Hi Kamel/Thamlur/Sylvain,
Does the below approach fixes the issue?
I am also facing the same issue currently with Frankfurt. PFA.
Any quick help/guidance will be appreciated.
Regards,
Kuldeep
From: onap-discuss@lists.onap.org <onap-discuss@lists.onap.org> On Behalf Of
Kamel Idir via lists.onap.org
Sent: Saturday, July 18, 2020 9:30 AM
To: Thamlur Raju <tr00568...@techmahindra.com>; onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] aaf-cert-service pod went to CrashLoopBackOff State
#frankfurt #aaf
[CAUTION: This Email is from outside the Organization. Unless you trust the
sender, Don’t click links or open attachments as it may be a Phishing email,
which can steal your Information and compromise your Computer.]
Hi Thamlur,
Do u have the procedure on how to patch AAF CertService? for my case I
deployed ONAP from frankfurt branch.
So I assume I should use the following:
git fetch "https://gerrit.onap.org/r/oom"; refs/changes/51/109951/3 && git
cherry-pick FETCH_HEAD
git fetch "https://gerrit.onap.org/r/oom"; refs/changes/51/109951/3 && git
format-patch -1 --stdout FETCH_HEAD
git pull "https://gerrit.onap.org/r/oom"; refs/changes/51/109951/3
Thanks,
Kamel
::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended
for the named recipient(s) only. E-mail transmission is not guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or may contain viruses in transmission.
The e mail and its contents (with or without referred errors) shall therefore
not attach any liability on the originator or HCL or its affiliates. Views or
opinions, if any, presented in this email are solely those of the author and
may not necessarily reflect the views or opinions of HCL or its affiliates. Any
form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written
consent of authorized representative of HCL is strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. Before opening any email and/or attachments, please check them for
viruses and other defects.
________________________________
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21737): https://lists.onap.org/g/onap-discuss/message/21737
Mute This Topic: https://lists.onap.org/mt/75421908/21656
Mute #aaf: https://lists.onap.org/g/onap+onap-discuss/mutehashtag/aaf
Mute #frankfurt:
https://lists.onap.org/g/onap+onap-discuss/mutehashtag/frankfurt
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
ubuntu@onap-dub-controller-1:~/oom/kubernetes$ kubectl -n onap describe pod
jul21-aaf-cert-service-75dc94b5-ldqsv
...
...
...
Containers:
aaf-cert-service:
Container ID:
docker://2991af9da017189cacd15025caaeb4b7c78a2a4eb0d7842e451591ed0394165e
Image:
nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
Image ID:
docker-pullable://nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api@sha256:8798c552080c59440fbd69a108da0f742eea70b17376fb82e3e7fc59b000cec3
Port: 8443/TCP
Host Port: 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 143
Started: Tue, 21 Jul 2020 15:24:32 +0000
Finished: Tue, 21 Jul 2020 15:25:58 +0000
Ready: False
Restart Count: 11
Liveness: exec [/bin/bash -c curl
https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type
p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD] delay=60s timeout=1s
period=10s #success=1 #failure=3
Readiness: exec [/bin/bash -c curl https://localhost:$HTTPS_PORT/ready
--cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass
$KEYSTORE_PASSWORD] delay=30s timeout=1s period=10s #success=1 #failure=3
Environment:
HTTPS_PORT: 8443
KEYSTORE_PATH:
/etc/onap/aaf/certservice/certs//certServiceServer-keystore.jks
KEYSTORE_P12_PATH:
/etc/onap/aaf/certservice/certs//certServiceServer-keystore.p12
TRUSTSTORE_PATH: /etc/onap/aaf/certservice/certs//truststore.jks
ROOT_CERT: /etc/onap/aaf/certservice/certs//root.crt
KEYSTORE_PASSWORD: <set to the key 'password' in secret
'jul21-keystore-password'> Optional: false
TRUSTSTORE_PASSWORD: <set to the key 'password' in secret
'jul21-truststore-password'> Optional: false
Mounts:
/etc/onap/aaf/certservice from aaf-cert-service-volume (rw)
/etc/onap/aaf/certservice/certs/ from aaf-cert-service-server-tls-volume
(ro)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-jbq5p
(ro)
...
...
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulling 43m (x3 over 63m) kubelet, onap-dub-worker-3 Pulling
image "oomk8s/readiness-check:2.0.2"
Normal Pulled 43m (x3 over 63m) kubelet, onap-dub-worker-3
Successfully pulled image "oomk8s/readiness-check:2.0.2"
Normal Started 43m (x3 over 63m) kubelet, onap-dub-worker-3 Started
container wait-for-ejbca
Normal Created 43m (x3 over 63m) kubelet, onap-dub-worker-3 Created
container wait-for-ejbca
Normal Pulling 34m kubelet, onap-dub-worker-3 Pulling
image "dibi/envsubst"
Normal Pulled 34m kubelet, onap-dub-worker-3
Successfully pulled image "dibi/envsubst"
Normal Created 34m kubelet, onap-dub-worker-3 Created
container subsitute-envs
Normal Started 34m kubelet, onap-dub-worker-3 Started
container subsitute-envs
Normal Pulled 33m kubelet, onap-dub-worker-3
Successfully pulled image
"nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0"
Normal Created 33m kubelet, onap-dub-worker-3 Created
container aaf-cert-service
Warning Unhealthy 32m (x2 over 32m) kubelet, onap-dub-worker-3 Liveness
probe failed: % Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Normal Killing 31m kubelet, onap-dub-worker-3 Container
aaf-cert-service failed liveness probe, will be restarted
Warning Unhealthy 31m kubelet, onap-dub-worker-3 Liveness probe failed:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Normal Started 28m (x4 over 33m) kubelet, onap-dub-worker-3 Started
container aaf-cert-service
Normal Pulling 13m (x9 over 34m) kubelet, onap-dub-worker-3 Pulling
image
"nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0"
Warning BackOff 8m25s (x48 over 22m) kubelet, onap-dub-worker-3
Back-off restarting failed container
Warning Unhealthy 3m15s (x66 over 32m) kubelet, onap-dub-worker-3
Readiness probe failed: % Total % Received % Xferd Average Speed Time
Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
