Date   

Re: [Frankfurt] #dcae VES collector pod Readiness probe failed #dcaegen2

Vijay Venkatesh Kumar
 

Hi Naveen,

Based on the healtcheck and pod logs you shared, VESCollector appears to be running fine. The healthcheck failure reported was at startup, after which the pod is identified healthy.

 

  dcae-ves-collector:

    Container ID:   docker://19cd8f754b163e5842fc4398379049318932eb4d1433a07cc1bef8f7a5a2d963

    Image:          nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4

    Image ID:       docker-pullable://nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector@sha256:a8bb655c7132d9b517c52af44de9a47af820e8fba1588761047514cbf6a3fd84

    Ports:          8080/TCP, 8443/TCP

    Host Ports:     0/TCP, 0/TCP

    State:          Running

      Started:      Tue, 29 Sep 2020 09:43:24 +0000

    Ready:          True

 

Btw for Frankfurt release, VEScollector was switched to TLS mode by default. For sending events into the collector, you will need to use https. If you need to install VES on http mode – you can follow the instruction here - https://docs.onap.org/projects/onap-dcaegen2/en/frankfurt/sections/services/ves-http/installation.html

 

Regards,

Vijay

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Naveen S. Sankad
Sent: Wednesday, September 30, 2020 7:09 AM
To: onap-discuss@...
Subject: [onap-discuss] [Frankfurt] #dcae VES collector pod Readiness probe failed

 

Hi Team,

 

Anyone came across this following issue. Please provide your inputs or suggestions.

 

 

Regards,

Naveen


From: onap-discuss@... <onap-discuss@...> on behalf of Naveen S. Sankad via lists.onap.org <naveen.sankad=ltts.com@...>
Sent: 29 September 2020 21:26
To: onap-discuss@... <onap-discuss@...>
Cc: morgan.richomme@... <morgan.richomme@...>
Subject: [onap-discuss] [Frankfurt] #dcae VES collector pod Readiness probe failed

 

Hi,

 

As a part of Frankfurt deployment, all the healthchecks are passing but dep-dcae-ves-collector-7d4449ddbb-b4jkh pod is giving error message: Readiness probe failed: Get http://10.42.7.113:8080/healthcheck: net/http: request canceled (Client.Timeout exceeded while awaiting headers).​ By which events are unable to reach VES collector.

 

Thanks in advance, any inputs or suggestions are highly appreciated.

 

 

Thanks and Regards,

Naveen 

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.


[OOM] [EXTAPI] readiness image 3.0.1 issue

Aleem Raja
 

Hi,

To test 5g slicing use case we need to use latest nbi image as 7.0.2 in our frankfurt env, there is difference in OOM readiness version.

In Frankfurt: oomk8s/readiness-check:2.0.2
In Guilin: onap/oom/readiness:3.0.1

When changing version in oom/kubernetes/values.yaml with latest nbi image(7.0.2) and readiness version for Guilin, pod is unable to start.

kubectl get pods -n onap | grep nbi
onap-nbi-67ffd9d567-kjm2f                           0/1     Init:CrashLoopBackOff     6          11m
onap-nbi-config-config-job-68dcr                    0/1     Init:ContainerCannotRun   0          10m
onap-nbi-config-config-job-85vzz                    0/1     Init:ContainerCannotRun   0          9m56s
onap-nbi-config-config-job-b95t8                    0/1     Init:ContainerCannotRun   0          10m
onap-nbi-config-config-job-dgw8t                    0/1     Init:ContainerCannotRun   0          2m36s
onap-nbi-config-config-job-hqljr                    0/1     Init:ContainerCannotRun   0          7m56s
onap-nbi-config-config-job-qt7cx                    0/1     Init:ContainerCannotRun   0          9m16s
onap-nbi-config-config-job-wqvdf                    0/1     Init:ContainerCannotRun   0          11m
onap-nbi-mongo-0                                    1/1     Running                   0          11m


when describe the nbi pod, getting:

Error: failed to start container "nbi-config-readiness": Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/root/ready.py\": stat /root/ready.py: permission denied": unknown

Please find attached nbi pod description for reference.

May you please provide guidance or suggestions regarding this?

