Dear ONAP team and AAI team, I try to deploy the ONAP Istanbul using OOM, referring to your Quick Start Guide. https://docs.onap.org/projects/onap-oom/en/istanbul/oom_quickstart_guide.html
During the helm deployment, however, *dev-aai-schema-service* *container shows CrashLoopBackOff status.* The log shows that it fails due to the* incorrect keystore password**.* Even though I changed keystore and truststore passwords in "oom/kubernetes/aai/values.yaml" from "OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0" to "changeit", it didn't work. (Also, I confirmed that the update is applied in my helm repo by building AAI again.) While I found an email archive that is probably related to the problem, there was no solution for this. https://lists.onap.org/g/onap-discuss/topic/what_is_aai_ssl_keystore/77178744?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,20,77178744 I would appreciate any references to solve this issue related to keystore password. For your reference, I attach the following information. --- *[Environment]* - ONAP Istanbul v9.0.0 - Docker v19.03.11 - Helm v3.6.3 - Kubernetes / kubectl v1.19.16 *[Command]* $ helm deploy dev local/onap --namespace onap --create-namespace -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/onap-5g-network-slicing.yaml --set global.masterPassword=mypassword --timeout 900s *[Log in **dev-aai-schema-service Container**]* *...* 2022-03-14 02:23:12.903 DEBUG 11 --- [ main] o.o.a.schemaservice.config.ErrorHandler : Filter 'errorHandler' configured for use 2022-03-14 02:23:13.122 ERROR 11 --- [ main] o.s.boot.SpringApplication : Application run failed org.springframework.boot.web.server.WebServerException: Unable to start embedded Jetty server at org.springframework.boot.web.embedded.jetty.JettyWebServer.start(JettyWebServer.java:165) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391) at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) at org.onap.aai.schemaservice.SchemaServiceApp.main(SchemaServiceApp.java:80) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:578) Caused by: java.io.IOException: keystore password was incorrect at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source) at java.base/java.security.KeyStore.load(Unknown Source) at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:54) at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1188) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:323) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.springframework.boot.web.embedded.jetty.JettyWebServer.start(JettyWebServer.java:146) ... 16 common frames omitted Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. ... 35 common frames omitted 2022-03-14 02:23:13.126 DEBUG 11 --- [ main] o.o.aai.schemaservice.SchemaServiceApp : SchemaService shutting down -- Best regards, Jiwon Kim -- *Jiwon Kim* -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23917): https://lists.onap.org/g/onap-discuss/message/23917 Mute This Topic: https://lists.onap.org/mt/89768766/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
