hi Sebastien/Jorge,
We updated the certificates manually for all policy components of dublin
release. But, still the CLAMP is failing to communicate with Policy.
Went through the Reference links mentioned below and based on the source
code added the additional parameters as part of the clamp process.
We Got the clamp logs when we submit the policy from the clamp screen.
Could you please check and let me know what could be the problem.
We would appreciate any help in this regard.
Thanks,
Sai Lakshmi.
aarna@anod-master:~$ kubectl exec -n onap -it
dev-clamp-clamp-58965d97d-v2lgx -c clamp -- /bin/sh
/opt/clamp $ ps -ef| grep java
1 clamp 1:27 java -Djava.security.egd=file:/dev/./urandom -Xms256m
-Xmx1g -jar ./app.jar
-Dcom.att.eelf.logging.file=file:/opt/clamp/logback.xml
*-Dcom.sun.net.ssl.checkRevocation=false
-Dtrust_all_cert=true -Dserver.ssl.key-store=/opt/clamp/clamp-truststore
-Dserver.ssl.trust-store-password=Pol1cy_0nap*
111 clamp 0:00 grep java
08:50:42.619 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@63523c6f:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
RemoteIpAddress: 10.42.1.0; SessionId: 18948F71ED06AE02F548D26BC55AA2E8;
Granted Authorities: ROLE_ANONYMOUS
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.access.vote.AffirmativeBased - Voter:
org.springframework.security.web.access.expression.WebExpressionVoter@57de9aa2,
returned: 1
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.access.vote.AffirmativeBased - Voter:
org.springframework.security.web.access.expression.WebExpressionVoter@57de9aa2,
returned: 1
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- Authorization successful
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- Authorization successful
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- RunAsManager did not change Authentication object
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- RunAsManager did not change Authentication object
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.FilterChainProxy -
/restservices/clds/v2/loop/LOOP_PNF_svc_v1_0_vFWCL_vPKG35001029-17d50_tca_dublin
reached end of additional filter chain; proceeding with original chain
08:50:42.624 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.FilterChainProxy -
/restservices/clds/v2/loop/LOOP_PNF_svc_v1_0_vFWCL_vPKG35001029-17d50_tca_dublin
reached end of additional filter chain; proceeding with original chain
08:50:42.628 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.core.env.PropertySourcesPropertyResolver - Found key
'clamp.config.security.authentication.class' in PropertySource
'configurationProperties' with value of type String
08:50:42.628 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.core.env.PropertySourcesPropertyResolver - Found key
'clamp.config.security.authentication.class' in PropertySource
'configurationProperties' with value of type String
08:50:42.687 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.net.jsse.JSSESupport - Error trying to obtain a
certificate from the client
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:97)
at
org.apache.coyote.AbstractProcessor.populateSslRequestAttributes(AbstractProcessor.java:742)
at
org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:477)
at org.apache.coyote.Request.action(Request.java:432)
at
org.apache.catalina.connector.Request.getAttribute(Request.java:882)
at
org.apache.catalina.connector.Request.getAttributeNames(Request.java:951)
at
org.apache.catalina.connector.RequestFacade.getAttributeNames(RequestFacade.java:298)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
org.apache.camel.http.common.DefaultHttpBinding.populateAttachments(DefaultHttpBinding.java:298)
at
org.apache.camel.http.common.DefaultHttpBinding.readBody(DefaultHttpBinding.java:211)
at
org.apache.camel.http.common.DefaultHttpBinding.readRequest(DefaultHttpBinding.java:109)
at
org.apache.camel.http.common.HttpMessage.<init>(HttpMessage.java:56)
at
org.apache.camel.http.common.CamelServlet.doService(CamelServlet.java:187)
at org.onap.clamp.clds.ClampServlet.doService(ClampServlet.java:130)
at
org.apache.camel.http.common.CamelServlet.service(CamelServlet.java:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
08:50:42.687 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.net.jsse.JSSESupport - Error trying to obtain a
certificate from the client
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:97)
at
org.apache.coyote.AbstractProcessor.populateSslRequestAttributes(AbstractProcessor.java:742)
at
org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:477)
at org.apache.coyote.Request.action(Request.java:432)
at
