Re: R3 OOM - APPC CDT certificate_unknown #appc #oom #casablanca

jkzcristiano
 

Dear Taka and all,

some feedback here.

The first time I followed your wiki.

The original file is (case A):

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml
# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
 
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.fullname" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
type: Opaque
data:
  db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}


But I changed it by (case B):

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml
# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
 
apiVersion: v1
kind: Secret
metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
     type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}


and make appc, make onap and deployed (update) APPC. This worked in the sense the unknown_certificate issue was solved.

However, I still had the error I told you (some connectivity issue with AAF).

Then I tried to repeat the process by using this file instead:

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml
# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
 
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.fullname" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
type: Opaque
data:
  db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
     type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}


When I tried to update APPC (with make appc, make onap, helm deploy dev-appc ...)  some error came up (kubectl describe pod/dev-appc-appc-0 -n onap):

Events:
  Type     Reason            Age              From               Message
  ----     ------            ----             ----               -------
  Warning  FailedScheduling  6m               default-scheduler  AssumePod failed: pod 3e3c9094-884f-11e9-884b-02394a5c4c27 is in the cache, so can't be assumed
  Normal   Scheduled         6m               default-scheduler  Successfully assigned onap/dev-appc-appc-0 to k8s-dev
  Warning  FailedScheduling  6m (x2 over 6m)  default-scheduler  pod has unbound PersistentVolumeClaims
  Normal   Pulled            5m               kubelet, k8s-dev   Container image "oomk8s/readiness-check:2.0.0" already present on machine
  Normal   Created           5m               kubelet, k8s-dev   Created container
  Normal   Started           5m               kubelet, k8s-dev   Started container
  Warning  Failed            4m               kubelet, k8s-dev   Error: failed to start container "appc": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caued "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/kubelet/pods/3e3c9094-884f-11e9-884b-02394a5c4c27/volume-subpaths/certs/appc/23\\\" to rootfs \\\"/var/lib/docker/afs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403\\\" at \\\"/var/lib/docker/aufs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403/opt/onap/appc/data/stores/org.onapappc.p12\\\" caused \\\"not a directory\\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
 
I tried to create that directory (oom/kubernetes/appc/resources/config/appc/opt/onap/appc/data/stores/
and locating also the file "org.onapappc.p12" there but the same error happened during helm deploy.

So I finally removed all the steps done in your wiki, undeployed/deployed appc with the option

...
appc:
  enabled: true
  config:
    enableAAF: false
...

in the overriding file. I lost some configuration of course but I only had one VNF in CDT so no issue. No APPC is not using AAF.

Kind regards and thank you for your kind help!
Xoan

Join onap-discuss@lists.onap.org to automatically receive all group messages.