Hi, I deployed the Istanbul version of ONAP and the following error occurred in the aaf-config container of each pod.
> > > > $ kubectl logs dev-sdnc-0 -n onap -c sdnc-aaf-config > > > > Caller Properties Initialized > > > > cat SSO > > > > cadi_keyfile=/root/.aaf/keyfile > > > > [email protected] > > > > aaf_password=enc:WNTYFAcGt2rW6yhUVp1zaxkH4kZOWD0QIPiGbsV9F3X > > > > aaf_locate_url= https://-locator.:8095 > > > > aaf_url_cm= https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1 > > > > aaf_url= https://AAF_LOCATE_URL/%CNS.%NS.service:2.1 > > > > cadi_truststore=/root/.aaf/truststoreONAPall.jks > > > > cadi_truststore_password=changeit > > > > cadi_latitude= > > > > cadi_longitude= > > > > hostname=sdnc > > > > aaf_locator_fqdn=sdnc > > > > aaf_locator_container=oom > > > > aaf_locator_container_ns=onap > > > > aaf_locate_url= https://aaf-locate.onap:8095 > > > > aaf_locator_app_ns=org.osaaf.aaf > > > > cadi_longitude=-72.0 > > > > cadi_latitude=38.0 > > > > aaf_locator_public_fqdn=sdnc.onap.org > > > > /opt/app/osaaf/local exists > > > > Existing files in /opt/app/osaaf/local > > > > total 3152 > > > > -rw-r--r-- 1 root root 16 Aug 21 19:04 VERSION > > > > -rw-r--r-- 1 root root 3058405 Aug 21 19:04 > aaf-cadi-aaf-2.1.20-full.jar > > > > -rwxr-xr-x 1 root root 49 Aug 21 19:04 agent > > > > -rwxr-xr-x 1 root root 54 Aug 21 19:04 cadi > > > > -rw-r--r-- 1 root root 0 Aug 21 19:04 org.onap.sdnc > > > > -r-------- 1 root root 2074 Aug 21 18:15 > org.onap.sdnc.keyfile > > > > -rw-r--r-- 1 root root 147551 Aug 21 18:15 > truststoreONAPall.jks > > > > Namespace is org.onap.sdnc > > > > #### Create Configuration files > > > > Writing to /opt/app/osaaf/local > > > > Passed in Truststore is /root/.aaf/truststoreONAPall.jks > > > > New Truststore is /opt/app/osaaf/local/truststoreONAPall.jks > > > > 2023-08-21T19:09:19.507+0000: Trans Info > > > > REMOTE Get Configuration 480.8341ms > > > > > > > > org.onap.aaf.misc.env.APIException: Cannot connect to ' > https://aaf-locate.onap:8095/configure/[email protected]/aaf' > ( https://aaf-locate.onap:8095/configure/[email protected]/aaf%27 ) (Root > URI: ' https://aaf-locate.onap:8095') > > > > at org.onap.aaf.cadi.http.HClient.send(HClient.java:159) > > > > at org.onap.aaf.cadi.client.Rcli.read(Rcli.java:421) > > > > at org.onap.aaf.cadi.configure.Agent.aafProps(Agent.java:1115) > > > > at org.onap.aaf.cadi.configure.Agent.config(Agent.java:1093) > > > > at org.onap.aaf.cadi.configure.Agent.main(Agent.java:339) > > > > Caused by: javax.net.ssl.SSLHandshakeException: NotAfter: Thu Aug 17 > 18:51:37 GMT 2023 > > > > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) > > > > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320) > > > > > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263) > > > > > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258) > > > > > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:641) > > > > > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460) > > > > > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) > > > > > at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) > > > > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) > > > > > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) > > > > > at > java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177) > > > > > at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) > > > > at > java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) > > > > at > java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) > > > > > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) > > > > > at java.base/sun.net. > www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) > > > > > at java.base/sun.net. > www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > > > > > at java.base/sun.net. > www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168) > > > > > at org.onap.aaf.cadi.http.HClient.send(HClient.java:148) > > > > ... 4 more > > > > Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu > Aug 17 18:51:37 GMT 2023 > > > > at > java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > > > > > at > java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675) > > > > > at > java.base/sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:202) > > > > > at java.base/sun.security.validator.Validator.validate(Validator.java:264) > > > > > at > java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) > > > > > at > java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) > > > > > at > java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) > > > > > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:625) > > > > > ... 18 more > > > > cat: can't open '/opt/app/osaaf/local/org.onap.sdnc.props': No such file > or directory > > Based on the "javax.net.ssl.SSLHandshakeException: NotAfter: Thu Aug 17 18:51:37 GMT 2023" error, I assume that the "org.osaaf.aaf.p12" in aaf-locate has expired. Could you please provide guidance on how to address this issue? Regards Hirahara -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#24515): https://lists.onap.org/g/onap-discuss/message/24515 Mute This Topic: https://lists.onap.org/mt/100870176/21656 Mute #aaf:https://lists.onap.org/g/onap-discuss/mutehashtag/aaf Mute #istanbul:https://lists.onap.org/g/onap-discuss/mutehashtag/istanbul Mute #kubernetes:https://lists.onap.org/g/onap-discuss/mutehashtag/kubernetes Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