org.apache.catalina.connector.Request.getAttribute(Request.java:882)
at
org.apache.catalina.connector.Request.getAttributeNames(Request.java:951)
at
org.apache.catalina.connector.RequestFacade.getAttributeNames(RequestFacade.java:298)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
javax.servlet.ServletRequestWrapper.getAttributeNames(ServletRequestWrapper.java:92)
at
org.apache.camel.http.common.DefaultHttpBinding.populateAttachments(DefaultHttpBinding.java:298)
at
org.apache.camel.http.common.DefaultHttpBinding.readBody(DefaultHttpBinding.java:211)
at
org.apache.camel.http.common.DefaultHttpBinding.readRequest(DefaultHttpBinding.java:109)
at
org.apache.camel.http.common.HttpMessage.<init>(HttpMessage.java:56)
at
org.apache.camel.http.common.CamelServlet.doService(CamelServlet.java:187)
at org.onap.clamp.clds.ClampServlet.doService(ClampServlet.java:130)
at
org.apache.camel.http.common.CamelServlet.service(CamelServlet.java:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
08:50:42.694 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.http.Parameters - Set encoding to UTF-8
08:50:42.694 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.http.Parameters - Set encoding to UTF-8
08:50:42.736 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.SendProcessor - >>>>
bean://org.onap.clamp.flow.log.FlowLogOperation?method=startLog%28*%2C+%27GET+Loop%27%29
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1]
08:50:42.736 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.SendProcessor - >>>>
bean://org.onap.clamp.flow.log.FlowLogOperation?method=startLog%28*%2C+%27GET+Loop%27%29
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1]
08:50:42.759 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.util.ObjectHelper - Cannot find class: GETLoop
08:50:42.759 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.util.ObjectHelper - Cannot find class: GETLoop
08:50:42.764 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.util.ObjectHelper - Cannot find class: GETLoop
08:50:42.764 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.util.ObjectHelper - Cannot find class: GETLoop
08:50:42.771 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.Pipeline - Message exchange has failed: so
breaking out of pipeline for exchange:
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1] Exception:
java.lang.ClassCastException: java.lang.String cannot be cast to
org.springframework.security.core.userdetails.UserDetails
08:50:42.771 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.Pipeline - Message exchange has failed: so
breaking out of pipeline for exchange:
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1] Exception:
java.lang.ClassCastException: java.lang.String cannot be cast to
org.springframework.security.core.userdetails.UserDetails
08:50:42.772 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.CatchProcessor - The exception is handled: false
for the exception: java.lang.ClassCastException caused by: java.lang.String
cannot be cast to org.springframework.security.core.userdetails.UserDetails
08:50:42.772 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.CatchProcessor - The exception is handled: false
for the exception: java.lang.ClassCastException caused by: java.lang.String
cannot be cast to org.springframework.security.core.userdetails.UserDetails
08:50:42.773 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.SendProcessor - >>>>
bean://org.onap.clamp.flow.log.FlowLogOperation?method=errorLog%28%29
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1]
08:50:42.773 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.SendProcessor - >>>>
bean://org.onap.clamp.flow.log.FlowLogOperation?method=errorLog%28%29
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1]
08:50:42.779 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.Pipeline - Message exchange has failed: so
breaking out of pipeline for exchange:
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1] Exception:
java.lang.NullPointerException: text
08:50:42.779 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.camel.processor.Pipeline - Message exchange has failed: so
breaking out of pipeline for exchange:
Exchange[ID-dev-clamp-clamp-58965d97d-v2lgx-1614674112728-0-1] Exception:
java.lang.NullPointerException: text
08:50:42.799 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository
- SecurityContext is empty or contents are anonymous - context will not be
stored in HttpSession.
08:50:42.799 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository
- SecurityContext is empty or contents are anonymous - context will not be
stored in HttpSession.