Thanks,
Aleem
============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================


#oom Weekly - Wed, 09/30/2020 2:00pm-3:00pm #oom #cal-reminder

onap-discuss@lists.onap.org Calendar <onap-discuss@...>
 

Reminder: #oom Weekly

When: Wednesday, 30 September 2020, 2:00pm to 3:00pm, (GMT+00:00) UTC

Where:https://zoom.us/j/96113493781?pwd=cER3aHgvZ1MrNmtXZVV1K0hmQjhnQT09

View Event

Organizer: OOM PTL

Description:


Tomorrow's doc meeting is cancelled

Sofia Wallin
 

Hi everyone,

Tomorrow’s doc meeting is cancelled.

 

Today’s hackathon will be open for another hour.  

 

Don’t forget to reach out of you have anything that you would like to bring up or if you have any doc related questions.

 

Best regards,

Sofia


VNF Requirements Call Cancelled #vnfrqts

Trevor Lovett
 

All,

 

The VNF Requirements call for today is cancelled.

 

Thanks,

 

Trevor Lovett

Lead Member of Technical Staff

AT&T Labs, Operational Automation and Program Management

 


[Frankfurt] #dcae VES collector pod Readiness probe failed #dcaegen2

Naveen S. Sankad
 

Hi Team,

Anyone came across this following issue. Please provide your inputs or suggestions.


Regards,
Naveen


From: onap-discuss@... <onap-discuss@...> on behalf of Naveen S. Sankad via lists.onap.org <naveen.sankad=ltts.com@...>
Sent: 29 September 2020 21:26
To: onap-discuss@... <onap-discuss@...>
Cc: morgan.richomme@... <morgan.richomme@...>
Subject: [onap-discuss] [Frankfurt] #dcae VES collector pod Readiness probe failed
 
Hi,

As a part of Frankfurt deployment, all the healthchecks are passing but dep-dcae-ves-collector-7d4449ddbb-b4jkh pod is giving error message: Readiness probe failed: Get http://10.42.7.113:8080/healthcheck: net/http: request canceled (Client.Timeout exceeded while awaiting headers).​ By which events are unable to reach VES collector.

Thanks in advance, any inputs or suggestions are highly appreciated.


Thanks and Regards,
Naveen 

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.


[Portal] Run Portal locally

Jagiełło, Michał
 

Hi,

 

I try to run ONAP Portal locally with  https://wiki.onap.org/display/DW/Building+and+running+ONAP+Portal+on+a+local+machine tutorial, but portal-app is still in Init state

NAME                                    READY   STATUS      RESTARTS   AGE

demo-portal-app-5d9f7fb646-rqjvr        0/2     Init:1/3    7          81m

demo-portal-cassandra-b7c5b4899-jcn9v   1/1     Running     0          81m

demo-portal-db-56cc5f9456-q2wcr         1/1     Running     0          81m

demo-portal-db-config-whdb8             0/2     Completed   0          81m

demo-portal-sdk-c45b5bd98-sdq72         0/2     Init:1/3    7          81m

demo-portal-widget-5ddc5f765-rg729      1/1     Running     0          81m

demo-portal-zookeeper-b6d857c75-jlch2   1/1     Running     0          81m

 

I checked “demo-portal-db-56cc5f9456-q2wcr” logs and there is the same line every few seconds:

2020-09-30  8:34:23 818 [Warning] Aborted connection 818 to db: 'unconnected' user: 'unauthenticated' host: '10.1.1.1' (This connection closed normally without authentication)

2020-09-30  8:34:25 819 [Warning] Aborted connection 819 to db: 'unconnected' user: 'unauthenticated' host: '10.1.1.1' (This connection closed normally without authentication)

2020-09-30  8:34:33 820 [Warning] Aborted connection 820 to db: 'unconnected' user: 'unauthenticated' host: '10.1.1.1' (This connection closed normally without authentication)

2020-09-30  8:34:35 821 [Warning] Aborted connection 821 to db: 'unconnected' user: 'unauthenticated' host: '10.1.1.1' (This connection closed normally without authentication)

2020-09-30  8:34:43 822 [Warning] Aborted connection 822 to db: 'unconnected' user: 'unauthenticated' host: '10.1.1.1' (This connection closed normally without authentication)

 

