

Hello Skaarup,

 

Apologies for the delay.

Please provide below details-

1.Controller version ?

2.did you upgrade the controller or install afresh?

3.version of keystone?

4.command used to install keystone?

5.Are you able to login using other user?

6.Are you able to see REST API page?

 

Thanks,

HP SDN Team

Hi,

 

When I tried to create a user on keystone using command,

$keystone user-create --name sdn.

 

Im getting the below error,

Warning: Bypassing the authendication,

 

and Service Unavailable (503).

 

Can you please let me know, also,

 

What are the proxy settings I need to take care for keysone configuration while adding an user (mainly in the script add_to_keystone.sh) and ALSO In keystone.conf file

 

regards,

Satish

Hi Gerhard / SDN Team,

 

Thank you,, for your support.

 

Now my keystone is working much fine, I did the proxy setting then I can able to add user, role and tenant to it.

 

But when I run/install the controller the default port is not coming up. ie 8443 is not listing,

when I did netstat I can see the 35357 port is up and listening, but not the 8443.

 

So I am not able to open the UI page from my firefoz .. https:/127.0.0.1:8443/... ( all the option, like api, auth ,, model etc)

I even tried with proxy setting to noproxy in browers but no gain.

 

Can you please advice me what is happening or what went wrong.

 

I can see the sdnc and sdna are up and runnig,

 

In log i can see one thing..  

Bundle org.eclipse.virgo.medic.core_3.6.2 RELEASE service 38 as service event UNREGISTERING.

 

When I scrolled a bit above I can see an error saying Ilogservicelistner.

attached is the error log.

 

Thanks for all,,

 

Regards,

Satish K

Hi Satish

 

If you can post the following output it would be much appreciated

 

I would like the the following file. If you can zip and attach it it would be much appreciated /var/log/sdn/virgo/logs/log.log 

 

If you can post the following output

lsb_release -a

update-java-alternatives -l

 dpkg -l hp-sdn-ctl

 

Example output from the commands

root@sdn1:/var/log/sdn/virgo/logs# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise

 

root@sdn1:/var/log/sdn/virgo/logs# update-java-alternatives -l
java-1.7.0-openjdk-amd64 1051 /usr/lib/jvm/java-1.7.0-openjdk-amd64

 

root@sdn1:/var/log/sdn/virgo/logs# dpkg -l hp-sdn-ctl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  hp-sdn-ctl     2.3.5.6505     HP VAN SDN Controller

 

Kind Regards

Gerhard

 

Hi Gerhard,

 

Good day,

 

Please find below the o/p of commands you have asked, ( looks like all the below command works fine),

Basically I feel It was due to proxy I was not able to create users, tenants,. Now with proxy off I can create.

 

 

satish@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise

 

satish@ubuntu:~$ update-java-alternatives -l
java-1.6.0-openjdk-amd64 1061 /usr/lib/jvm/java-1.6.0-openjdk-amd64
java-1.7.0-openjdk-amd64 1051 /usr/lib/jvm/java-1.7.0-openjdk-amd64

 

satish@ubuntu:~$ dpkg -l hp-sdn-ctl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii hp-sdn-ctl 2.3.5.6505 HP VAN SDN Controller

 

 

 

I feel the issue is with Truststore, please see the attached img. I ran the below command,

satish@ubuntu:~$ keytool -importcert -trustcacerts -keystore keystore -file root.cer -alias CARoot
satish@ubuntu:~$ keytool -importcert -trustcacerts -keystore truststore -file root.cer -alias CARoot

 

When I ran the below command,

satish@ubuntu:~$ keytool -genkey -alias keystone -keyalg rsa -keysize 2048 -keystore keystore-name

 

I can see the keystore generating in /opt/sdn/admin, but not able to see the "truststore".

 

 

Also can you please eloberate what does this mean (Page 44, Controller_Admin_guide)

(Send the sdn-server.csr to a CA to be signed. The CA will authenticate you and return a signed certificate and its CA certificate chain. We assume the signed certificate from the CA is named signed.cer and the CA's certificate is root.cer. If root.cer is from your own internal CA, then you need to import root.cer into your browser as an authority.)

