it works on my side can you give me the following information:
OS / ENVIRONMENT * Kubernetes version: <!-- output of `kubernetes version` --> * Helm version: <!-- output of `helm version` --> * Kubernetes mode of installation: <!-- add also configuration file if relevant --> <!-- please run: docker run -e DEPLOY_SCENARIO=k8s-test \ -v <the kube config>:/root/.kube/config \ opnfv/functest-kubernetes-healthcheck:latest --> <!-- and upload the result directory as a zip file --> * CNI Used for Kubernetes: * type of installation: <!-- number of control, number of nodes --> OOM VERSION <!--- which branch / tag did you use --> CONFIGURATION <!-- please paste or upload override file used --> ________________________________ De : Thamlur Raju [[email protected]] Envoyé : vendredi 10 juillet 2020 15:21 À : DESBUREAUX Sylvain TGI/OLN; [email protected] Objet : RE: AAF cert service certificate expire issue in Frankfurt And observed that, sshsm folder not creating/mounted in /dockerdata-nfs/dev/… From: Thamlur Raju Sent: Friday, July 10, 2020 6:49 PM To: [email protected]; [email protected] Subject: RE: AAF cert service certificate expire issue in Frankfurt Those are the full logs, after that it is crashing and creating again… dev-aaf-oauth-cf6d69d96-w9vs5 0/1 CrashLoopBackOff 9 22m From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Sent: Friday, July 10, 2020 6:45 PM To: Thamlur Raju <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: RE:AAF cert service certificate expire issue in Frankfurt Hi Thamlur, I've got the same on my logs: can you give me the full log? kubectl logs -n onap onap-aaf-oauth-55cb9ccc9b-48h27 2020-07-02 06:06:45,519 WARN [init] 2020-07-02T06:06:45.518+0000 INIT [init] Loading CADI Properties from /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props 2020-07-02 06:06:45,520 WARN [init] 2020-07-02T06:06:45.520+0000 INIT [init] Loading CADI Properties from /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props 2020-07-02 06:06:45,521 WARN [init] 2020-07-02T06:06:45.520+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-02 06:06:45,523 WARN [init] 2020-07-02T06:06:45.523+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-02 06:06:45,527 WARN [init] 2020-07-02T06:06:45.527+0000 INIT [init] https.protocols set by cadi_protocols in CADI Properties 2020-07-02 06:06:45,527 WARN [init] 2020-07-02T06:06:45.527+0000 INIT [init] jdk.tls.client.protocols set from Default Protocols 2020-07-02 06:06:45,537 WARN [init] 2020-07-02T06:06:45.537+0000 INIT [init] AAF Root NS is org.osaaf.aaf, and AAF Company Root is org.osaaf 2020-07-02 06:06:45,577 WARN [init] 2020-07-02T06:06:45.577+0000 INIT [init] Cass Port = 9042 2020-07-02 06:06:45,578 WARN [init] 2020-07-02T06:06:45.578+0000 INIT [init] Cass User = cassandra 2020-07-02 06:06:45,578 WARN [init] 2020-07-02T06:06:45.578+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-02 06:06:45,635 WARN [init] 2020-07-02T06:06:45.635+0000 INIT [init] Cass ResetExceptions = com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" 2020-07-02 06:06:45,638 WARN [init] 2020-07-02T06:06:45.638+0000 INIT [init] Service Latitude,Longitude = 38.000000,-72.000000 2020-07-02 06:06:45,639 WARN [init] 2020-07-02T06:06:45.639+0000 INIT [init] Cass Clusters = 'aaf-cass.onap' 2020-07-02 06:06:45,649 WARN [init] 2020-07-02T06:06:45.649+0000 INIT [init] Cassandra is using Default Policy, which is not DC aware 2020-07-02 06:06:46,054 WARN [init] 2020-07-02T06:06:46.054+0000 INIT [init] X509 Chain 0) Subject: CN=aaf.osaaf.org, OU=OSAAF, [email protected]<mailto:[email protected]>, O=ONAP, C=US Issuer : CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US Expires: Fri Jul 