Hi Rajiv, We don't have any documentation/link about the certificate configuration steps,
As I mentioned in my previous email, we did the below steps and it worked for us. 1. Downloaded aai_keystore file given in below ticket and copied this to oom/kubernetes/aai/resources/config/aai/aai_keystore https://gerrit.onap.org/r/c/oom/+/125633 2. undeployed ONAP 3. Build the oom helm ~/oom/kubernetes $ make SKIP_LINT=TRUE all ~/oom/kubernetes $ make onap -e SKIP_LINT=TRUE 4. create onap namespace $ kubectl create namespace onap 5. Deploy onap using helm deploy Regards, Kavitha On Tue, Feb 1, 2022 at 8:55 PM Rajiv Vishwkarma <[email protected]> wrote: > Hi Kavitha, > > > > Can you pls share the link for “how to configure the certificate” > > > > Thanks in advance. > > > > > > Thanks & Regards > > Rajiv Vishwkarma > > 7838306060 > > > > *From:* [email protected] <[email protected]> *On > Behalf Of *Kavitha Papanna via lists.onap.org > *Sent:* Tuesday, February 1, 2022 7:44 PM > *To:* Vishal Sharma <[email protected]> > *Cc:* [email protected]; [email protected]; girish_kumar > <[email protected]> > *Subject:* Re: [onap-discuss] AAI Certificate for earlier versions of > ONAP #aai > > > > [CAUTION: This Email is from outside the Organization. Unless you trust > the sender, Don’t click links or open attachments as it may be a Phishing > email, which can steal your Information and compromise your Computer.] > > Hi Vishal, > > > > We verified the AAI resources and Tranversal Pods and these have valid > certificates . We are able to query AAI. > > > > If we don't have valid certificates then AAI components like Resources > will not be in running status , it will be in crashloop error status. > > Hope this helps. > > > > Regards, > > Kavitha > > > > On Tue, Feb 1, 2022 at 3:52 PM Vishal Sharma <[email protected]> > wrote: > > Hi Kavita, > > > > PODs might got up, but have you checked the communication happening > between SO and AAI, which is actually affecting the Certificate expiry. > > > > BR// > > Vishal Sharma > > > > > > *From:* [email protected] <[email protected]> *On > Behalf Of *Kavitha Papanna via lists.onap.org > <https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.onap.org%2F&data=04%7C01%7Crajiv.v%40hcl.com%7C6e09fbb8192542b4083708d9e58d196a%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637793216460019870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OoV7Hk%2BWRYC9V%2B%2BHP672t98IJ%2BgCxCaWH6cGinPXlE4%3D&reserved=0> > *Sent:* 01 February 2022 14:50 > *To:* [email protected]; Kavitha Papanna < > [email protected]> > *Cc:* [email protected] > *Subject:* Re: [onap-discuss] AAI Certificate for earlier versions of > ONAP #aai > > > > Hi All, > > > > We did the following steps , after which AAI pods were up and running > successfully. > > > > 1. Downloaded aai_keystore file given in below ticket and copied this to > oom/kubernetes/aai/resources/config/aai/aai_keystore > > > > https://gerrit.onap.org/r/c/oom/+/125633 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2Fc%2Foom%2F%2B%2F125633&data=04%7C01%7Crajiv.v%40hcl.com%7C6e09fbb8192542b4083708d9e58d196a%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637793216460019870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0BcP%2Bob5KaRqkEs6LuBH3pn9sI7vr7hp4it5JbgTV2Y%3D&reserved=0> > > > > 2. undeployed ONAP > > > > 3. Build the oom helm > > ~/oom/kubernetes $ make SKIP_LINT=TRUE all > > ~/oom/kubernetes $ make onap -e SKIP_LINT=TRUE > > > > 4. create onap namespace > > $ kubectl create namespace onap > > > > 5. Deploy onap using helm deploy > > > > Regards, > > Kavitha > > > > On Tue, Feb 1, 2022 at 9:09 AM Kavitha Papanna via lists.onap.org > <https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.onap.org%2F&data=04%7C01%7Crajiv.v%40hcl.com%7C6e09fbb8192542b4083708d9e58d196a%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637793216460019870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OoV7Hk%2BWRYC9V%2B%2BHP672t98IJ%2BgCxCaWH6cGinPXlE4%3D&reserved=0> > <[email protected]> wrote: > > Hi All, > > > > We also have the same issue , AAI resource and Transversal pods are not > coming up due to certificates Expired. > > > > I see there is only kubernetes/aai/resources/config/aai/aai_keystore > uploaded into the ticket below , however no key files related to resources > and Transversal. > > > > https://gerrit.onap.org/r/c/oom/+/125633 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgerrit.onap.org%2Fr%2Fc%2Foom%2F%2B%2F125633&data=04%7C01%7Crajiv.v%40hcl.com%7C6e09fbb8192542b4083708d9e58d196a%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637793216460019870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0BcP%2Bob5KaRqkEs6LuBH3pn9sI7vr7hp4it5JbgTV2Y%3D&reserved=0> > > > > Please let us know if there are any documentation to generate this > .keyfile and .p12 files for AAI components . > > > > Regards, > > Kavitha > > > > On Thu, Jan 27, 2022 at 10:17 PM ullaskumar_y via lists.onap.org > <https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.onap.org%2F&data=04%7C01%7Crajiv.v%40hcl.com%7C6e09fbb8192542b4083708d9e58d196a%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637793216460176529%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Sg0gUaTheC27iwqEN3Y65uKmVw2GLTR6RcL3M7kDqUw%3D&reserved=0> > <[email protected]> wrote: > > Hello All, > > Please let us know what is the way forward for certificate expiration in > AAI. Are are any steps to create org.onap.aai.keyfile / org.onap.aai.p12 > files ? > > Regards, > Ullas > > > > This email, including any attachments, is confidential. If you have > received this email in error, please let me know and then delete it - do > not read, use, or distribute it or its contents. This email does not > designate an information system for the purposes of the Contract and > Commercial Law Act 2017. > > > > > ::DISCLAIMER:: > ------------------------------ > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. E-mail transmission is not > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or may contain > viruses in transmission. The e mail and its contents (with or without > referred errors) shall therefore not attach any liability on the originator > or HCL or its affiliates. Views or opinions, if any, presented in this > email are solely those of the author and may not necessarily reflect the > views or opinions of HCL or its affiliates. Any form of reproduction, > dissemination, copying, disclosure, modification, distribution and / or > publication of this message without the prior written consent of authorized > representative of HCL is strictly prohibited. If you have received this > email in error please delete it and notify the sender immediately. Before > opening any email and/or attachments, please check them for viruses and > other defects. > ------------------------------ > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23778): https://lists.onap.org/g/onap-discuss/message/23778 Mute This Topic: https://lists.onap.org/mt/88672513/21656 Mute #aai:https://lists.onap.org/g/onap-discuss/mutehashtag/aai Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
