Hi Kamel/Thamlur/Sylvain, Does the below approach fixes the issue? I am also facing the same issue currently with Frankfurt. PFA.
Any quick help/guidance will be appreciated. Regards, Kuldeep From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of Kamel Idir via lists.onap.org Sent: Saturday, July 18, 2020 9:30 AM To: Thamlur Raju <tr00568...@techmahindra.com>; onap-discuss@lists.onap.org Subject: Re: [onap-discuss] aaf-cert-service pod went to CrashLoopBackOff State #frankfurt #aaf [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hi Thamlur, Do u have the procedure on how to patch AAF CertService? for my case I deployed ONAP from frankfurt branch. So I assume I should use the following: git fetch "https://gerrit.onap.org/r/oom" refs/changes/51/109951/3 && git cherry-pick FETCH_HEAD git fetch "https://gerrit.onap.org/r/oom" refs/changes/51/109951/3 && git format-patch -1 --stdout FETCH_HEAD git pull "https://gerrit.onap.org/r/oom" refs/changes/51/109951/3 Thanks, Kamel ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21737): https://lists.onap.org/g/onap-discuss/message/21737 Mute This Topic: https://lists.onap.org/mt/75421908/21656 Mute #aaf: https://lists.onap.org/g/onap+onap-discuss/mutehashtag/aaf Mute #frankfurt: https://lists.onap.org/g/onap+onap-discuss/mutehashtag/frankfurt Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
ubuntu@onap-dub-controller-1:~/oom/kubernetes$ kubectl -n onap describe pod jul21-aaf-cert-service-75dc94b5-ldqsv ... ... ... Containers: aaf-cert-service: Container ID: docker://2991af9da017189cacd15025caaeb4b7c78a2a4eb0d7842e451591ed0394165e Image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 Image ID: docker-pullable://nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api@sha256:8798c552080c59440fbd69a108da0f742eea70b17376fb82e3e7fc59b000cec3 Port: 8443/TCP Host Port: 0/TCP State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Error Exit Code: 143 Started: Tue, 21 Jul 2020 15:24:32 +0000 Finished: Tue, 21 Jul 2020 15:25:58 +0000 Ready: False Restart Count: 11 Liveness: exec [/bin/bash -c curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD] delay=60s timeout=1s period=10s #success=1 #failure=3 Readiness: exec [/bin/bash -c curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD] delay=30s timeout=1s period=10s #success=1 #failure=3 Environment: HTTPS_PORT: 8443 KEYSTORE_PATH: /etc/onap/aaf/certservice/certs//certServiceServer-keystore.jks KEYSTORE_P12_PATH: /etc/onap/aaf/certservice/certs//certServiceServer-keystore.p12 TRUSTSTORE_PATH: /etc/onap/aaf/certservice/certs//truststore.jks ROOT_CERT: /etc/onap/aaf/certservice/certs//root.crt KEYSTORE_PASSWORD: <set to the key 'password' in secret 'jul21-keystore-password'> Optional: false TRUSTSTORE_PASSWORD: <set to the key 'password' in secret 'jul21-truststore-password'> Optional: false Mounts: /etc/onap/aaf/certservice from aaf-cert-service-volume (rw) /etc/onap/aaf/certservice/certs/ from aaf-cert-service-server-tls-volume (ro) /var/run/secrets/kubernetes.io/serviceaccount from default-token-jbq5p (ro) ... ... ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulling 43m (x3 over 63m) kubelet, onap-dub-worker-3 Pulling image "oomk8s/readiness-check:2.0.2" Normal Pulled 43m (x3 over 63m) kubelet, onap-dub-worker-3 Successfully pulled image "oomk8s/readiness-check:2.0.2" Normal Started 43m (x3 over 63m) kubelet, onap-dub-worker-3 Started container wait-for-ejbca Normal Created 43m (x3 over 63m) kubelet, onap-dub-worker-3 Created container wait-for-ejbca Normal Pulling 34m kubelet, onap-dub-worker-3 Pulling image "dibi/envsubst" Normal Pulled 34m kubelet, onap-dub-worker-3 Successfully pulled image "dibi/envsubst" Normal Created 34m kubelet, onap-dub-worker-3 Created container subsitute-envs Normal Started 34m kubelet, onap-dub-worker-3 Started container subsitute-envs Normal Pulled 33m kubelet, onap-dub-worker-3 Successfully pulled image "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0" Normal Created 33m kubelet, onap-dub-worker-3 Created container aaf-cert-service Warning Unhealthy 32m (x2 over 32m) kubelet, onap-dub-worker-3 Liveness probe failed: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Normal Killing 31m kubelet, onap-dub-worker-3 Container aaf-cert-service failed liveness probe, will be restarted Warning Unhealthy 31m kubelet, onap-dub-worker-3 Liveness probe failed: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Normal Started 28m (x4 over 33m) kubelet, onap-dub-worker-3 Started container aaf-cert-service Normal Pulling 13m (x9 over 34m) kubelet, onap-dub-worker-3 Pulling image "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0" Warning BackOff 8m25s (x48 over 22m) kubelet, onap-dub-worker-3 Back-off restarting failed container Warning Unhealthy 3m15s (x66 over 32m) kubelet, onap-dub-worker-3 Readiness probe failed: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.