02 06:04:43 GMT 2021 1) Subject: CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US Issuer : C=US, O=ONAP, OU=OSAAF Expires: Thu Aug 17 18:51:37 GMT 2023 2020-07-02 06:06:46,113 WARN [init] 2020-07-02T06:06:46.113+0000 INIT [init] https.protocols loaded from System Properties 2020-07-02 06:06:46,113 WARN [init] 2020-07-02T06:06:46.113+0000 INIT [init] jdk.tls.client.protocols loaded from System Properties 2020-07-02 06:06:46,163 WARN [init] 2020-07-02T06:06:46.163+0000 INIT [init] RegistrationProperty: default_container='oom' 2020-07-02 06:06:46,163 WARN [init] 2020-07-02T06:06:46.163+0000 INIT [init] RegistrationProperty: public_port='31112' 2020-07-02 06:06:46,164 WARN [init] 2020-07-02T06:06:46.164+0000 INIT [init] RegistrationProperty: hostname='onap-aaf-oauth-55cb9ccc9b-48h27' 2020-07-02 06:06:46,164 WARN [init] 2020-07-02T06:06:46.164+0000 INIT [init] RegistrationProperty: public_fqdn='aaf.osaaf.org' 2020-07-02 06:06:46,165 WARN [init] 2020-07-02T06:06:46.165+0000 INIT [init] RegistrationProperty: default_name='%NS.%N' 2020-07-02 06:06:46,165 WARN [init] 2020-07-02T06:06:46.165+0000 INIT [init] RegistrationProperty: latitude='38.0' 2020-07-02 06:06:46,165 WARN [init] 2020-07-02T06:06:46.165+0000 INIT [init] RegistrationProperty: longitude='-72.0' 2020-07-02 06:06:46,165 WARN [init] 2020-07-02T06:06:46.165+0000 INIT [init] RegistrationProperty: public_hostname(overloaded by )='aaf.osaaf.org' 2020-07-02 06:06:46,166 WARN [init] 2020-07-02T06:06:46.166+0000 INIT [init] RegistrationProperty: default_fqdn='onap-aaf-oauth-55cb9ccc9b-48h27' 2020-07-02 06:06:46,166 WARN [init] 2020-07-02T06:06:46.166+0000 INIT [init] RegistrationProperty: default_container_ns='onap' 2020-07-02 06:06:46,404 WARN [init] 2020-07-02T06:06:46.404+0000 INIT [init] Cleaning Thread initialized with interval of 60000 ms and max objects of 1000 2020-07-02 06:06:46,447 WARN [init] 2020-07-02T06:06:46.447+0000 INIT [init] Instantiating DAOs 2020-07-02 06:06:47,401 WARN [init] 2020-07-02T06:06:47.401+0000 INIT [init] New Cassandra Session 653.4356ms Clear Reset Deque 0.023117ms Preparing PSInfo CREATE on HistoryDAO 3.894346ms Preparing PSInfo READ on HistoryDAO 3.097444ms Preparing PSInfo UPDATE on HistoryDAO 2.406903ms Preparing PSInfo DELETE on HistoryDAO 2.788421ms Preparing PSInfo CREATE on HistoryDAO 2.462245ms Preparing PSInfo READ on HistoryDAO 4.368506ms Preparing PSInfo READ on HistoryDAO 2.719468ms Preparing PSInfo READ on HistoryDAO 2.517637ms Preparing PSInfo READ on HistoryDAO 2.091764ms Preparing PSInfo CREATE on CacheInfoDAO 2.126257ms Preparing PSInfo READ on CacheInfoDAO 2.147623ms Preparing PSInfo UPDATE on CacheInfoDAO 2.953071ms Preparing PSInfo DELETE on CacheInfoDAO 12.266068ms Preparing PSInfo CREATE on NsDAO 5.044256ms Preparing PSInfo READ on NsDAO 2.514753ms Preparing PSInfo UPDATE on NsDAO 2.515973ms Preparing PSInfo DELETE on NsDAO 2.349855ms Preparing PSInfo READ on NsDAO 2.464386ms Preparing PSInfo CREATE on PermDAO 2.419622ms Preparing PSInfo READ on PermDAO 2.372162ms Preparing PSInfo UPDATE on PermDAO 2.499314ms Preparing PSInfo DELETE on PermDAO 2.232204ms Preparing PSInfo READ on PermDAO 3.055897ms Preparing PSInfo READ on PermDAO 2.429852ms Preparing PSInfo READ on PermDAO 2.44082ms Preparing PSInfo CREATE on RoleDAO 2.309697ms Preparing PSInfo READ on RoleDAO 1.884424ms Preparing PSInfo UPDATE on RoleDAO 1.89329ms Preparing PSInfo DELETE on RoleDAO 1.867984ms Preparing PSInfo READ on RoleDAO 2.934879ms Preparing PSInfo READ on RoleDAO 2.041072ms Preparing PSInfo READ on RoleDAO 2.947054ms Preparing PSInfo CREATE on UserRoleDAO 1.964547ms Preparing PSInfo READ on UserRoleDAO 2.062513ms Preparing PSInfo