Thank you for any help you can provide,

Michal

T-MOBILE POLSKA S.A. z siedzibą w Warszawie
Adres: ul. Marynarska 12, 02-674 Warszawa
Zarząd Spółki:
Andreas Maierhofer – Prezes Zarządu;
Cezary Albrecht – Członek Zarządu, Dyrektor ds. Prawnych, Bezpieczeństwa i Zarządzania Zgodnością;
Juraj Andráš – Członek Zarządu, Dyrektor ds. Finansowych;
Dorota Kuprianowicz-Legutko – Członek Zarządu, Dyrektor ds. Polityki Personalnej;
Goran Marković – Członek Zarządu, Dyrektor ds. Rynku Prywatnego;
Petri Pehkonen – Członek Zarządu, Dyrektor ds. Technologii i Innowacji;
Agnieszka Rynkowska – Członek Zarządu, Dyrektor ds. Rynku Biznesowego.

Spółka zarejestrowana w Sądzie Rejonowym dla m.st. Warszawy w Warszawie,
XIII Wydział Gospodarczy Krajowego Rejestru Sądowego.
KRS 0000391193 | NIP 526-10-40-567 | Regon 011417295
Kapitał zakładowy 471 mln złotych, kapitał wpłacony w całości.

DUŻE ZMIANY ZACZYNAJĄ SIĘ OD MAŁYCH - CHROŃ PLANETĘ, NIE DRUKUJ TEGO E-MAILA, JEŻELI NIE MUSISZ.

Ta wiadomość i jej treść są zastrzeżone w szczegółowym zakresie dostępnym na http://www.t-mobile.pl/stopka
This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.pl/stopka



Re: VID Failed to get service models from SDC #vid #aai

Vivekanandan Muthukrishnan
 

Hi Gülsüm,

Please refer to the below email response from  WILLIAM.

Do the same to overwrite aai.pem & aai_keystore files on your OOM elato.

Then redeploy AAI.

1. Do helm make
2. Undeploy AAI
3. Redeploy AAI

This should get you going with Elalto.

Thanks for the timply help WILLIAM.

Regards
Vivek






On Tue, Sep 29, 2020 at 8:12 PM REEHIL, WILLIAM E <wr148d@...> wrote:

These steps may help

 

You will need to take the certs from master branch, you can do the following

 

https://gerrit.onap.org/r/gitweb?p=aai/oom.git;a=blob;f=resources/config/haproxy/aai.pem;h=6390db10de3638f7bd250e0beba708aeebf136b6;hb=HEAD

Take this above file and replace the following file with it:


~/oom/kubernetes/aai/resources/config/haproxy/aai.pem file


https://gerrit.onap.org/r/gitweb?p=aai/oom.git;a=tree;f=resources/config/aai;h=c502263d05cea4aaab18899c895cb8daf18a6c59;hb=HEAD

Take the aai_keystore file in above link and replace the following file with it:


~/oom/kubernetes/aai/resources/config/aai/aai_keystore

 

Hopefully this resolves your issue.

 

Thanks,

 

William Reehil

Principal Member of Technical Staff | A&AI ONAP PTL

AT&T ECOMP PLATFORM AND SYSTEMS

(C) 732 865-5333 | (O) 732 420-7806

 



On Tue, Sep 29, 2020 at 5:03 PM shin.nay.lin via lists.onap.org <shin.nay.lin=ericsson.com@...> wrote:
I'm having same issue. Is there any way to renew the certificate by ourselves?


Cancelled Event: #dcae team meeting (UTC) - Wednesday, 30 September 2020 #dcaegen2 #cal-cancelled

onap-discuss@lists.onap.org Calendar <noreply@...>
 

Cancelled: #dcae team meeting (UTC)

This event has been cancelled.

When:
Wednesday, 30 September 2020
2:30pm to 3:30pm
(UTC+00:00) UTC

Where:
https://zoom.us/j/98967242523

Organizer: Vijay Venkatesh Kumar vv770d@...

Description:

Zoom link updated with passcode
----

ONAP Meeting 11 is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/98967242523?pwd=YmhlbGZGU0NjcFBnbDdCS3c1Nnk3UT09

Meeting ID: 989 6724 2523
Passcode: 899004

One tap mobile
+13126266799,,98967242523# US (Chicago)
+16465588656,,98967242523# US (New York)
Dial by your location
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free

Meeting ID: 989 6724 2523
Find your local number: https://zoom.us/u/ad1U59khic?


