Dear Taka and all, some feedback here.
The first time I followed your wiki ( https://wiki.onap.org/display/DW/Modify+APPC+Helm+Chart+to+override+the+pk12+certificate ). The original file is (case A): ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.fullname" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} type: Opaque data: db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} But I changed it by (case B): ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: name: {{ include "common.fullname" . }}-certs namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }} and make appc, make onap and deployed (update) APPC. This worked in the sense the unknown_certificate issue was solved. However, I still had the error I told you (some connectivity issue with AAF). Then I tried to repeat the process by using this file instead: ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.fullname" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} type: Opaque data: db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "common.fullname" . }}-certs namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} type: Opaque data: {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }} When I tried to update APPC (with make appc, make onap, helm deploy dev-appc ...) some error came up (kubectl describe pod/dev-appc-appc-0 -n onap): Events: Type Reason Age From Message ---- ------ ---- ---- ------- *Warning* FailedScheduling 6m default-scheduler AssumePod failed: pod 3e3c9094-884f-11e9-884b-02394a5c4c27 is in the cache, so can't be assumed Normal Scheduled 6m default-scheduler Successfully assigned onap/dev-appc-appc-0 to k8s-dev *Warning* FailedScheduling 6m (x2 over 6m) default-scheduler pod has unbound PersistentVolumeClaims Normal Pulled 5m kubelet, k8s-dev Container image "oomk8s/readiness-check:2.0.0" already present on machine Normal Created 5m kubelet, k8s-dev Created container Normal Started 5m kubelet, k8s-dev Started container *Warning* Failed 4m kubelet, k8s-dev Error: failed to start container "appc": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caued "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/kubelet/pods/3e3c9094-884f-11e9-884b-02394a5c4c27/volume-subpaths/certs/appc/23\\\" to rootfs \\\"/var/lib/docker/afs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403\\\" at *\\\"/var/lib/docker/aufs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403/opt/onap/appc/data/stores/org.onapappc.p12\\\" caused \\\"not a directory\\\"\""* : Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type I tried to create that directory (oom/kubernetes/appc/resources/config/appc/opt/onap/appc/data/stores/ and locating also the file "org.onapappc.p12" there but the same error happened during helm deploy. So I *finally* removed all the steps done in your wiki, undeployed/deployed appc with the option ... appc: enabled: true config: enableAAF: false ... in the overriding file. I lost some configuration of course but I only had one VNF in CDT so no issue. No APPC is not using AAF. Kind regards and thank you for your kind help! Xoan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17480): https://lists.onap.org/g/onap-discuss/message/17480 Mute This Topic: https://lists.onap.org/mt/31928176/21656 Mute #appc: https://lists.onap.org/mk?hashtag=appc&subid=2740164 Mute #oom: https://lists.onap.org/mk?hashtag=oom&subid=2740164 Mute #casablanca: https://lists.onap.org/mk?hashtag=casablanca&subid=2740164 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