UPDATE on UserRoleDAO 2.149244ms Preparing PSInfo DELETE on UserRoleDAO 4.532429ms Preparing PSInfo READ on UserRoleDAO 2.329315ms Preparing PSInfo READ on UserRoleDAO 2.593282ms Preparing PSInfo READ on UserRoleDAO 3.649278ms Preparing PSInfo CREATE on CredDAO 1.933915ms Preparing PSInfo READ on CredDAO 3.951989ms Preparing PSInfo UPDATE on CredDAO 2.131109ms Preparing PSInfo DELETE on CredDAO 2.005564ms Preparing PSInfo READ on CredDAO 2.136215ms Preparing PSInfo READ on CredDAO 2.318595ms Preparing PSInfo READ on CredDAO 2.106483ms Preparing PSInfo CREATE on CertDAO 1.988949ms Preparing PSInfo READ on CertDAO 3.041969ms Preparing PSInfo UPDATE on CertDAO 2.042843ms Preparing PSInfo DELETE on CertDAO 1.7342ms Preparing PSInfo READ on CertDAO 1.950128ms Preparing PSInfo READ on CertDAO 1.775142ms Preparing PSInfo CREATE on LocateDAO 2.051413ms Preparing PSInfo READ on LocateDAO 2.16661ms Preparing PSInfo UPDATE on LocateDAO 2.301051ms Preparing PSInfo DELETE on LocateDAO 2.150371ms Preparing PSInfo READ on LocateDAO 2.166649ms Preparing PSInfo CREATE on FutureDAO 1.773272ms Preparing PSInfo READ on FutureDAO 1.789323ms Preparing PSInfo UPDATE on FutureDAO 3.147646ms Preparing PSInfo DELETE on FutureDAO 1.607204ms Preparing PSInfo READ on FutureDAO 6.419488ms Preparing PSInfo CREATE on DelegateDAO 3.74487ms Preparing PSInfo READ on DelegateDAO 2.41776ms Preparing PSInfo UPDATE on DelegateDAO 1.973583ms Preparing PSInfo DELETE on DelegateDAO 2.41346ms Preparing PSInfo READ on DelegateDAO 1.932137ms Preparing PSInfo CREATE on ApprovalDAO 1.759112ms Preparing PSInfo READ on ApprovalDAO 1.855691ms Preparing PSInfo UPDATE on ApprovalDAO 1.525218ms Preparing PSInfo DELETE on ApprovalDAO 1.482466ms Preparing PSInfo READ on ApprovalDAO 1.596207ms Preparing PSInfo READ on ApprovalDAO 1.415846ms Preparing PSInfo READ on ApprovalDAO 1.675219ms Preparing PSInfo READ on ApprovalDAO 1.6459ms 2020-07-02 06:06:47,405 WARN [init] 2020-07-02T06:06:47.405+0000 INIT [init] POST /token application/Token+json;charset=utf-8;version=1.0,application/json;version=1.0,application/x-www-form-urlencoded,*/* OAuth Token 2020-07-02 06:06:47,406 WARN [init] 2020-07-02T06:06:47.406+0000 INIT [init] POST /introspect application/Introspect+json;charset=utf-8;version=1.0,application/json;version=1.0,application/x-www-form-urlencoded,*/* AAF Token Information 2020-07-02 06:06:47,407 WARN [init] 2020-07-02T06:06:47.407+0000 INIT [init] Default Organization Module not linked injava.lang.ClassNotFoundException: org.onap.aaf.org.DefaultOrg at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:315) at org.onap.aaf.auth.org.OrganizationFactory.init(OrganizationFactory.java:68) at org.onap.aaf.auth.server.AbsServiceStarter.<init>(AbsServiceStarter.java:53) at org.onap.aaf.auth.server.JettyServiceStarter.<init>(JettyServiceStarter.java:59) at org.onap.aaf.auth.oauth.AAF_OAuth.main(AAF_OAuth.java:193) 2020-07-02 06:06:47,510 WARN [init] 2020-07-02T06:06:47.510+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-02 06:06:47,536 WARN [init] 2020-07-02T06:06:47.535+0000 INIT [init] hostname is set to onap-aaf-oauth-55cb9ccc9b-48h27 2020-07-02 06:06:47,536 WARN [init] 2020-07-02T06:06:47.536+0000 INIT [init] basic_realm is set to onap-aaf-oauth-55cb9ccc9b-48h27 2020-07-02 06:06:47,536 WARN [init] 2020-07-02T06:06:47.536+0000 INIT [init] aaf_default_realm is set to people.osaaf.org 2020-07-02 06:06:47,536 WARN [init] 2020-07-02T06:06:47.536+0000 INIT [init] aaf_id is set to [email protected]<mailto:[email protected]> 2020-07-02 06:06:47,537 WARN [init] 2020-07-02T06:06:47.537+0000 INIT [init] aaf_oauth2_token_url is set to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.token:2.1/token 