#ccsdk / #sdnc meeting canceled 9/30 #ccsdk #sdnc

Dan Timoney
 


Tomorrow’s CCSDK / SDNC call is canceled for tomorrow 9/30 due to conflict with the
LF ONES virtual event.

Dan


Sent from MyOwn, an AT&T BYOD solution.


[Frankfurt] #dcae VES collector pod Readiness probe failed #dcaegen2

Naveen S. Sankad
 

Hi,

As a part of Frankfurt deployment, all the healthchecks are passing but dep-dcae-ves-collector-7d4449ddbb-b4jkh pod is giving error message: Readiness probe failed: Get http://10.42.7.113:8080/healthcheck: net/http: request canceled (Client.Timeout exceeded while awaiting headers).​ By which events are unable to reach VES collector.

Thanks in advance, any inputs or suggestions are highly appreciated.


Thanks and Regards,
Naveen 

L&T Technology Services Ltd

www.LTTS.com

L&T Technology Services Limited (LTTS) is committed to safeguard your data privacy. For more information to view our commitment towards data privacy under GDPR, please visit the privacy policy on our website www.Ltts.com. This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.


Re: VID Failed to get service models from SDC #vid #aai

shin.nay.lin@...
 

I'm having same issue. Is there any way to renew the certificate by ourselves?


[release] [doc] Logistics for Wednesday's doc hackathon

Sofia Wallin
 

Hello ONAP Community,

Welcome to join the virtual documentation hackathon tomorrow September 30th!

 

Logistics, agenda and more information can be found HERE

Main focus will be to finalize the documentation planned for the Guilin release but feel free to add any other topic to the agenda.

 

Join Zoom Meeting,

https://zoom.us/j/92987486389?pwd=QUdnMVVjZS83Y0dEalA2Y01UQzhEZz09

 

Starting at 13:00 CEST.

 

Hope to see you there,

ONAP doc team


Re: [Onap-release] Update on Gerrit upgrade

Jessica Wagantall
 

Dear ONAP team, 

I want to follow up on 2 topics on this post Gerrit upgrade:

1- In case you are still facing issues logging into Gerrit, please make sure
    to let us know via support ticket https://support.linuxfoundation.org.
    (Case 4 from Andy's email)
2 - The reviewers plugin got also upgraded to a later version which should be 
     working better now. As more people update their login sessions, the Gerrit native
     groups will get updated to include the committers from each repo and new/updated gerrit changes will
     add these committers as reviewers.
     Automatic reviewers are no longer just adjusted for PTLs but for all committers. 

In case you have questions or see any issues, please let us know via IT ticket.

Thanks so much!
Jess 
 

On Tue, Sep 22, 2020 at 7:57 AM Andrew Grimberg <agrimberg@...> wrote:
Greetings folks,

Yesterday's upgrade for Gerrit included a transition to using SSO for login.

Some of you have encountered problems since this switch. Please do the
following to get yourself back up to full working conditions:

1) Log out of the web UI.

2) Log into the web UI. The switch did not invalidate ongoing web
sessions but it did invalidate the backend groups. The logout and login
will re-establish what groups you're part of. This includes the CLAs
that you've signed

3) If you use HTTP as your git transport then you must now generate a
password token as your LF Account password is no longer recognized. To
get this token go to the follow URL

https://gerrit.onap.org/r/settings/#HTTPCredentials

and press the 'Generate New Password' button. Please note that the
password displayed is only retrievable when you generate it. If you lose
the password you will have to generate a new one!

Update anything using HTTP to use the new password (this includes
anything using the REST API)

4) If you get errors when trying to login please open a support ticket
at https://support.linuxfoundation.org the transition to SSO has hard
enforced case sensitivity and many folks had logged into the system
previously with a different case than the backend actually has stored.
We will have to update your gerrit account records to fix this issue for
you.

-Andy-

--
Andrew J Grimberg
Manager Release Engineering
The Linux Foundation







Re: What is AAI SSL keystore & key file org.onap.aai.p12 password ?

Vivekanandan Muthukrishnan
 

Hi Soumya,

I tried to undigest the AAI keystore encrypted password and that didn't work for me as well.

$ java -jar aaf-cadi-core-2.1.15.jar undigest enc:XXX aaf/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile

Regards
Vivek


On Tue, Sep 29, 2020 at 1:20 AM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Hi Soumya,

It seems like Jimmy is out of office.

