Team, Trying to install the ONAP SO component but getting certificate error in the SO side container pod so-apih-cert-init-aaf-config (It's a part of the SO pod dev-so-6dbbd4c897-cd4qx). The logs snippet show below error messages. Detailed log file is attached here so-apih-cert-init-aaf-config-logs.txt ( https://lists.onap.org/secure/temporaryattachment/84e7e051cd3e0e9c6c2b238a003fe3afee75c032/temp237405383270325553_so-apih-cert-init-aaf-config-logs.txt )
#### Place Certificates (by deployer) 2021-05-12T06:26:57.437+0000 INIT [cadi] cadi_keyfile points to /opt/app/osaaf/local/org.onap.so.keyfile 2021-05-12T06:26:57.455+0000 INIT [cadi] https.protocols set by cadi_protocols in CADI Properties 2021-05-12T06:26:57.455+0000 INIT [cadi] jdk.tls.client.protocols set from Default Protocols 2021-05-12T06:26:58.362+0000: Trans Info REMOTE Place Artifact 379.49628ms *FAILED to get Certificate* Initialization complete We are using the Guilin release for the setup on the OKD cluster. Other components like AAF, AAI, SDC and SDNC have been installed properly and working fine. I checked that SDC was able to fetch the certificate correctly from the AAF and able to install it inside the SDC pod. However, SO is complaining about the certificates. helm install dev-so --debug local/so --namespace onap -f onap/resources/overrides/openstack.yaml -f onap/resources/environments/dev.yaml --set global.masterPassword=guilin --timeout 1200s --set global.aafEnabled=true Environment details:- 1. OKD cluster version: 4.6 2. Kubernetes version: v1.19 3. Helm version: 3.3.x 4. ONAP Release: Guilin Let me know if I'm missing any configuration. Any help/pointer would be highly appreciated! Regards -Vikas Kapoor -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23209): https://lists.onap.org/g/onap-discuss/message/23209 Mute This Topic: https://lists.onap.org/mt/82766784/21656 Mute #aaf:https://lists.onap.org/g/onap-discuss/mutehashtag/aaf Mute #so:https://lists.onap.org/g/onap-discuss/mutehashtag/so Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Caller Properties Initialized cat SSO cadi_keyfile=/root/.aaf/keyfile aaf_id=deplo...@people.osaaf.org aaf_password=enc:lqxhoSyeYM6TF9jtnPOujII70XWd-_XBW0Rxify23mG aaf_locate_url=https://-locator.:8095 aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1 aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1 cadi_truststore=/root/.aaf/truststoreONAPall.jks cadi_truststore_password=changeit cadi_latitude= cadi_longitude= hostname=so aaf_locator_fqdn=so aaf_locator_container=oom aaf_locator_container_ns=onap aaf_locate_url=https://aaf-locate.onap:8095 aaf_locator_app_ns=org.osaaf.aaf cadi_longitude=0.0 cadi_latitude=0.0 aaf_locator_public_fqdn=so.onap.org Created /opt/app/osaaf/local Existing files in /opt/app/osaaf/local total 0 Clean up directory /opt/app/osaaf/local Namespace is org.onap.so #### Create Configuration files Writing to /opt/app/osaaf/local Writing file /opt/app/osaaf/local/org.onap.so.keyfile Passed in Truststore is /root/.aaf/truststoreONAPall.jks New Truststore is /opt/app/osaaf/local/truststoreONAPall.jks Creating new /opt/app/osaaf/local/org.onap.so.props Creating new /opt/app/osaaf/local/org.onap.so.cred.props Creating new /opt/app/osaaf/local/org.onap.so.location.props 2021-05-12T06:26:56.085+0000: Trans Info REMOTE Get Configuration 582.7561ms ############################################################ # Properties Generated by AT&T Certificate Manager # by root # on 2021-05-12T06:26:56.080+0000 # @copyright 2019, AT&T ############################################################ aaf_env=DEV aaf_id=s...@so.onap.org aaf_locate_url=https://aaf-locate.onap:8095 aaf_locator_app_ns=org.osaaf.aaf aaf_locator_container=oom aaf_locator_container_ns=onap aaf_locator_fqdn=so aaf_locator_public_fqdn=so.onap.org aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 aaf_url_hello=https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.hello:2.1 aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 cadi_prop_files=/opt/app/osaaf/local/org.onap.so.location.props:/opt/app/osaaf/local/org.onap.so.cred.props cadi_protocols=TLSv1.1,TLSv1.2 #### Certificate Authorization Artifact 2021-05-12T06:26:56.355+0000 INIT [cadi] cadi_keyfile points to /opt/app/osaaf/local/org.onap.so.keyfile 2021-05-12T06:26:56.374+0000 INIT [cadi] https.protocols set by cadi_protocols in CADI Properties 2021-05-12T06:26:56.374+0000 INIT [cadi] jdk.tls.client.protocols set from Default Protocols AppID: s...@so.onap.org Sponsor: mmana...@osaaf.org Machine: so CA: local Types: pkcs12,script Namespace: org.onap.so Directory: /opt/app/osaaf/local O/S User: root Renew Days: 30 Notification mailto: 2021-05-12T06:26:57.234+0000: Trans Info Read Artifact 322.5465ms #### Place Certificates (by deployer) 2021-05-12T06:26:57.437+0000 INIT [cadi] cadi_keyfile points to /opt/app/osaaf/local/org.onap.so.keyfile 2021-05-12T06:26:57.455+0000 INIT [cadi] https.protocols set by cadi_protocols in CADI Properties 2021-05-12T06:26:57.455+0000 INIT [cadi] jdk.tls.client.protocols set from Default Protocols 2021-05-12T06:26:58.362+0000: Trans Info REMOTE Place Artifact 379.49628ms FAILED to get Certificate Initialization complete