Oh good to know. I’ll try it then. Marco
From: BRIAN FREEMAN <[email protected]> Date: Thursday, March 26, 2020 at 4:55 PM To: "[email protected]" <[email protected]>, "PLATANIA, MARCO (MARCO)" <[email protected]>, "FORSYTH, JAMES" <[email protected]> Subject: RE: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!! Marco, I am still testing but the following worked for me (replace onapdldk-aai with dev-aai for windriver) bf1936@njcdtl01bf1936:~/ONAP/AZURE/ONAPDlDK/oom/kubernetes$ helm upgrade onapdldk-aai ./aai seems like it upgraded the helm charts and restarted the traversal and resources containers. It seemed to maintain the old data Brian From: [email protected] <[email protected]> On Behalf Of PLATANIA, MARCO Sent: Wednesday, March 25, 2020 10:37 PM To: [email protected]; FORSYTH, JAMES <[email protected]> Subject: Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!! ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. All, Just a reminder: AAI helm charts aren’t hosted by OOM repo, so applying this patch to OOM (El Alto or master) repository won’t work as the change that Jimmy mentioned is in the AAI repository. Hence, the procedure to apply this patch is the following: * Clone aai/oom: * git clone "https://gerrit.onap.org/r/aai/oom";<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_aai_oom-2522&d=DwQGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=DGzPJYyc-DwQeIrctKgsSuYUkGUKn0r1X6UJ17LO530&s=wGoO6UinQNvmPnuBvnW9SpVCLaD9UFT3pL5d1GefhHU&e=> aai_oom * Go to the cloned directory: * cd aai_oom * Switch branch to elalto in case you are using El Alto, otherwise skip the following step: * git checkout elalto * Apply the patch that Jimmy pushed: * git pull "https://gerrit.onap.org/r/aai/oom";<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_aai_oom-2522&d=DwQGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=DGzPJYyc-DwQeIrctKgsSuYUkGUKn0r1X6UJ17LO530&s=wGoO6UinQNvmPnuBvnW9SpVCLaD9UFT3pL5d1GefhHU&e=> refs/changes/19/104419/1 Replace the original oom/kubernetes/aai directory with the patched one (aai_oom in the example above, remember to rename it to aai when moving it to oom/kubernetes). Jimmy, After these steps are done, do we have to wipe out AAI and rebuild from scratch? Is there a way to retain existing data in case we need to rebuild? Thanks, Marco From: <[email protected]<mailto:[email protected]>> on behalf of "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>> Date: Wednesday, March 25, 2020 at 5:10 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!! ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. Correction: I said 26 May below, I meant 26 March 2020. Tomorrow! Thanks, jimmy From: "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>> Date: Wednesday, March 25, 2020 at 4:04 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!! Dear ONAP Community, Please be advised that the certificates that aai-resources and aai-traversal are using will expire on 26 May, 2020 – that’s tomorrow (or today already for some of you). In order to keep your environments running, there is a commit for elalto here: https://gerrit.onap.org/r/c/aai/oom/+/104419<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104419&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=PgTLKeI3aWhWWnPSIptfVzOs7CMOWKW1jlk7ythLsDg&s=Lk_xp4g-Pcdw2Zy3GVEnhrivcYeAkZw_Z8VpxKBdTLk&e=> And for master: https://gerrit.onap.org/r/c/aai/oom/+/104416<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104416&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=PgTLKeI3aWhWWnPSIptfVzOs7CMOWKW1jlk7ythLsDg&s=mJ9X5R1lzrQW7LpW0nJOdIhqCgGNyEJ20Kjd5MpP4-I&e=> You can cherry pick these to keep your AAI running while we work on getting them merged. Thanks for your patience, my auto-scan job failed on these AAF certs and I was under the wrong assumption that they were synced with the AAF issued server certs AAI is using that expire in September of this year. Any questions, please feel free to reach out. Thanks, jimmy -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20396): https://lists.onap.org/g/onap-discuss/message/20396 Mute This Topic: https://lists.onap.org/mt/72549806/21656 Mute #aai: https://lists.onap.org/mk?hashtag=aai&subid=2740164 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