2020-07-02 06:06:47,537 WARN [init] 2020-07-02T06:06:47.537+0000 INIT [init] aaf_oauth2_introspect_url is set to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.introspect:2.1/introspect 2020-07-02 06:06:47,599 WARN [init] 2020-07-02T06:06:47.598+0000 INIT [init] Creating DirectAAFLocator to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.token:2.1 2020-07-02 06:06:47,646 WARN [init] 2020-07-02T06:06:47.646+0000 INIT [init] Creating DirectAAFLocator to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.introspect:2.1 2020-07-02 06:06:47,649 WARN [init] 2020-07-02T06:06:47.649+0000 INIT [init] OAuth2 LUR enabled 2020-07-02 06:06:47,650 WARN [init] 2020-07-02T06:06:47.649+0000 INIT [init] Lurs processed in this order: org.onap.aaf.cadi.olur.OLur(20) org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm(30) 2020-07-02 06:06:47,650 WARN [init] 2020-07-02T06:06:47.650+0000 INIT [init] aaf_url is set to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.service:2.1 2020-07-02 06:06:47,651 WARN [init] 2020-07-02T06:06:47.651+0000 INIT [init] hostname is not explicitly set 2020-07-02 06:06:47,651 WARN [init] 2020-07-02T06:06:47.651+0000 INIT [init] Hostname set to onap-aaf-oauth-55cb9ccc9b-48h27 2020-07-02 06:06:47,652 WARN [init] 2020-07-02T06:06:47.652+0000 INIT [init] cadi_truststore is set to /opt/app/osaaf/public/truststoreONAPall.jks 2020-07-02 06:06:47,655 WARN [init] 2020-07-02T06:06:47.655+0000 INIT [init] Trusting Identity for Certificates signed by "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US" 2020-07-02 06:06:47,655 WARN [init] 2020-07-02T06:06:47.655+0000 INIT [init] Trusting Identity for Certificates signed by "CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" 2020-07-02 06:06:47,655 WARN [init] 2020-07-02T06:06:47.655+0000 INIT [init] Trusting Identity for Certificates signed by "CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US" 2020-07-02 06:06:47,672 WARN [init] 2020-07-02T06:06:47.672+0000 INIT [init] X509 Chain 0) Subject: CN=aaf.osaaf.org, OU=OSAAF, [email protected]<mailto:[email protected]>, O=ONAP, C=US Issuer : CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US Expires: Fri Jul 02 06:04:43 GMT 2021 1) Subject: CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US Issuer : C=US, O=ONAP, OU=OSAAF Expires: Thu Aug 17 18:51:37 GMT 2023 2020-07-02 06:06:47,677 WARN [init] 2020-07-02T06:06:47.677+0000 INIT [init] https.protocols loaded from System Properties 2020-07-02 06:06:47,677 WARN [init] 2020-07-02T06:06:47.677+0000 INIT [init] jdk.tls.client.protocols loaded from System Properties 2020-07-02 06:06:47,678 WARN [init] 2020-07-02T06:06:47.678+0000 INIT [init] Certificate Authorization enabled 2020-07-02 06:06:47,678 WARN [init] 2020-07-02T06:06:47.678+0000 INIT [init] basic_realm is not explicitly set 2020-07-02 06:06:47,678 WARN [init] 2020-07-02T06:06:47.678+0000 INIT [init] aaf_user_expires is set to 600000 2020-07-02 06:06:47,679 WARN [init] 2020-07-02T06:06:47.679+0000 INIT [init] DirectOAuthTAF Authentication is enabled 2020-07-02 06:06:47,681 WARN [init] 2020-07-02T06:06:47.681+0000 INIT [init] Direct BasicAuth Authentication is enabled 2020-07-02 06:06:47,681 WARN [init] 2020-07-02T06:06:47.681+0000 INIT [init] Tafs processed in this order: org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf(0) org.onap.aaf.cadi.taf.cert.X509Taf(10) org.onap.aaf.auth.oauth.DirectOAuthTAF(50) org.onap.aaf.cadi.taf.basic.BasicHttpTaf(51) 2020-07-02 06:06:47,682 WARN [init] 2020-07-02T06:06:47.682+0000 INIT [init] Creating DirectAAFLocator to https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.service:2.1 2020-07-02 06:06:47,683 