Re: R3 OOM - APPC CDT certificate_unknown #appc #oom #casablanca

Taka Cho
 

I uploaded stateful.yaml and secrets.yaml in the wiki page, those two yamls are working in SB02 in windriver lab. The p12 file should be located at resources/config/certs

 

Can you go into APPC docker try curl https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0 ? or ping that? I am thinking something DNS is wrong in your k8s

 

So the “enableAAF: false” setting is working for you?

 

Taka

 

From: jkzcristiano <jkzcristiano@...>
Sent: Thursday, June 6, 2019 10:53 AM
To: CHO, TAKAMUNE <tc012c@...>; onap-discuss@...
Subject: Re: [onap-discuss] R3 OOM - APPC CDT certificate_unknown #appc #casablanca #oom

 

Dear Taka and all,

some feedback here.

The first time I followed your wiki.

The original file is (case A):

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml

# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

 

apiVersion: v1

kind: Secret

metadata:

  name: {{ include "common.fullname" . }}

  namespace: {{ include "common.namespace" . }}

  labels:

    app: {{ include "common.fullname" . }}

    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}

    release: {{ .Release.Name }}

    heritage: {{ .Release.Service }}

type: Opaque

data:

  db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}



But I changed it by (case B):

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml

# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

 

apiVersion: v1
kind: Secret
metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
     type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}



and make appc, make onap and deployed (update) APPC. This worked in the sense the unknown_certificate issue was solved.

However, I still had the error I told you (some connectivity issue with AAF).

Then I tried to repeat the process by using this file instead:

ubuntu@rancher:~/oom/kubernetes$ cat appc/templates/secrets.yaml

# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

 

apiVersion: v1

kind: Secret

metadata:

  name: {{ include "common.fullname" . }}

  namespace: {{ include "common.namespace" . }}

  labels:

    app: {{ include "common.fullname" . }}

    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}

    release: {{ .Release.Name }}

    heritage: {{ .Release.Service }}

type: Opaque

data:

  db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
     type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}


When I tried to update APPC (with make appc, make onap, helm deploy dev-appc ...)  some error came up (kubectl describe pod/dev-appc-appc-0 -n onap):

Events:

  Type     Reason            Age              From               Message

  ----     ------            ----             ----               -------

  Warning  FailedScheduling  6m               default-scheduler  AssumePod failed: pod 3e3c9094-884f-11e9-884b-02394a5c4c27 is in the cache, so can't be assumed

  Normal   Scheduled         6m               default-scheduler  Successfully assigned onap/dev-appc-appc-0 to k8s-dev

  Warning  FailedScheduling  6m (x2 over 6m)  default-scheduler  pod has unbound PersistentVolumeClaims

  Normal   Pulled            5m               kubelet, k8s-dev   Container image "oomk8s/readiness-check:2.0.0" already present on machine

  Normal   Created           5m               kubelet, k8s-dev   Created container

  Normal   Started           5m               kubelet, k8s-dev   Started container

  Warning  Failed            4m               kubelet, k8s-dev   Error: failed to start container "appc": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caued "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/kubelet/pods/3e3c9094-884f-11e9-884b-02394a5c4c27/volume-subpaths/certs/appc/23\\\" to rootfs \\\"/var/lib/docker/afs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403\\\" at \\\"/var/lib/docker/aufs/mnt/13cb603827f10995f6afad95b98b77ff1959f6cd5c4ae60253909d0e16155403/opt/onap/appc/data/stores/org.onapappc.p12\\\" caused \\\"not a directory\\\"\""

: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

 

I tried to create that directory (oom/kubernetes/appc/resources/config/appc/opt/onap/appc/data/stores/
and locating also the file "org.onapappc.p12" there but the same error happened during helm deploy.

So I finally removed all the steps done in your wiki, undeployed/deployed appc with the option

...
appc:
  enabled: true
  config:
    enableAAF: false
...

in the overriding file. I lost some configuration of course but I only had one VNF in CDT so no issue. No APPC is not using AAF.

Kind regards and thank you for your kind help!
Xoan

Join onap-discuss@lists.onap.org to automatically receive all group messages.