Hi Dan, Thanks for the reply. You are correct. I am not using OOM to start SNDC or AAI. I am using docker-compose to start the SDNC container and use the steps in AAI Developer Env Setup [1] to start AAI resources microservice. Is there a solution if I use this setup?
Thanks, Henry [1] https://wiki.onap.org/display/DW/AAI+Developer+Environment+Setup+-+Dublin On Wed, Apr 1, 2020 at 3:00 PM TIMONEY, DAN <[email protected]> wrote: > > Henry, > > Are you starting ONAP using the latest helm charts in OOM? > > If not, that could be the issue. The latest version of the helm charts use > an init container to generate new certs on startup via AAF - so those should > never expire. > > Dan > > On 4/1/20, 1:41 PM, "Henry Yu" <[email protected]> wrote: > > According to this answer from stackoverflow [1], trustsore expiry > would cause the javax.net.ssl.SSLHandshakeException exception which we > see. Could anyone tell us how to update truststoreONAPall.jks? > > Thanks, > Henry > > [1] > https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_questions_22253862_what-2Dif-2Dtruststore-2Dcertificate-2Dexpires&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=x1CgMlHWTo1epwH0SbgyEFqn6ECuNIrsZTFtNfIojO4&s=0NbaRPk-JZMB4giPTjX-lW9Ce8FMO99YQYLCJ3_l-5A&e= > > On Wed, Apr 1, 2020 at 10:39 AM Henry Yu via Lists.Onap.Org > <[email protected]> wrote: > > > > Hi Dan and all, > > > > We are testing the SDNC changes made by the CCVPN use case on the > master branch. We are seeing the following error [1], which occurs when SDNC > DGs try to interact (i.e., read/write) with AAI. Note that this error was not > there before, and it started to occur a week ago. > > > > The error seems to be related to the certificate expiry. I noticed the > certificate update made in AAI > (https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_aai_oom_-2B_104416&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=x1CgMlHWTo1epwH0SbgyEFqn6ECuNIrsZTFtNfIojO4&s=ZzSv3salV17vC4lpoi4g5PKtjbnfZLE9gs5qUtNsK48&e= > ). But it does not seem to fix the problem. > > > > So my question is: should we also update the following trustsotre file > in SDNC: > > > > sdnc/oam/installation/sdnc/src/main/resources/truststoreONAPall.jks > > > > Do the certs in that file also has expiry date? Our Frankfurt > integration testing is blocked by this issue, so any help would be greatly > appreciated. > > > > Thanks, > > Henry > > > > [1] > > 17:55:39.368 INFO [qtp446699013-295] Request Time : > 2020-03-27T17:55:39.367Z, Method : PUT > > 17:55:39.368 INFO [qtp446699013-295] Request URL : > https://urldefense.proofpoint.com/v2/url?u=https-3A__192.168.198.177-3A8443_aai_v19_network_pnfs_pnf_networkId-2DproviderId-2D5555-2DclientId-2D6666-2DtopologyId-2D33-2DnodeId-2D0.191.0.4_p-2Dinterfaces_p-2Dinterface_networkId-2DproviderId-2D5555-2DclientId-2D6666-2DtopologyId-2D33-2DnodeId-2D0.191.0.4-2DltpId-2D16777228&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=qLcfee4a2vOwYSub0bljcQ&m=x1CgMlHWTo1epwH0SbgyEFqn6ECuNIrsZTFtNfIojO4&s=gLe-cvY8Rn0fSRFAoDu72kcpaReSyxs_qPRxxP2QjG4&e= > > 17:55:39.369 DEBUG [qtp446699013-295] MetricLogger requestId = > 7e494f9f-e08a-4d5e-848d-9a4a2173bc9c > > 17:55:39.371 INFO [qtp446699013-295] Input - data : > {"interface-name":"networkId-providerId-5555-clientId-6666-topologyId-33-nodeId-0.191.0.4-ltpId-16777228","speed-value":"10000000","in-maint":true,"operational-status":"down"} > > 17:55:39.371 INFO [qtp446699013-295] Invoke > > 17:55:39.375 WARN [qtp446699013-295] AAIRequestExecutor.post > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?] > > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) ~[?:?] > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) ~[?:?] > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:?] > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > ~[?:?] > > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > ~[?:?] > > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:?] > > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) > ~[?:?] > > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) > ~[?:?] > > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > ~[?:?] > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) ~[?:?] > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) ~[?:?] > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > ~[?:?] > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > ~[?:?] > > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340) > ~[?:?] > > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315) > ~[?:?] > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264) > ~[?:?] > > at > org.onap.ccsdk.sli.adaptors.aai.AAIClientRESTExecutor.post(AAIClientRESTExecutor.java:383) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > > at > org.onap.ccsdk.sli.adaptors.aai.AAIDeclarations.newModelSave(AAIDeclarations.java:1448) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > > at > org.onap.ccsdk.sli.adaptors.aai.AAIDeclarations.save(AAIDeclarations.java:501) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > > at > org.onap.ccsdk.sli.adaptors.aai.AAIService.save(AAIService.java:1375) > [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > > at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) ~[?:?] > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?] > > at > org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54) > [92:org.apache.aries.proxy:1.1.4] > > at > org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) > [92:org.apache.aries.proxy:1.1.4] > > at org.onap.ccsdk.sli.adaptors.aai.$AAIService1830433421.save(Unknown > Source) [467:org.onap.ccsdk.sli.adaptors.aai-service-provider:1.0.0.SNAPSHOT] > > at > org.onap.ccsdk.sli.core.sli.provider.base.SaveNodeExecutor.execute(SaveNodeExecutor.java:73) > > [435:wrap_file__opt_opendaylight_system_org_onap_ccsdk_sli_core_sli-provider-base_1.0.0-SNAPSHOT_sli-provider-base-1.0.0-SNAPSHOT.jar:0.0.0] > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20456): https://lists.onap.org/g/onap-discuss/message/20456 Mute This Topic: https://lists.onap.org/mt/72702035/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