WARN [init] 2020-07-02T06:06:47.683+0000 INIT [init] cadi_loglevel is set to INFO 2020-07-02 06:06:47,686 WARN [init] 2020-07-02T06:06:47.686+0000 INIT [init] Starting service on onap-aaf-oauth-55cb9ccc9b-48h27:8140 (10.233.75.51) 2020-07-02 06:06:47,777 WARN [init] 2020-07-02T06:06:47.777+0000 INIT [init] Server@52af9065{STARTED}[9.4.12.v20180830<mailto:Server@52af9065%7bSTARTED%7d[9.4.12.v20180830>] - STARTED += QueuedThreadPool[qtp1630093543]@612940e7{STARTED,8<=8<=200,i=6,q=0}[ReservedThreadExecutor@d3331f9{s=0/1,p=0}] - STARTED | += ReservedThreadExecutor@d3331f9{s=0/1,p=0} - STARTED | +> 29 qtp1630093543-29 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 31 qtp1630093543-31 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 27 qtp1630093543-27 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 30 qtp1630093543-30 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 32 qtp1630093543-32 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 25 qtp1630093543-25-acceptor-0@424d8624-ServerConnector@2cea972e{SSL,[ssl, http/1.1]}{onap-aaf-oauth-55cb9ccc9b-48h27:8140} ACCEPTING RUNNABLE @ [email protected]/sun.nio.ch.ServerSocketChannelImpl.accept0(Native<mailto:[email protected]/sun.nio.ch.ServerSocketChannelImpl.accept0(Native> Method) prio=3 | +> 28 qtp1630093543-28 IDLE TIMED_WAITING @ [email protected]/jdk.internal.misc.Unsafe.park(Native<mailto:[email protected]/jdk.internal.misc.Unsafe.park(Native> Method) | +> 26 qtp1630093543-26 SELECTING RUNNABLE @ [email protected]/sun.nio.ch.EPoll.wait(Native<mailto:[email protected]/sun.nio.ch.EPoll.wait(Native> Method) | +> jobs - size=0 += ServerConnector@2cea972e{SSL,[ssl, http/1.1]}{onap-aaf-oauth-55cb9ccc9b-48h27:8140} - STARTED | +~ Server@52af9065{STARTED}[9.4.12.v20180830<mailto:Server@52af9065%7bSTARTED%7d[9.4.12.v20180830>] - STARTED | +~ QueuedThreadPool[qtp1630093543]@612940e7{STARTED,8<=8<=200,i=6,q=0}[ReservedThreadExecutor@d3331f9{s=0/1,p=0}] - STARTED | += ScheduledExecutorScheduler@75febc4c{STARTED} - STARTED | +- org.eclipse.jetty.io.ArrayByteBufferPool@7cb2eb8b<mailto:org.eclipse.jetty.io.ArrayByteBufferPool@7cb2eb8b> | += SslConnectionFactory@6ed60a17{SSL->HTTP/1.1}<mailto:SslConnectionFactory@6ed60a17%7bSSL-%3eHTTP/1.1%7d> - STARTED | | += SslContextFactory@3ca47805[provider=null,keyStore=file:///opt/app/osaaf/local/org.osaaf.aaf.p12,trustStore=file:///opt/app/osaaf/public/truststoreONAPall.jks<mailto:SslContextFactory@3ca47805[provider=null,keyStore=file:///opt/app/osaaf/local/org.osaaf.aaf.p12,trustStore=file:///opt/app/osaaf/public/truststoreONAPall.jks>] trustAll=false | | +- Protocol Selections | | | +- Enabled (size=2) | | | | +- TLSv1.1 | | | | +- TLSv1.2 | | | +- Disabled (size=4) | | | +- SSLv2Hello - ConfigExcluded:'SSLv2Hello', ConfigIncluded:NotSelected JVM:disabled | | | +- SSLv3 - ConfigExcluded:'SSLv3', ConfigIncluded:NotSelected JVM:disabled | | | +- TLSv1 - ConfigIncluded:NotSelected JVM:disabled | | | +- TLSv1.3 - ConfigIncluded:NotSelected JVM:disabled | | +- Cipher Suite Selections | | +- Enabled (size=25) | | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | | | +- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | | | +- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | | | +- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | | | +- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | | | +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | | | +- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | | | +- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | | | +- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | | | +- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | | | +- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | | | +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV | | +- Disabled (size=20) | | +- TLS_AES_128_GCM_SHA256 - JVM:disabled | | +- TLS_AES_256_GCM_SHA384 - JVM:disabled | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' | | +- TLS_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$', ConfigExcluded:'^TLS_RSA_.