SDC uses the API Keys for the authentication. Its look
like requests to DMaaP don't have the validate
authentication headers.
Thanks,
Sunil
From: LUNANUOVA, DOMINIC
Sent: Wednesday, January 30, 2019 11:35 AM
To: [email protected];
[email protected]; FREEMAN, BRIAN D
<[email protected]>
Cc: UNNAVA, SUNIL <[email protected]>
Subject: RE: [onap-discuss] DMAAP fails pub/sub topics
(I think Brian is offline so I will venture an
interpretation of his statement)
"Contact aaf for certificate but might be easier to rest
clocks fir demo"
Should be:
"Contact aaf for new server SSL certificate but might be
easier to reset system clocks for demo"
Reason:
The SSL certificates used in ONAP are issued through an
AAF process.
Any certificates issued for older releases like
Amsterdam are likely to have expired.
With an impending demo, resetting the system clocks to
think they are within the valid certificate lifetime, may
be easier than trying to repeat the certificate renewal
process.
But if your client is not attempting to use TLS port
(typically 3905), then this workaround probably doesn't
even apply.
...and Sunil can confirm, but I think you are correct
that client authentication using AAF was not enabled in
Amsterdam.
-Dom
-----Original Message-----
From:
[email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of
MALINCONICO ANIELLO PAOLO
Sent: Wednesday, January 30, 2019 10:34 AM
To:
[email protected]<mailto:[email protected]>;
FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>>
Subject: Re: [onap-discuss] DMAAP fails pub/sub topics
Thanks Brian for reply .
I have changed the zookeeper container and now i use:
dmaap: attos/dmaap:latest
kafka: wurstmeister/kafka:latest
zookeeper: cdposs/zookeeper:3.4.9
But nothing changed, i have still the same errors in the
logs.
This is the SDC-BE log:
2019-01-30T13:41:58.169Z|||||pool-77-thread-1|||SDC-BE||||||||INFO||||10.42.202.41||c.att.nsa.apiClient.http.HttpClient||ActivityType=<?>,
Desc=< --> HTTP/1.1 401 Unauthorized>
2019-01-30T13:41:58.170Z|||||pool-77-thread-1|||SDC-BE||||||||ERROR|MAJOR|||10.42.202.41||o.o.s.c.config.EcompErrorLogUtil||ActivityType=<?>,
Desc=<ETYPE = "AUTHENTICATION_PROBLEM" ENAME =
"BeUebAuthenticationError" ECODE = "ASDC100E" ECONTEXT =
"createTopic" EDESC = "Authentication problem towards
U-EB server. Reason: 401">
2019-01-30T13:41:58.171Z|||||pool-77-thread-1|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.a.impl.AuditingManager||ActivityType=<?>,
Desc=<audit event CreateDistributionTopic of type
distributionengineevent>
2019-01-30T13:41:58.188Z|||||pool-77-thread-1|||SDC-BE||||||||ERROR|MAJOR|||10.42.202.41||o.o.s.c.config.EcompErrorLogUtil||ActivityType=<?>,
Desc=<ETYPE = "SYSTEM_ERROR" ENAME = "BeUebSystemError"
ECODE = "ASDC502E" ECONTEXT = "initDistributionEngine"
EDESC = "Error occured during access to U-EB Server.
Operation: try to create topic
SDC-DISTR-NOTIF-TOPIC-AUTO">
2019-01-30T13:41:59.774Z|||||BE-Health-Check-Task|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.c.impl.CassandraHealthCheck||ActivityType=<?>,
Desc=<creating cluster for Cassandra for monitoring.>
2019-01-30T13:41:59.774Z|||||BE-Health-Check-Task|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.d.c.schema.SdcSchemaUtils||ActivityType=<?>,
Desc=<connecting to node:[sdc-cs.onap-sdc].>
It seems to be an authentication problem.
In the Amsterdam release, what is the role of the aaf ?
From documentation I have understood It is used for the
dmaap authentication ? Or the aaf module is not used in
Amsterdam release? Because in our past Amsterdam
installation, we have removed the aaf namespace, but all
always worked well without it.
I did not fully understand your second statement
"Contact aaf for certificate but might be easier to rest
clocks fir demo", what do you mean? Could you give me
some more details?
