SDC to DMaaP isnt a certificte issue since that is non-ssl right ? The certificate issue was for AAI.
You should be able to run wireshark in the dmaap message router container and get the message from SDC to DMaaP and see deeper into what the problem is. It should be non-ssl. The creating topic error in Casablanca testing was resolved with the reverted zookeeper and re-deploying SDC after DMaaP restart (zookeeper, kafka, message router in that order) if I remmber correclty (or a fresh install) Brian -----Original Message----- From: MALINCONICO ANIELLO PAOLO <[email protected]> Sent: Friday, February 01, 2019 6:17 AM To: UNNAVA, SUNIL <[email protected]>; LUNANUOVA, DOMINIC <[email protected]>; [email protected]; FREEMAN, BRIAN D <[email protected]> Subject: Re: [onap-discuss] DMAAP fails pub/sub topics Hi all, unfortunately the attempt to reset the system clocks did not work and still we have the same authentication issue in creating topics from SDC (401 Authentication Failed from dmaap log). I have reset the system clocks on the VMs hosting rancher and all the k8s that host all docker containers. I have changed the system clock, not the hardware's one because the NTP is enabled in Openstack and so all k8s nodes's clock are synchronized with the openstack controller's clock. Did I miss something? Thank you very much. Aniello P. Malinconico On Wed, 30 Jan 2019 17:06:47 +0000 "UNNAVA, SUNIL" <[email protected]> wrote: > SDC uses the API Keys for the authentication. Its look >like requests to DMaaP don't have the validate >authentication headers. > > > Thanks, > Sunil > >From: LUNANUOVA, DOMINIC > Sent: Wednesday, January 30, 2019 11:35 AM > To: [email protected]; >[email protected]; FREEMAN, BRIAN D ><[email protected]> > Cc: UNNAVA, SUNIL <[email protected]> > Subject: RE: [onap-discuss] DMAAP fails pub/sub topics > > > (I think Brian is offline so I will venture an >interpretation of his statement) > > > > "Contact aaf for certificate but might be easier to rest >clocks fir demo" > > Should be: > > "Contact aaf for new server SSL certificate but might be >easier to reset system clocks for demo" > > > > Reason: > > The SSL certificates used in ONAP are issued through an >AAF process. > > Any certificates issued for older releases like >Amsterdam are likely to have expired. > > With an impending demo, resetting the system clocks to >think they are within the valid certificate lifetime, may >be easier than trying to repeat the certificate renewal >process. > > But if your client is not attempting to use TLS port >(typically 3905), then this workaround probably doesn't >even apply. > > > > ...and Sunil can confirm, but I think you are correct >that client authentication using AAF was not enabled in >Amsterdam. > > -Dom > > > > > > -----Original Message----- >From: >[email protected]<mailto:[email protected]> >[mailto:[email protected]] On Behalf Of >MALINCONICO ANIELLO PAOLO > Sent: Wednesday, January 30, 2019 10:34 AM > To: >[email protected]<mailto:[email protected]>; >FREEMAN, BRIAN D <[email protected]<mailto:[email protected]>> > Subject: Re: [onap-discuss] DMAAP fails pub/sub topics > > > > Thanks Brian for reply . > > I have changed the zookeeper container and now i use: > > dmaap: attos/dmaap:latest > > kafka: wurstmeister/kafka:latest > > zookeeper: cdposs/zookeeper:3.4.9 > > > > But nothing changed, i have still the same errors in the >logs. > > This is the SDC-BE log: > > > > 2019-01-30T13:41:58.169Z|||||pool-77-thread-1|||SDC-BE||||||||INFO||||10.42.202.41||c.att.nsa.apiClient.http.HttpClient||ActivityType=<?