*$' | | +- TLS_RSA_WITH_AES_128_CBC_SHA256 - ConfigExcluded:'^TLS_RSA_.*$' | | +- TLS_RSA_WITH_AES_128_GCM_SHA256 - ConfigExcluded:'^TLS_RSA_.*$' | | +- TLS_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$', ConfigExcluded:'^TLS_RSA_.*$' | | +- TLS_RSA_WITH_AES_256_CBC_SHA256 - ConfigExcluded:'^TLS_RSA_.*$' | | +- TLS_RSA_WITH_AES_256_GCM_SHA384 - ConfigExcluded:'^TLS_RSA_.*$' | += HttpConnectionFactory@70dd637b[HTTP/1.1<mailto:HttpConnectionFactory@70dd637b[HTTP/1.1>] - STARTED | | +- HttpConfiguration@409dc1b2{32768/8192,8192/8192,https://:8140,[SecureRequestCustomizer@5b028e14]} | += SelectorManager@ServerConnector@2cea972e{SSL,[ssl, http/1.1]}{onap-aaf-oauth-55cb9ccc9b-48h27:8140} - STARTED | | += ManagedSelector@3a0c0b8b{STARTED} id=0 keys=0 selected=0 updates=0 - STARTED | | += EatWhatYouKill@91f0071/SelectorProducer@6f610e8c/PRODUCING/p=false/QueuedThreadPool[qtp1630093543]@612940e7{STARTED,8<=8<=200,i=6,q=0}[ReservedThreadExecutor@d3331f9{s=0/1,p=0}][pc=0,pic=0,pec=0,epc=0]@2020-07-02T06:06:47.776642Z<mailto:EatWhatYouKill@91f0071/SelectorProducer@6f610e8c/PRODUCING/p=false/QueuedThreadPool%5bqtp1630093543%5d@612940e7%7bSTARTED,8%3c=8%3c=200,i=6,q=0%7d%5bReservedThreadExecutor@d3331f9%7bs=0/1,p=0%7d%5d%5bpc=0,pic=0,pec=0,epc=0%5d@2020-07-02T06:06:47.776642Z> - STARTED | | | +- SelectorProducer@6f610e8c | | | +~ QueuedThreadPool[qtp1630093543]@612940e7{STARTED,8<=8<=200,i=6,q=0}[ReservedThreadExecutor@d3331f9{s=0/1,p=0}] - STARTED | | +> updates @ 2020-07-02T06:06:47.770416Z | | +> keys @ 2020-07-02T06:06:47.773743Z | | +- sun.nio.ch.EPollSelectorImpl@50fe11b0<mailto:sun.nio.ch.EPollSelectorImpl@50fe11b0> keys=0 | +- sun.nio.ch.ServerSocketChannelImpl[/10.233.75.51:8140] | +- qtp1630093543-25-acceptor-0@424d8624-ServerConnector@2cea972e{SSL,[ssl, http/1.1]}{onap-aaf-oauth-55cb9ccc9b-48h27:8140} += AbstractHandler@156504f{STARTED} - STARTED += ErrorHandler@73d555ed{STARTED} - STARTED +> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc<mailto:jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc> +- jdk.internal.loader.ClassLoaders$PlatformClassLoader@143d9d24<mailto:jdk.internal.loader.ClassLoaders$PlatformClassLoader@143d9d24> 2020-07-02 06:06:47,783 WARN [init] 2020-07-02T06:06:47.783+0000 INIT [init] Starting Jetty Service for org.osaaf.aaf.oauth, version 2.1, on https://onap-aaf-oauth-55cb9ccc9b-48h27:8140 ________________________________ De : Thamlur Raju [[email protected]] Envoyé : vendredi 10 juillet 2020 15:03 À : DESBUREAUX Sylvain TGI/OLN; [email protected]<mailto:[email protected]> Objet : RE: AAF cert service certificate expire issue in Frankfurt Hi Sylvain, Took the patch and redeployed the AAF. Facing the issue with cass-auth pod, # kubectl get pods -n onap | grep aaf dev-aaf-cass-69cf95c8f7-bsp22 1/1 Running 0 11m dev-aaf-cert-service-75f5cd69fb-rm2bt 1/1 Running 0 11m dev-aaf-cm-fd54dbf58-2qrc8 1/1 Running 0 11m dev-aaf-fs-7894f54b84-8ljdz 1/1 Running 0 11m dev-aaf-gui-66567f7b8c-kzmj6 1/1 Running 0 11m dev-aaf-locate-64f84f5964-nhkh7 1/1 Running 0 11m dev-aaf-oauth-cf6d69d96-w9vs5 0/1 CrashLoopBackOff 5 11m dev-aaf-service-67c5b7c58f-977z4 1/1 Running 0 11m dev-aaf-sms-5676869dd8-28p4r 1/1 Running 0 11m dev-aaf-sms-preload-sr79c 1/1 Running 0 11m dev-aaf-sms-quorumclient-0 1/1 Running 0 11m dev-aaf-sms-quorumclient-1 