Re: [onap-discuss] Policy Pod (policy-xacml-pdp) failing - Cert Issue

Mon, 09 Aug 2021 09:48:44 -0700 

​Hi Atif,


Most probably the dmaap message router certificate has expired in your setup. 
Kindly check the version you are using and any latest release with new 
certificates.


Also, take a look at network log of other component (apex, pap, drools), they 
should be failing with the same exception too.


Regards,

Ram


________________________________
From: [email protected] <[email protected]> on behalf of 
Syed Atif Husain via lists.onap.org <[email protected]>
Sent: August 9, 2021 7:20 AM
To: [email protected]
Cc: Praveen Santhakumari
Subject: [EXT][onap-discuss] Policy Pod (policy-xacml-pdp) failing - Cert Issue

Hi

One of the policy pod is failing because of certificate issue. Is it because of 
xacml-pdp  cert or dmaap message router certificate issue ?
How do we renew the certificate in AAF?. Any documentation on the steps to be 
followed ?


vmadmin@ip-100-64-16-122:~$ kubectl get pods -n onap | grep policy
dev-policy-apex-pdp-0                           1/1     Running            0    
      11h
dev-policy-api-5c4889c84c-crjfc                 1/1     Running            0    
      11h
dev-policy-distribution-6857b6d98-55n2c         1/1     Running            0    
      11h
dev-policy-drools-pdp-0                         1/1     Running            0    
      11h
dev-policy-galera-config-6zwgp                  0/1     Completed          0    
      11h
dev-policy-mariadb-0                            1/1     Running            0    
      11h
dev-policy-pap-65884676bf-49xhp                 1/1     Running            0    
      11h
dev-policy-xacml-pdp-58b57fc8ff-wsw9r           0/1     CrashLoopBackOff   177  
      10h



[2021-08-06T16:58:22.028+00:00|ERROR|CambriaSimplerBatchPublisher|pool-2-thread-1]
 PUB_CHRONIC_FAILURE: Send failure count is 57, above threshold 10.
[2021-08-06T16:58:23.056+00:00|INFO|XacmlPdpHearbeatPublisher|pool-3-thread-1] 
Sending Xacml PDP heartbeat to the PAP - 
PdpStatus(super=PdpMessage(messageName=PDP_STATUS, 
requestId=5cc50689-4d49-4c74-90eb-11b80247674b, timestampMs=1628269103056, 
name=dev-policy-xacml-pdp-58b57fc8ff-wsw9r, pdpGroup=defaultGroup, 
pdpSubgroup=null), pdpType=xacml, state=PASSIVE, healthy=HEALTHY, 
description=null, policies=[], deploymentInstanceInfo=null, properties=null, 
statistics=null, response=null)
[2021-08-06T16:58:23.057+00:00|INFO|network|pool-3-thread-1] 
[OUT|DMAAP|POLICY-PDP-PAP]
{"pdpType":"xacml","state":"PASSIVE","healthy":"HEALTHY","policies":[],"messageName":"PDP_STATUS","requestId":"5cc50689-4d49-4c74-90eb-11b80247674b","timestampMs":1628269103056,"name":"dev-policy-xacml-pdp-58b57fc8ff-wsw9r","pdpGroup":"defaultGroup"}
[2021-08-06T16:58:23.070+00:00|INFO|CambriaSimplerBatchPublisher|pool-2-thread-1]
 sending 2 msgs to /events/POLICY-PDP-PAP. Oldest: 60014 ms
[2021-08-06T16:58:23.070+00:00|WARN|HostSelector|pool-2-thread-1] All hosts 
were blacklisted; reverting to full set of hosts.
[2021-08-06T16:58:23.070+00:00|INFO|HttpClient|pool-2-thread-1] POST 
https://message-router:3905/events/POLICY-PDP-PAP (anonymous) ...
[2021-08-06T16:58:23.078+00:00|WARN|HttpClient|pool-2-thread-1] Error executing 
HTTP request. PKIX path validation failed: 
java.security.cert.CertPathValidatorException: validity check failed; 
blacklisting for 2 minutes
[2021-08-06T16:58:23.078+00:00|WARN|CambriaSimplerBatchPublisher|pool-2-thread-1]
 PKIX path validation failed: java.security.cert.CertPathValidatorException: 
validity check failed
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: 
java.security.cert.CertPathValidatorException: validity check failed
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
        at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
        at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at 
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
        at 
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)

Regards,
Atif
________________________________
External Email: Please use caution when opening links and attachments / 
Courriel externe: Soyez prudent avec les liens et documents joints



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#23471): https://lists.onap.org/g/onap-discuss/message/23471
Mute This Topic: https://lists.onap.org/mt/84764258/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to