 

Thanks I advance,

 

Regards,

Satish K

 

#certificate

Hi Satish

 

I do not know if you have done much with your controller yet. I would suggest that lets work with the following objectives

1. Get the controller to work with a self signed certificate so you can access the gui.

2. If we need to install a certificate we need to install this as the second step after we have succeeded with 1.

 

So lets see what version of Java your controller is trying to use. Since you have two versions of java installed

 

Login on the controller

Become root ( sudo -i )

Become the sdn use ( su - sdn )

Enter the following command

java -version

 

(Sample without initial login)

gpr@lyncsdn:~$
gpr@lyncsdn:~$ sudo -i
root@lyncsdn:~# su - sdn
sdn@lyncsdn:~$ java -version
java version "1.7.0_55"
OpenJDK Runtime Environment (IcedTea 2.4.7) (7u55-2.4.7-1ubuntu1~0.12.04.2)
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

 

-----

You need to ensure this is Java 1.7 and not 1.6 if this is 1.6 I would suggest you simply uninstall the Java 1.6 environment. If you can inform me if it was using 1.6 it would be great.

----

 

Now since you worked with certificates I would suggest your remove you purge your sdn controller software and start with a fresh install.

The command to purge the software - dpkg -p hp-sdnc-ctl

 

This should not effect your keystone users if you are using version 2.3.5

----

Now you can reinstall the controller

dpkg -i filename.deb

dpkg -l hp-sdn-ctl

 

This would be a good point to see if you can connect to the web gui and to the rest UI.

 

Once this is doen we can do the next steps. I will detail the certification process in a follow on post.

 

Kind Regards

Gerhard

HP SDN Team

 

 

 

 

Hi Satish

 

To elaborate on the certificate install process. The key item here is you will need to work with either your internal CA or an external one. I am not sure how this is set up.

I would suggest you also install your CA certificate on the Ubuntu OS

Get certificate info: openssl x509 -in ca.crt -text | grep -i issuer

Rename as appropriate **note must end in .crt

Copy cert files to /usr/local/share/ca-certificates

update-ca-certificates -v

Based on your message I would suggest you need to download an updated admin guide since there is much more detail in the current guide. The reason I suspect you are using an older one is well our page numbers do not line up.

You can download the guide from the following url:

 

http://h20565.www2.hp.com/portal/site/hpsc/template.BINARYPORTLET/public/kb/docDisplay/resource.process/?spf_p.tpst=kbDocDisplay_ws_BI&spf_p.rid_kbDocDisplay=docDisplayResURL&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.rst_kbDocDisplay=wsrp-resourceState%3DdocId%253Demr_na-c04383845-4%257CdocLocale%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

 

Page 63 is of interest to you

The link to this document and other interesting documents specific to this release can be found on the following URL:

 

http://h20565.www2.hp.com/portal/site/hpsc/public/psi/home/?sp4ts.oid=5443170&ac.admitted=1414673554878.876444892.492883150#manuals

 

Please keep me in the loop of how things are progressing.

 

Kind Regards

Gerhard

HP SDN Team

Hi Gerhard,

 

Thanks for your swift responce,

 

I too was looking for GUI access only, which is first step, When it is not coming I thought there is some dependency. 

Ok Let me finish with first step then I will go for 2 step.

 

Whatever you have suggested for first step, I have executed,

Please see the attachment for all the 3 one.

If you are not able to see the attachment please let me know,

 

Here I am using remote server so I can copy the o/p so using the screenshot. :-)

(crome has proxy settings)

 

Still I am not able to connect.

 

Regards,

Satish Khandre

 

 

 

Also note that when I ran the command,

$ netstat -na | grep 8443

 

I am not getting anyting, meaning the port is not listing, Is it someting missing.

 

regards,

 

Satish Khandre

Hi Satish

 

One thing ... depending on your machine specs the web server might(Even minutes) take some time to spool up. So be patient. I would suggest you monitor the output of the command top especially the field "%Cpu(s): " ( you can press q to quit.

 

On a side note "apt-get install openssh-server" is your friend ;)

 

Also you have an private message on the forums.

 

Kind Regards

Gerhard

HP SDN Team

Hi Gerhard,

 

It got SOLVED,

 

First of all, let me thank you for the kind of support you have provided, deeply and truly appreciated.  Thank you.

 

As suggested,, I did a clean reinstall of all the software.

Once after installing the controller, I was able to see the port 8443 listening this time.

Then in the chrome I added the proxy setting to bypass for my controlled and it worked.

 

Thanks,

 

Regards,

Satish K

#solved