1/1 Running 0 10m dev-aaf-sms-quorumclient-2 1/1 Running 0 10m dev-aaf-sms-vault-0 2/2 Running 0 11m dev-aaf-sshsm-distcenter-gcz94 0/1 Completed 0 11m dev-aaf-sshsm-testca-gm7p8 0/1 Completed 0 11m #kubectl logs -f dev-aaf-oauth-cf6d69d96-w9vs5 2020-07-10 13:00:04,195 WARN [init] 2020-07-10T13:00:04.194+0000 INIT [init] Loading CADI Properties from /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props 2020-07-10 13:00:04,293 WARN [init] 2020-07-10T13:00:04.293+0000 INIT [init] Loading CADI Properties from /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props 2020-07-10 13:00:04,293 WARN [init] 2020-07-10T13:00:04.293+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-10 13:00:04,493 WARN [init] 2020-07-10T13:00:04.493+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-10 13:00:04,595 WARN [init] 2020-07-10T13:00:04.595+0000 INIT [init] https.protocols set by cadi_protocols in CADI Properties 2020-07-10 13:00:04,596 WARN [init] 2020-07-10T13:00:04.596+0000 INIT [init] jdk.tls.client.protocols set from Default Protocols 2020-07-10 13:00:05,698 WARN [init] 2020-07-10T13:00:05.697+0000 INIT [init] AAF Root NS is org.osaaf.aaf, and AAF Company Root is org.osaaf 2020-07-10 13:00:08,998 WARN [init] 2020-07-10T13:00:08.997+0000 INIT [init] Cass Port = 9042 2020-07-10 13:00:09,095 WARN [init] 2020-07-10T13:00:09.095+0000 INIT [init] Cass User = cassandra 2020-07-10 13:00:09,095 WARN [init] 2020-07-10T13:00:09.095+0000 INIT [init] cadi_keyfile points to /opt/app/osaaf/local/org.osaaf.aaf.keyfile 2020-07-10 13:00:13,051 WARN [init] 2020-07-10T13:00:13.051+0000 INIT [init] Cass ResetExceptions = com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" 2020-07-10 13:00:13,395 WARN [init] 2020-07-10T13:00:13.395+0000 INIT [init] Service Latitude,Longitude = 38.000000,-72.000000 2020-07-10 13:00:13,398 WARN [init] 2020-07-10T13:00:13.398+0000 INIT [init] Cass Clusters = 'aaf-cass.onap' 2020-07-10 13:00:13,698 WARN [init] 2020-07-10T13:00:13.698+0000 INIT [init] Cassandra is using Default Policy, which is not DC aware Please suggest on this. Thanks & Regards, Thamlur Raju From: Thamlur Raju Sent: Thursday, July 9, 2020 9:36 PM To: '[email protected]' <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: RE: AAF cert service certificate expire issue in Frankfurt Thanks Sylvain, Once it merged will take the update. From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Sent: Thursday, July 9, 2020 9:03 PM To: Thamlur Raju <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: RE:AAF cert service certificate expire issue in Frankfurt Hello Raju, patch is under review: https://gerrit.onap.org/r/c/oom/+/110003<https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2Fc%2Foom%2F%2B%2F110003&data=02%7C01%7CTR00568434%40TechMahindra.com%7C344d67b76dc54b0f4c8c08d824d33b1c%7Cedf442f5b9944c86a131b42b03a16c95%7C0%7C0%7C637299836955150833&sdata=r3hbqqrNob0owo3cbk7zY8wLI23RIy%2FcOnggkZsl2cE%3D&reserved=0> :) should be merge tomorrow I hope and then cherry picked to Frankfurt ________________________________ De : Thamlur Raju [[email protected]] Envoyé : jeudi 9 juillet 2020 16:51 À : DESBUREAUX Sylvain TGI/OLN; [email protected]<mailto:[email protected]> Objet : AAF cert service certificate expire issue in Frankfurt Hi Sylvain/Jonathan, We are facing the issue in AAF (certificate issue). can you please suggest how can we generate/update the cert. # kubectl get pods -n onap | grep aaf dev-aaf-cass-78f99bd9cf-9gfr7 1/1 Running 0 16d dev-aaf-cert-service-5bf75f545c-7x48t 0/1 CrashLoopBackOff 61 3h55m dev-aaf-cm-74886fc447-8jn75 1/1 Running 0 16d dev-aaf-fs-7b544b46c7-6l4t9 1/1 Running 0 16d dev-aaf-gui-6bbc74cbbf-jtgqs 