Never mind. This got resolved after redeploying the cluster one more time. Thanks!
Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: [email protected] <[email protected]> on behalf of [email protected] <[email protected]> Sent: Friday, October 29, 2021 3:40:54 PM To: onap-discuss <[email protected]> Subject: [onap-discuss] Ejbca pod does not come up correctly at I release deployment Hi, Team, I ran into the following ejbca pod error when deploying I release locally. Any insight? ubuntu@onap-rancher-vm:~$ kubectl get po -n onap | grep ej dev-ejbca-5bb84bc9b6-4rh5w 0/1 PostStartHookError: command '/bin/sh -c /opt/primekey/scripts/ejbca -config.sh' exited with 1: 0 7m10s dev-ejbca-config-config-job-sxfc6 0/1 Completed 0 27h Normal Killing 3m34s kubelet FailedPostStartHook Warning FailedPostStartHook 3m34s kubelet Exec lifecycle hook ([/bin/sh -c /opt/primekey/scripts/ejbca-config.sh]) for Container "ejbca-ejbca" in Pod "dev-ejbca-5bb84bc9b6-4rh5w_onap(6e8d2a8e-8e7d-428c-b412-f6db8d52c1fa)" failed - error: command '/bin/sh -c /opt/primekey/scripts/ejbca-config.sh' exited with 1: , message: "2021-10-29 20:26:48,495+0000 ERROR [org.ejbca.ui.cli.ca.CaInitCommand] (main) Error: CA 'ManagementCA' exists already\n2021-10-29 20:26:51,354+0000 INFO [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmpRA' already exists.\n2021-10-29 20:26:54,261+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.operationmode=ra\n2021-10-29 20:26:54,300+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.operationmode=ra\n2021-10-29 20:26:57,363+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Modifying 'ManagementCA'...\n2021-10-29 20:26:57,443+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Current value of cmpRaAuthSecret is 'ZosjCekaSiwk8;'.\n2021-10-29 20:26:57,443+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Storing modified CA info for CA 'ManagementCA'...\n2021-10-29 20:26:57,630+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Reading modified value for verification...\n2021-10-29 20:26:57,653+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) cmpRaAuthSecret returned value 'ZosjCekaSiwk8;'.\n2021-10-29 20:27:00,496+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.responseprotection=signature\n2021-10-29 20:27:00,521+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.responseprotection=signature\n2021-10-29 20:27:03,328+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-10-29 20:27:03,353+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-10-29 20:27:06,164+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationparameters=-;ManagementCA\n2021-10-29 20:27:06,188+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationparameters=-;ManagementCA\n2021-10-29 20:27:09,020+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.allowautomatickeyupdate=true\n2021-10-29 20:27:09,043+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.allowautomatickeyupdate=true\n2021-10-29 20:27:11,882+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Importing certificate and end entity profiles: \n2021-10-29 20:27:11,911+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..2021_10_29_20_24_22.921391032'\n2021-10-29 20:27:11,911+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..data'\n2021-10-29 20:27:11,911+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'certprofile_CUSTOM_ENDUSER-1834889499.xml'\n2021-10-29 20:27:11,952+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Certificate profile 'CUSTOM_ENDUSER' already exist in database.\n2021-10-29 20:27:11,952+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'entityprofile_Custom_EndEntity-1356531849.xml'\n2021-10-29 20:27:11,998+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Entity profile 'Custom_EndEntity' already exist in database.\n2021-10-29 20:27:15,043+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-10-29 20:27:15,069+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-10-29 20:27:18,040+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.endentityprofileid=1356531849\n2021-10-29 20:27:18,067+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.endentityprofileid=1356531849\n2021-10-29 20:27:23,857+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-10-29 20:27:23,882+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-10-29 20:27:26,807+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentitycertificate.omitverifications = false\n2021-10-29 20:27:26,808+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.response.extracertsca = \n2021-10-29 20:27:26,808+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.certreqhandler.class = \n2021-10-29 20:27:26,808+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentityprofileid = 1356531849\n2021-10-29 20:27:26,808+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowraverifypopo = false\n2021-10-29 20:27:26,808+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowservergenkeys = false\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.defaultca = UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.vendorcertificatemode = false\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.passwordgenparams = random\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationpostfix = \n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationscheme = DN\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentityprofile = EMPTY\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.caname = ManagementCA\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationprefix = \n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.extractusernamecomponent = DN\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.authenticationparameters = -;ManagementCA\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationparameters = CN\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.allowcustomcertserno = false\n2021-10-29 20:27:26,809+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.racertificatepath = \n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.certificateprofile = CUSTOM_ENDUSER\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowupdatewithsamekey = true\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.responseprotection = signature\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.operationmode = ra\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.authenticationmodule = HMAC;EndEntityCertificate\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.vendorca = \n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowautomatickeyupdate = true\n2021-10-29 20:27:26,810+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.response.capubsca = \n2021-10-29 20:27:29,723+0000 INFO [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmp' already exists.\n2021-10-29 20:27:32,495+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.allowautomatickeyupdate=true\n2021-10-29 20:27:32,526+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.allowautomatickeyupdate=true\n2021-10-29 20:27:35,411+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.responseprotection=pbe\n2021-10-29 20:27:35,438+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.responseprotection=pbe\n2021-10-29 20:27:38,297+0000 INFO [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) Using certificate profile: ENDUSER, with id: 1\n2021-10-29 20:27:38,303+0000 ERROR [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) ERROR: User 'Node123' already exists in the database.\n2021-10-29 20:27:41,078+0000 INFO [org.ejbca.ui.cli.ra.SetCleartextPasswordCommand] (main) Setting clear text password for user Node123\n2021-10-29 20:27:43,863+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.extractusernamecomponent=CN\n2021-10-29 20:27:43,887+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.extractusernamecomponent=CN\n2021-10-29 20:27:46,843+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.passwordgenparams = random\n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.vendorca = \n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.certificateprofile = ENDUSER\n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.operationmode = client\n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.racertificatepath = \n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.response.extracertsca = \n2021-10-29 20:27:46,844+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.caname = ManagementCA\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentityprofileid = 1\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.authenticationparameters = -;-\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.responseprotection = pbe\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowupdatewithsamekey = true\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowraverifypopo = false\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.vendorcertificatemode = false\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationpostfix = \n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentityprofile = EMPTY\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.response.capubsca = \n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.authenticationmodule = RegTokenPwd;HMAC\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationprefix = \n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowautomatickeyupdate = true\n2021-10-29 20:27:46,845+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationparameters = CN\n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.extractusernamecomponent = CN\n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationscheme = DN\n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.defaultca = \n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.allowcustomcertserno = false\n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentitycertificate.omitverifications = false\n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.certreqhandler.class = \n2021-10-29 20:27:46,846+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowservergenkeys = false\n2021-10-29 20:27:52,759+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleCommand] (main) ERROR: Role of name Certificate Update Admin already exists.\n2021-10-29 20:27:55,804+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca/ManagementCA/'.\n2021-10-29 20:27:58,920+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca_functionality/create_certificate/'.\n2021-10-29 20:28:01,875+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/endentityprofilesrules/Custom_EndEntity/'.\n2021-10-29 20:28:04,692+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ra_functionality/edit_end_entity/'.\n2021-10-29 20:28:07,662+0000 INFO [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) Match TokenType is assumed to be 'CertificateAuthenticationToken'.\n2021-10-29 20:28:07,806+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) The role member Linux-Foundation was not added because it already exists in the role Certificate Update Admin\n" Normal Pulling 3m25s (x2 over 7m10s) kubelet Pulling image "docker.io/primekey/ejbca-ce:7.4.3.2" Normal Pulled 3m25s kubelet Successfully pulled image "docker.io/primekey/ejbca-ce:7.4.3.2" in 648.071714ms Normal Created 3m23s (x2 over 6m48s) kubelet Created container ejbca-ejbca Normal Started 3m23s (x2 over 6m48s) kubelet Started container ejbca-ejbca Thanks, Xin Miao Solution Engineering Fujitsu Network Communication (W)972-479-2263 (M)469-268-5226 2811 Telecom Drive Richardson, TX 75081, USA -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23633): https://lists.onap.org/g/onap-discuss/message/23633 Mute This Topic: https://lists.onap.org/mt/86686560/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