08:50:42.808 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.ExceptionTranslationFilter - Chain
processed normally
08:50:42.808 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.access.ExceptionTranslationFilter - Chain
processed normally
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.context.SecurityContextPersistenceFilter -
SecurityContextHolder now cleared, as request processing completed
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.springframework.security.web.context.SecurityContextPersistenceFilter -
SecurityContextHolder now cleared, as request processing completed
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.coyote.http11.Http11Processor - Socket:
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@37794770
:org.apache.tomcat.util.net.SecureNioChannel@20ad38c4:java.nio.channels.SocketChannel[connected
local=/10.42.2.119:8443 remote=/10.42.1.0:6310]], Status in: [OPEN_READ],
State out: [CLOSED]
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.coyote.http11.Http11Processor - Socket:
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@37794770
:org.apache.tomcat.util.net.SecureNioChannel@20ad38c4:java.nio.channels.SocketChannel[connected
local=/10.42.2.119:8443 remote=/10.42.1.0:6310]], Status in: [OPEN_READ],
State out: [CLOSED]
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.coyote.http11.Http11NioProtocol - Pushed Processor
[org.apache.coyote.http11.Http11Processor@46ae0c98]
08:50:42.809 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.coyote.http11.Http11NioProtocol - Pushed Processor
[org.apache.coyote.http11.Http11Processor@46ae0c98]
08:50:42.810 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.threads.LimitLatch - Counting
down[https-jsse-nio-8443-exec-10] latch=2
08:50:42.810 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.threads.LimitLatch - Counting
down[https-jsse-nio-8443-exec-10] latch=2
08:50:42.810 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.net.NioEndpoint - Socket:
[org.apache.tomcat.util.net.SecureNioChannel@20ad38c4:java.nio.channels.SocketChannel[closed]]
closed
08:50:42.810 [https-jsse-nio-8443-exec-10] DEBUG
org.apache.tomcat.util.net.NioEndpoint - Socket:
[org.apache.tomcat.util.net.SecureNioChannel@20ad38c4:java.nio.channels.SocketChannel[closed]]
closed
On Mon, Mar 1, 2021 at 10:20 PM Vivekanandan Muthukrishnan <
[email protected]> wrote:
> Hi Sebastien/Jorge,
>
> We updated the Policy SSL components with extended SSL certificates. But,
> still the CLAM is failing to communicate with Policy.
>
> I have attached the CLAM log file for your reference and here are the
> Policy component SSL certificate expiry details for your reference.
>
> Could you please check and let me know if we are missing anything. I
> really appreciate your help.
>
> Regards
> Vivek
>
> *CLAMP Error log snippet*
>
> 12:04:40.704 [https-jsse-nio-8443-exec-14] DEBUG
> org.apache.coyote.http11.Http11NioProtocol - Found processor [null] for
> socket [org.12:12:04.579 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting
> to policy-pap.onap/10.43.134.1:6969
> 12:12:04.579 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting
> to policy-pap.onap/10.43.134.1:6969
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.DefaultManagedHttpClientConnection -
> http-outgoing-90: Shutdown connection
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.DefaultManagedHttpClientConnection -
> http-outgoing-90: Shutdown connection
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.execchain.MainClientExec - Connection discarded
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.execchain.MainClientExec - Connection discarded
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.BasicHttpClientConnectionManager - Releasing
> connection [Not bound]
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.http.impl.conn.BasicHttpClientConnectionManager - Releasing
> connection [Not bound]
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.camel.processor.Pipeline - Message exchange has failed: so
> breaking out of pipeline for exchange:
> Exchange[ID-dev-clamp-clamp-7b584b7c4c-ztjqs-1613726836945-0-284]
> Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.camel.processor.Pipeline - Message exchange has failed: so
> breaking out of pipeline for exchange:
> Exchange[ID-dev-clamp-clamp-7b584b7c4c-ztjqs-1613726836945-0-284]
> Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.camel.processor.MulticastProcessor - Message exchange has
> failed: Sequential processing failed for number 0 for exchange:
> Exchange[ID-dev-clamp-clamp-7b584b7c4c-ztjqs-1613726836945-0-284]
> Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 12:12:04.650 [https-jsse-nio-8443-exec-20] DEBUG
> org.apache.camel.processor.MulticastProcessor - Message exchange has
> failed: Sequential processing failed for number 0 for exchange:
> Exchange[ID-dev-clamp-clamp-7b584b7c4c-ztjqs-1613726836945-0-284]
> Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 12:12:04.651 [https-jsse-nio-8443-exec-20] INFO
> remove-all-policy-from-active-pdp-group - Endpoint to delete policy from
> PDP Group:
> https4://policy-pap.onap:6969/pdps/policies/guard.frequency.new/versions/1.0.0
> @
> search hit TOP, continuing at BOTTOM
>
> *Policy Updated SSL certificates*
>
> aarna@anod-master:~$ kubectl get svc -n onap | grep
> 'policy\|pdp\|pap\|drools'
> drools ClusterIP 10.43.83.71 <none>
> 6969/TCP,9696/TCP
> 9h
> pap NodePort 10.43.235.248 <none>
> 8443:30219/TCP,9091:30218/TCP
> 9h
> pdp ClusterIP None <none>
> 8081/TCP
> 9h
> policy-apex-pdp ClusterIP 10.43.23.37 <none>
> 6969/TCP
> 9h
> policy-api ClusterIP 10.43.139.202 <none>
> 6969/TCP
> 9h
> policy-distribution ClusterIP 10.43.130.105 <none>
> 6969/TCP
> 9h
> policy-pap ClusterIP 10.43.255.220 <none>
> 6969/TCP
> 9h
> policy-xacml-pdp ClusterIP 10.43.223.239 <none>
> 6969/TCP
> 9h
> policydb ClusterIP 10.43.120.93 <none>
> 3306/TCP
> 9h
>
>
> policy-xacml-pdp
> aarna@anod-master:~/oom/kubernetes$ echo "" | openssl s_client -showcerts
> -connect 10.43.223.239:6969 2>/dev/null | openssl x509 -inform pem -noout
> -
> text | grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> policy-apex-pdp
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.23.37:6969 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> policy-distribution
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.130.105:6969 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> drools // done
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.83.71:6969 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.83.71:9696 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> pap //done
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.235.248:8443 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.235.248:9091 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> policy-api //done
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.139.202:6969 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> policy-pap //done
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.255.220:9696 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i 'Not Before\|Not After'
> ^C
> aarna@anod-master:~$ echo "" | openssl s_client -showcerts -connect
> 10.43.255.220:6969 2>/dev/null | openssl x509 -inform pem -noout -text |
> grep -i
> 'Not Before\|Not After'
> Not Before: Jun 25 10:07:41 2020 GMT
> Not After : Jun 25 10:07:41 2025 GMT
>
>
> Regards
> Vivek
>
>
>
> On Tue, Feb 23, 2021 at 10:52 PM Vivekanandan Muthukrishnan via
> lists.onap.org <[email protected]> wrote:
>
>> HI Jorge,
>>
>> Thanks for the support. We are currently taking the approach to fix the
>> policy certificate issues.
>>
>> I will keep you posted once we have a working solution.
>>
>> Regards
>> Vivek
>>
>> On Sat, Feb 20, 2021 at 4:12 AM Jorge Hernandez <
>> [email protected]> wrote:
>>
>>> Hello Vivek,
>>>
>>> Another possibility if you have access to a guilin lab is to get the
>>> generated keystore from the pap pod, and use it to replace the keystore in
>>> the "dublin" pap pod.
>>> In guilin, similar to clamp, the keystore is created at container
>>> initialization, same as in pap, so should have fairly recent certificates.
>>>
>>> Another possiblity yet, f you don't have access to guilin lab, is to
>>> copy the static keystore from the policy/pap git repo, I think the certs
>>> there, should still have non-expired certificates.
>>>
>>> I think the certificates SAN section cover the service names from back
>>> to dublin, so I think you should be ok in that regard.
>>>
>>> Best,
>>> Jorge
>>
>>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22932): https://lists.onap.org/g/onap-discuss/message/22932
Mute This Topic: https://lists.onap.org/mt/80727245/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
