Jorge, Yes certificate problems between clamp and policy are solved but after bouncing the drools pod (kubectl delete pod <drools-pdp-pod> -n onap) am seeing below error in drools pod(dmaap certificate expiry issue).
can you please have a look into it and provide me with any workaround to resolve this issue? Thanks, SaiLakshmi. drools log ========== [2021-03-11T13:35:32.696+00:00|WARN|HostSelector|pool-4-thread-1] All hosts were blacklisted; reverting to full set of hosts. [2021-03-11T13:35:32.696+00:00|INFO|HttpClient|pool-4-thread-1] POST https://message-router:3905/events/POLICY-PDP-PAP (anonymous) ... [2021-03-11T13:35:32.705+00:00|WARN|HttpClient|pool-4-thread-1] Error executing HTTP request. sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed; blacklisting for 2 minutes [2021-03-11T13:35:32.705+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at com.att.nsa.apiClient.http.HttpClient.runCall(HttpClient.java:708) at com.att.nsa.apiClient.http.HttpClient.post(HttpClient.java:456) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.sendBatch(CambriaSimplerBatchPublisher.java:342) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.send(CambriaSimplerBatchPublisher.java:251) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.access$100(CambriaSimplerBatchPublisher.java:31) at com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher$1.run(CambriaSimplerBatchPublisher.java:411) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ... 31 common frames omitted Caused by: java.security.cert.CertPathValidatorException: validity check failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357) ... 37 common frames omitted Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon May 04 00:36:24 GMT 2020 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190) at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ... 42 common frames omitted [2021-03-11T13:35:32.706+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] Send failed, 15 message to send. [2021-03-11T13:35:32.706+00:00|ERROR|CambriaSimplerBatchPublisher|pool-4-thread-1] PUB_CHRONIC_FAILURE: Send failure count is 1676, above threshold 10. [2021-03-11T13:35:33.746+00:00|INFO|CambriaSimplerBatchPublisher|pool-4-thread-1] sending 15 msgs to /events/POLICY-PDP-PAP. Oldest: 1760821 ms On Wed, Mar 10, 2021 at 11:51 PM Jorge Hernandez < [email protected]> wrote: > That's good Sai, if you got to this point, the certificate problems > between clamp and policy are solved, and now you are hitting something else. > > There's a known issue in Dublin where PAP loses synchronization with some > PDPs, which seems to be the case right now with drools-pdp per the > screenshot you sent. In this case, bounce the drools-pdp pod (kubectl > delete pod <drools-pdp-pod> -n onap), and wait a few minutes to give them > time to synchronize, after that, retry the same operation from clamp GUI. > > Best, > Jorge -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22976): https://lists.onap.org/g/onap-discuss/message/22976 Mute This Topic: https://lists.onap.org/mt/80727245/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