>, > > Desc=< --> HTTP/1.1 401 Unauthorized> > > 2019-01-30T13:41:58.170Z|||||pool-77-thread-1|||SDC-BE||||||||ERROR|MAJOR|||10.42.202.41||o.o.s.c.config.EcompErrorLogUtil||ActivityType=<?>, > > Desc=<ETYPE = "AUTHENTICATION_PROBLEM" ENAME = >"BeUebAuthenticationError" ECODE = "ASDC100E" ECONTEXT = >"createTopic" EDESC = "Authentication problem towards >U-EB server. Reason: 401"> >2019-01-30T13:41:58.171Z|||||pool-77-thread-1|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.a.impl.AuditingManager||ActivityType=<?>, > > Desc=<audit event CreateDistributionTopic of type > > distributionengineevent> > > 2019-01-30T13:41:58.188Z|||||pool-77-thread-1|||SDC-BE||||||||ERROR|MAJOR|||10.42.202.41||o.o.s.c.config.EcompErrorLogUtil||ActivityType=<?>, > > Desc=<ETYPE = "SYSTEM_ERROR" ENAME = "BeUebSystemError" > > ECODE = "ASDC502E" ECONTEXT = "initDistributionEngine" > > EDESC = "Error occured during access to U-EB Server. > > Operation: try to create topic > > SDC-DISTR-NOTIF-TOPIC-AUTO"> > > 2019-01-30T13:41:59.774Z|||||BE-Health-Check-Task|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.c.impl.CassandraHealthCheck||ActivityType=<?>, > > Desc=<creating cluster for Cassandra for monitoring.> >2019-01-30T13:41:59.774Z|||||BE-Health-Check-Task|||SDC-BE||||||||INFO||||10.42.202.41||o.o.s.b.d.c.schema.SdcSchemaUtils||ActivityType=<?>, > > Desc=<connecting to node:[sdc-cs.onap-sdc].> > > > > > > It seems to be an authentication problem. > > In the Amsterdam release, what is the role of the aaf ? > >From documentation I have understood It is used for the >dmaap authentication ? Or the aaf module is not used in >Amsterdam release? Because in our past Amsterdam >installation, we have removed the aaf namespace, but all >always worked well without it. > > > > I did not fully understand your second statement >"Contact aaf for certificate but might be easier to rest >clocks fir demo", what do you mean? Could you give me >some more details? > > > > Thank you very much > > > > Aniello Paolo Malinconico > > > > > > On Mon, 28 Jan 2019 21:21:29 +0000 > > "Brian" <[email protected]<mailto:[email protected]>> wrote: > >> See dmaap 1007 you need a different zookeepeer container > >> > >> Contact aaf for certificate but might be easier to rest >>clocks fir > >>demo > >> > >> > >> Sent via the Samsung Galaxy S8, an AT&T 4G LTE >>smartphone > >> > >> > >> -------- Original message -------- > >>From: MALINCONICO ANIELLO PAOLO > >><[email protected]<mailto:[email protected]>> > >> Date: 1/28/19 2:17 PM (GMT-06:00) > >> To: >>[email protected]<mailto:[email protected]> > >> Subject: [onap-discuss] DMAAP fails pub/sub topics > >> > >> Hi, > >> > >> While we are working on Casablanca release, we have to >> carry out an > >>demo next week on a service we implemented on AMSTERDAM >>release a > >>couple of months ago. > >> Unfortunately we found kubernetes not working properly >>and decided to > >>re-install it and Amsterdam ONAP as we did several times >>during the > >>last months. Unfortunately this time installation did >>not work but we > >>weren't able to understand why. > >> We used the same kubernetes release, the same docker >> images. It is > >>likely that the only initial condition different from >>previous > >>installations was the AAI certificate that expired on >>December 2018. > >> Is there anybody that experienced the same problem we >>have that can > >>help? Details are reported below... > >> > >> We run the robot tests and the ASDC's test fails. > >> > >> 1)We have done the health check test and the dmaap seems >>to be