1/1 Running 0 16d dev-aaf-locate-57c6cfd877-s545s 1/1 Running 0 16d dev-aaf-oauth-7d8f9d669-l59rc 1/1 Running 0 16d dev-aaf-service-58c49b86c8-k8n9f 1/1 Running 0 16d dev-aaf-sms-7fb7bc7585-2zzwr 1/1 Running 0 16d dev-aaf-sms-preload-8c2c2 0/1 Completed 0 16d dev-aaf-sms-quorumclient-0 1/1 Running 0 16d dev-aaf-sms-quorumclient-1 1/1 Running 0 16d dev-aaf-sms-quorumclient-2 1/1 Running 0 16d dev-aaf-sms-vault-0 2/2 Running 1 16d dev-aaf-sshsm-distcenter-9ktt6 0/1 Completed 0 16d dev-aaf-sshsm-testca-hp4tb 0/1 Completed 0 16d # kubectl describe pod dev-aaf-cert-service-5bf75f545c-7x48t Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning BackOff 9m35s (x662 over 3h44m) kubelet, onap-onap-tm5g-01-k8s-02 Back-off restarting failed container Warning Unhealthy 4m41s (x343 over 3h54m) kubelet, onap-onap-tm5g-01-k8s-02 Readiness probe failed: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html<https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcurl.haxx.se%2Fdocs%2Fsslcerts.html&data=02%7C01%7CTR00568434%40TechMahindra.com%7C344d67b76dc54b0f4c8c08d824d33b1c%7Cedf442f5b9944c86a131b42b03a16c95%7C0%7C0%7C637299836955160825&sdata=0aVUnxK39wxldNxLB3cnphX0TlSB7HnJW16ASa1qJYk%3D&reserved=0> curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. # kubectl logs -f dev-aaf-sms-7fb7bc7585-2zzwr INFO: 2020/06/23 08:38:21 vault.go:527: Vault is not initialized. Initializing... ERROR: 2020/06/23 08:38:23 auth.go:226: Read from file: open auth/role: no such file or directory WARNING: 2020/06/23 08:38:23 vault.go:389: Unable to find RoleID. Generating... ERROR: 2020/06/23 08:38:23 vault.go:405: Creating Policy: Error making API request. URL: PUT http://aaf-sms-db:8200/v1/sys/policy/smsvaultpolicy Code: 503. Errors: * Vault is sealed ERROR: 2020/06/23 08:38:23 vault.go:85: InitRole First Attempt: Unable to create policy for approle creation INFO: 2020/06/23 08:38:23 vault.go:86: InitRole will try again later WARNING: 2020/06/23 08:38:23 auth.go:85: Pemfile has extra data WARNING: 2020/06/23 08:38:23 auth.go:85: Pemfile has extra data WARNING: 2020/06/23 08:39:18 vault.go:389: Unable to find RoleID. Generating... ERROR: 2020/06/23 08:39:18 auth.go:226: Read from file: open auth/role: no such file or directory ERROR: 2020/06/24 06:59:49 vault.go:289: Create Domain: Error making API request. URL: POST http://aaf-sms-db:8200/v1/sys/mounts/sms/e2401dc3-5d98-f282-dcb7-95d3d930a43a Code: 400. Errors: * failed to update mount table ERROR: 2020/06/24 06:59:49 handler.go:270: HealthCheck Create Domain: Unable to create Secret Domain ERROR: 2020/06/24 07:00:00 vault.go:97: Getting Status: Error making API request. URL: GET http://aaf-sms-db:8200/v1/sys/seal-status Code: 500. Errors: * Get http://localhost:8500/v1/kv/smsvault/core/cluster/local/info: dial tcp 127.0.0.1:8500: connect: connection refused ERROR: 2020/06/24 07:00:00 handler.go:162: StatusHandler: Error getting status ERROR: 2020/06/24 07:00:05 vault.go:97: Getting Status: Error making API request. URL: GET http://aaf-sms-db:8200/v1/sys/seal-status Code: 500. Errors: * Get http://localhost:8500/v1/kv/smsvault/core/cluster/local/info: dial tcp 127.0.0.1:8500: connect: connection refused ERROR: 2020/06/24 07:00:05 handler.go:162: StatusHandler: Error getting status ERROR: 2020/06/24 07:00:08 vault.go:97: Getting Status: Error making API request. URL: GET http://aaf-sms-db:8200/v1/sys/seal-status Please help us in this issue. Thanks & Regards, Thamlur Raju _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21658): https://lists.onap.org/g/onap-discuss/message/21658 Mute This Topic: https://lists.onap.org/mt/75417944/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