Thank you very much
Aniello Paolo Malinconico
On Mon, 28 Jan 2019 21:21:29 +0000
"Brian" <[email protected]<mailto:[email protected]>> wrote:
See dmaap 1007 you need a different zookeepeer container
Contact aaf for certificate but might be easier to rest
clocks fir
demo
Sent via the Samsung Galaxy S8, an AT&T 4G LTE
smartphone
-------- Original message --------
From: MALINCONICO ANIELLO PAOLO
<[email protected]<mailto:[email protected]>>
Date: 1/28/19 2:17 PM (GMT-06:00)
To:
[email protected]<mailto:[email protected]>
Subject: [onap-discuss] DMAAP fails pub/sub topics
Hi,
While we are working on Casablanca release, we have to
carry out an
demo next week on a service we implemented on AMSTERDAM
release a
couple of months ago.
Unfortunately we found kubernetes not working properly
and decided to
re-install it and Amsterdam ONAP as we did several times
during the
last months. Unfortunately this time installation did
not work but we
weren't able to understand why.
We used the same kubernetes release, the same docker
images. It is
likely that the only initial condition different from
previous
installations was the AAI certificate that expired on
December 2018.
Is there anybody that experienced the same problem we
have that can
help? Details are reported below...
We run the robot tests and the ASDC's test fails.
1)We have done the health check test and the dmaap seems
to be down:
curl -X GET
https://urldefense.proofpoint.com/v2/url?u=http-3A__163.162.239.40-3A3
0205_sdc2_rest_healthCheck&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx
3DI5AoMgDmi2Fzw&m=KlrOltQktperr_PhVpMM2XELVNJR9cF748SZVh1QFGU&s=sxyha1
IsdNHLhy727De_hrYHNSCmhbeJMW2GJNLCnSI&e=
{
"sdcVersion": "1.1.0",
"siteMode": "unknown",
"componentsInfo": [
{
"healthCheckComponent": "BE",
"healthCheckStatus": "UP",
"version": "1.1.0",
"description": "OK"
},
{
"healthCheckComponent": "TITAN",
"healthCheckStatus": "UP",
"description": "OK"
},
{
"healthCheckComponent": "DE",
"healthCheckStatus": "DOWN",
"description": "U-EB cluster is not available"
},
{
"healthCheckComponent": "CASSANDRA",
"healthCheckStatus": "UP",
"description": "OK"
},
{
"healthCheckComponent": "ON_BOARDING",
"healthCheckStatus": "UP",
"version": "1.1.0",
"description": "OK",
"componentsInfo": [
{
"healthCheckComponent": "ZU",
"healthCheckStatus": "UP",
"version": "0.2.0",
"description": "OK"
},
{
"healthCheckComponent": "BE",
"healthCheckStatus": "UP",
"version": "1.1.0",
"description": "OK"
},
{
"healthCheckComponent": "CAS",
"healthCheckStatus": "UP",
"version": "2.1.17",
"description": "OK"
}
]
}
]
2)If we perform the get request for the topics: curl
https://urldefense.proofpoint.com/v2/url?u=http-3A__163.162.239.40-3A3
0227_topics&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw
&m=KlrOltQktperr_PhVpMM2XELVNJR9cF748SZVh1QFGU&s=0revI6bChjK5kA-nBpI2_
r3Aq7WhWGIwHVJDWjH2ZcA&e=
...the only subscribed
topic is: {"topics": ["msgrtr.apinode.metrics.dmaap"]}
3)The UEB log:
Starting ueb-listener
ERROR 2019-01-28 14:57:14.611 +0000 AsdcConnectorClient
-
status from ASDC is
org.openecomp.sdc.http.HttpAsdcResponse@473b46c3<mailto:org.openecomp.sdc.http.HttpAsdcResponse@473b46c3>
ERROR 2019-01-28 14:57:14.611 +0000 AsdcConnectorClient
-
DistributionClientResultImpl
[responseStatus=ASDC_SERVER_PROBLEM,
responseMessage=ASDC
server problem]
4) DMAAP log:
15:39:21.329 [qtp379110473-1625] ERROR
com.att.nsa.cambria.service.impl.TopicServiceImpl -
Failed
to create topicSDC-DISTR-NOTIF-TOPIC-AUTO,
Authentication
failed.
15:39:21.330 [qtp379110473-1625] ERROR
com.att.nsa.dmaap.service.TopicRestService - Error while
creating a topic: 401 {"message":"Failed to create
topic:
Access Denied.User does not have permission to perform
create operation on Topic:"}
com.att.nsa.cambria.exception.DMaaPAccessDeniedException:
401 {"message":"Failed to create topic: Access
Denied.User
does not have permission to perform create operation on
Topic:"}
Aniello Paolo Malinconico