down: > >> > >> curl -X GET > >> https://urldefense.proofpoint.com/v2/url?u=http-3A__163.162.239.40-3A3 > >> 0205_sdc2_rest_healthCheck&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx > >> 3DI5AoMgDmi2Fzw&m=KlrOltQktperr_PhVpMM2XELVNJR9cF748SZVh1QFGU&s=sxyha1 > >> IsdNHLhy727De_hrYHNSCmhbeJMW2GJNLCnSI&e= > >> > >> { > >> > >> "sdcVersion": "1.1.0", > >> > >> "siteMode": "unknown", > >> > >> "componentsInfo": [ > >> > >> { > >> > >> "healthCheckComponent": "BE", > >> > >> "healthCheckStatus": "UP", > >> > >> "version": "1.1.0", > >> > >> "description": "OK" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "TITAN", > >> > >> "healthCheckStatus": "UP", > >> > >> "description": "OK" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "DE", > >> > >> "healthCheckStatus": "DOWN", > >> > >> "description": "U-EB cluster is not available" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "CASSANDRA", > >> > >> "healthCheckStatus": "UP", > >> > >> "description": "OK" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "ON_BOARDING", > >> > >> "healthCheckStatus": "UP", > >> > >> "version": "1.1.0", > >> > >> "description": "OK", > >> > >> "componentsInfo": [ > >> > >> { > >> > >> "healthCheckComponent": "ZU", > >> > >> "healthCheckStatus": "UP", > >> > >> "version": "0.2.0", > >> > >> "description": "OK" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "BE", > >> > >> "healthCheckStatus": "UP", > >> > >> "version": "1.1.0", > >> > >> "description": "OK" > >> > >> }, > >> > >> { > >> > >> "healthCheckComponent": "CAS", > >> > >> "healthCheckStatus": "UP", > >> > >> "version": "2.1.17", > >> > >> "description": "OK" > >> > >> } > >> > >> ] > >> > >> } > >> > >> ] > >> > >> > >> > >> 2)If we perform the get request for the topics: curl > >> https://urldefense.proofpoint.com/v2/url?u=http-3A__163.162.239.40-3A3 > >> 0227_topics&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw > >> &m=KlrOltQktperr_PhVpMM2XELVNJR9cF748SZVh1QFGU&s=0revI6bChjK5kA-nBpI2_ > >> r3Aq7WhWGIwHVJDWjH2ZcA&e= > >> ...the only subscribed > >> topic is: {"topics": ["msgrtr.apinode.metrics.dmaap"]} > >> > >> > >> > >> > >> 3)The UEB log: > >> > >> Starting ueb-listener > >> ERROR 2019-01-28 14:57:14.611 +0000 AsdcConnectorClient > >>- > >> status from ASDC is > >> org.openecomp.sdc.http.HttpAsdcResponse@473b46c3<mailto:org.openecomp.sdc.http.HttpAsdcResponse@473b46c3> > >> ERROR 2019-01-28 14:57:14.611 +0000 AsdcConnectorClient > >>- > >> DistributionClientResultImpl > >> [responseStatus=ASDC_SERVER_PROBLEM, > >>responseMessage=ASDC > >> server problem] > >> > >> > >> > >> > >> > >> 4) DMAAP log: > >> > >> 15:39:21.329 [qtp379110473-1625] ERROR > >> com.att.nsa.cambria.service.impl.TopicServiceImpl - > >>Failed > >> to create topicSDC-DISTR-NOTIF-TOPIC-AUTO, > >>Authentication > >> failed. > >> 15:39:21.330 [qtp379110473-1625] ERROR > >> com.att.nsa.dmaap.service.TopicRestService - Error while > >> creating a topic: 401 {"message":"Failed to create > >>topic: > >> Access Denied.User does not have permission to perform > >> create operation on Topic:"} > >> com.att.nsa.cambria.exception.DMaaPAccessDeniedException: > >> 401 {"message":"Failed to create topic: Access > >>Denied.User > >> does not have permission to perform create operation on > >> Topic:"} > >> > >> > >> Aniello Paolo Malinconico > >> > >> > >> > >> > >> > >> > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15304): https://lists.onap.org/g/onap-discuss/message/15304 Mute This Topic: https://lists.onap.org/mt/29574407/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
