jorge, After bouncing dmaap pod, I am still seeing the same error which I shared earlier at clamp GUI. [image: image.png]
Thanks, Sailakshmi. On Thu, Mar 11, 2021 at 7:08 PM Sai Lakshmi Cheedella < [email protected]> wrote: > Jorge, > > Yes certificate problems between clamp and policy are solved but after > bouncing the drools pod (kubectl delete pod <drools-pdp-pod> -n onap) am > seeing below error in drools pod(dmaap certificate expiry issue). > > can you please have a look into it and provide me with any workaround to > resolve this issue? > > Thanks, > SaiLakshmi. > > drools log > ========== > [2021-03-11T13:35:32.696+00:00|WARN|HostSelector|pool-4-thread-1] All > hosts were blacklisted; reverting to full set of hosts. > [2021-03-11T13:35:32.696+00:00|INFO|HttpClient|pool-4-thread-1] POST > https://message-router:3905/events/POLICY-PDP-PAP (anonymous) ... > [2021-03-11T13:35:32.705+00:00|WARN|HttpClient|pool-4-thread-1] Error > executing HTTP request. sun.security.validator.ValidatorException: PKIX > path validation failed: java.security.cert.CertPathValidatorException: > validity check failed; blacklisting for 2 minutes > [2021-03-11T13:35:32.705+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: validity check failed > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) > at > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) > at > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) > at > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) > at > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) > at > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) > at > org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) > at > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) > at > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) > at > com.att.nsa.apiClient.http.HttpClient.runCall(HttpClient.java:708) > at com.att.nsa.apiClient.http.HttpClient.post(HttpClient.java:456) > at > com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.sendBatch(CambriaSimplerBatchPublisher.java:342) > at > com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.send(CambriaSimplerBatchPublisher.java:251) > at > com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher.access$100(CambriaSimplerBatchPublisher.java:31) > at > com.att.nsa.cambria.client.impl.CambriaSimplerBatchPublisher$1.run(CambriaSimplerBatchPublisher.java:411) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: sun.security.validator.ValidatorException: PKIX path validation > failed: java.security.cert.CertPathValidatorException: validity check failed > at > sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) > at sun.security.validator.Validator.validate(Validator.java:262) > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) > ... 31 common frames omitted > Caused by: java.security.cert.CertPathValidatorException: validity check > failed > at > sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) > at > sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) > at > sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) > at > sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) > at > java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) > at > sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357) > ... 37 common frames omitted > Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon > May 04 00:36:24 GMT 2020 > at > sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at > sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at > sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190) > at > sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) > at > sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) > ... 42 common frames omitted > [2021-03-11T13:35:32.706+00:00|WARN|CambriaSimplerBatchPublisher|pool-4-thread-1] > Send failed, 15 message to send. > [2021-03-11T13:35:32.706+00:00|ERROR|CambriaSimplerBatchPublisher|pool-4-thread-1] > PUB_CHRONIC_FAILURE: Send failure count is 1676, above threshold 10. > [2021-03-11T13:35:33.746+00:00|INFO|CambriaSimplerBatchPublisher|pool-4-thread-1] > sending 15 msgs to /events/POLICY-PDP-PAP. Oldest: 1760821 ms > > > > On Wed, Mar 10, 2021 at 11:51 PM Jorge Hernandez < > [email protected]> wrote: > >> That's good Sai, if you got to this point, the certificate problems >> between clamp and policy are solved, and now you are hitting something else. >> >> There's a known issue in Dublin where PAP loses synchronization with some >> PDPs, which seems to be the case right now with drools-pdp per the >> screenshot you sent. In this case, bounce the drools-pdp pod (kubectl >> delete pod <drools-pdp-pod> -n onap), and wait a few minutes to give them >> time to synchronize, after that, retry the same operation from clamp GUI. >> >> Best, >> Jorge > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22977): https://lists.onap.org/g/onap-discuss/message/22977 Mute This Topic: https://lists.onap.org/mt/80727245/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
