Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!!

[Brian Freeman]

Its not a new image – its simply a helm chart update (with new certs in the 
resources)

Brian


From: Rajewski Łukasz - Hurt <lukasz.rajew...@orange.com>
Sent: Friday, March 27, 2020 12:55 PM
To: onap-discuss@lists.onap.org; PLATANIA, MARCO <plata...@research.att.com>; 
FREEMAN, BRIAN D <bf1...@att.com>; FORSYTH, JAMES <jf2...@att.com>
Subject: RE: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master 
& elalto!!!

I hope we would release new AAI image + helm chart El Alto. We should avoid 
extra procedures somebody needs to follow after the installation, especially if 
documented only in the internal discussion..

Regards,

[Logo Orange]

Łukasz Rajewski, R&D Expert
Orange Labs Poland, Advanced Network Solutions Agency
Mob.: +48 519 310 854
Orange Polska, Obrzeżna 7, 02-691 Warsaw
www.orange.pl<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.orange.pl_&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=glPUi3sL1MAbfgkNySIwnee_6ktWriFN4TWLLjS77vk&s=hP4aTWpUEcPUsDAAWejM6bvC6eUbGLHFLY0uQqCYExM&e=>



From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
[mailto:onap-discuss@lists.onap.org] On Behalf Of Marco Platania
Sent: Thursday, March 26, 2020 9:57 PM
To: FREEMAN, BRIAN D; 
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; FORSYTH, JAMES
Subject: Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master 
& elalto!!!

Oh good to know. I’ll try it then.

Marco

From: BRIAN FREEMAN <bf1...@att.com<mailto:bf1...@att.com>>
Date: Thursday, March 26, 2020 at 4:55 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "PLATANIA, 
MARCO (MARCO)" <plata...@research.att.com<mailto:plata...@research.att.com>>, 
"FORSYTH, JAMES" <jf2...@att.com<mailto:jf2...@att.com>>
Subject: RE: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master 
& elalto!!!

Marco,

I am still testing but the following worked for me (replace onapdldk-aai with 
dev-aai for windriver)

bf1936@njcdtl01bf1936:~/ONAP/AZURE/ONAPDlDK/oom/kubernetes$ helm upgrade 
onapdldk-aai ./aai

seems like it upgraded the helm charts and restarted the traversal and 
resources containers.

It seemed to maintain the old data

Brian




From: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> On Behalf Of 
PLATANIA, MARCO
Sent: Wednesday, March 25, 2020 10:37 PM
To: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; FORSYTH, 
JAMES <jf2...@att.com<mailto:jf2...@att.com>>
Subject: Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master 
& elalto!!!

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
All,

Just a reminder: AAI helm charts aren’t hosted by OOM repo, so applying this 
patch to OOM (El Alto or master) repository won’t work as the change that Jimmy 
mentioned is in the AAI repository. Hence, the procedure to apply this patch is 
the following:


  *   Clone aai/oom:
     *   git clone 
"https://gerrit.onap.org/r/aai/oom";<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_aai_oom-2522&d=DwQGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=DGzPJYyc-DwQeIrctKgsSuYUkGUKn0r1X6UJ17LO530&s=wGoO6UinQNvmPnuBvnW9SpVCLaD9UFT3pL5d1GefhHU&e=>
 aai_oom



  *   Go to the cloned directory:
     *   cd aai_oom


  *   Switch branch to elalto in case you are using El Alto, otherwise skip the 
following step:
     *   git checkout elalto


  *   Apply the patch that Jimmy pushed:
     *   git pull 
"https://gerrit.onap.org/r/aai/oom";<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_aai_oom-2522&d=DwQGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=DGzPJYyc-DwQeIrctKgsSuYUkGUKn0r1X6UJ17LO530&s=wGoO6UinQNvmPnuBvnW9SpVCLaD9UFT3pL5d1GefhHU&e=>
 refs/changes/19/104419/1

Replace the original oom/kubernetes/aai directory with the patched one (aai_oom 
in the example above, remember to rename it to aai when moving it to 
oom/kubernetes).


Jimmy,

After these steps are done, do we have to wipe out AAI and rebuild from 
scratch? Is there a way to retain existing data in case we need to rebuild?

Thanks,
Marco

From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on 
behalf of "FORSYTH, JAMES" <jf2...@att.com<mailto:jf2...@att.com>>
Reply-To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>, "FORSYTH, 
JAMES" <jf2...@att.com<mailto:jf2...@att.com>>
Date: Wednesday, March 25, 2020 at 5:10 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Subject: Re: [onap-discuss] #aai ALERT: Expiring AAI->AAF certificate in master 
& elalto!!!

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
Correction:

I said 26 May below, I meant 26 March 2020.  Tomorrow!

Thanks,
jimmy

From: "FORSYTH, JAMES" <jf2...@att.com<mailto:jf2...@att.com>>
Date: Wednesday, March 25, 2020 at 4:04 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Subject: #aai ALERT: Expiring AAI->AAF certificate in master & elalto!!!

Dear ONAP Community,

Please be advised that the certificates that aai-resources and aai-traversal 
are using will expire on 26 May, 2020 – that’s tomorrow (or today already for 
some of you).

In order to keep your environments running, there is a commit for elalto here:

https://gerrit.onap.org/r/c/aai/oom/+/104419<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104419&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=PgTLKeI3aWhWWnPSIptfVzOs7CMOWKW1jlk7ythLsDg&s=Lk_xp4g-Pcdw2Zy3GVEnhrivcYeAkZw_Z8VpxKBdTLk&e=>

And for master:

https://gerrit.onap.org/r/c/aai/oom/+/104416<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104416&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=PgTLKeI3aWhWWnPSIptfVzOs7CMOWKW1jlk7ythLsDg&s=mJ9X5R1lzrQW7LpW0nJOdIhqCgGNyEJ20Kjd5MpP4-I&e=>

You can cherry pick these to keep your AAI running while we work on getting 
them merged.

Thanks for your patience, my auto-scan job failed on these AAF certs and I was 
under the wrong assumption that they were synced with the AAF issued server 
certs AAI is using that expire in September of this year.

Any questions, please feel free to reach out.

Thanks,
jimmy



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#20405): https://lists.onap.org/g/onap-discuss/message/20405
Mute This Topic: https://lists.onap.org/mt/72549806/21656
Mute #aai: https://lists.onap.org/mk?hashtag=aai&subid=2740164
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-