Could you please help us to regenerate Elalto AAI certificates or point us to the steps to update the AAI expired certificates?

I guess it is the same issue even with the AAI master branch as well. Please advise us how to proceed.

Regards
Vivek

On Tue, Sep 29, 2020 at 12:37 AM Vivekanandan Muthukrishnan <vmuthukrishnan@...> wrote:
Hi Jimmy,

Could you please point us to the steps or documentation to replace AAI certificates.

We cannot use our Elalto deployment due to AAI certificates that expired on Sep 27 19:34:54 2020 GMT.

Regards
Vivek


On Mon, Sep 28, 2020 at 10:32 PM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Dear AAI team,

The Elalto version of AAI certificate expired on Sep 27 19:34:54 2020 GMT

It seems like AAI is obfuscating the password as shown below.

components/aai-resources/values.yaml:  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10

I was referring to the hardcoded password list to https://wiki.onap.org/display/DW/OOM+Hardcoded+Passwords+List

The onapSecret & changeit did not work. 

I would appreciate any references to AAI keystore password and key file password.

Regards
Vivek

# Log snipped for your reference
# AAI SSL certificate issue

export SERVER_IP=10.43.146.9
export SERVER_PORT=8443
echo | openssl s_client -showcerts \
-servername gnupg.org \
-connect ${SERVER_IP}:${SERVER_PORT} 2>/dev/null \
| openssl x509 -inform pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2781022223073201926 (0x26982cfa36becf06)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
        Validity
            Not Before: Sep 27 19:34:54 2019 GMT
            Not After : Sep 27 19:34:54 2020 GMT


Re: What is AAI SSL keystore & key file org.onap.aai.p12 password ?

Vivekanandan Muthukrishnan
 

Hi Soumya,

It seems like Jimmy is out of office.

Could you please help us to regenerate Elalto AAI certificates or point us to the steps to update the AAI expired certificates?

I guess it is the same issue even with the AAI master branch as well. Please advise us how to proceed.

Regards
Vivek

On Tue, Sep 29, 2020 at 12:37 AM Vivekanandan Muthukrishnan <vmuthukrishnan@...> wrote:
Hi Jimmy,

Could you please point us to the steps or documentation to replace AAI certificates.

We cannot use our Elalto deployment due to AAI certificates that expired on Sep 27 19:34:54 2020 GMT.

Regards
Vivek


On Mon, Sep 28, 2020 at 10:32 PM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Dear AAI team,

The Elalto version of AAI certificate expired on Sep 27 19:34:54 2020 GMT

It seems like AAI is obfuscating the password as shown below.

components/aai-resources/values.yaml:  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10

I was referring to the hardcoded password list to https://wiki.onap.org/display/DW/OOM+Hardcoded+Passwords+List

The onapSecret & changeit did not work. 

I would appreciate any references to AAI keystore password and key file password.

Regards
Vivek

# Log snipped for your reference
# AAI SSL certificate issue

export SERVER_IP=10.43.146.9
export SERVER_PORT=8443
echo | openssl s_client -showcerts \
-servername gnupg.org \
-connect ${SERVER_IP}:${SERVER_PORT} 2>/dev/null \
| openssl x509 -inform pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2781022223073201926 (0x26982cfa36becf06)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
        Validity
            Not Before: Sep 27 19:34:54 2019 GMT
            Not After : Sep 27 19:34:54 2020 GMT


Re: What is AAI SSL keystore & key file org.onap.aai.p12 password ?

Vivekanandan Muthukrishnan
 

Hi Jimmy,

Could you please point us to the steps or documentation to replace AAI certificates.

We cannot use our Elalto deployment due to AAI certificates that expired on Sep 27 19:34:54 2020 GMT.

Regards
Vivek


On Mon, Sep 28, 2020 at 10:32 PM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Dear AAI team,

The Elalto version of AAI certificate expired on Sep 27 19:34:54 2020 GMT

It seems like AAI is obfuscating the password as shown below.

components/aai-resources/values.yaml:  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10

I was referring to the hardcoded password list to https://wiki.onap.org/display/DW/OOM+Hardcoded+Passwords+List

The onapSecret & changeit did not work. 

I would appreciate any references to AAI keystore password and key file password.

Regards
Vivek

# Log snipped for your reference
# AAI SSL certificate issue

export SERVER_IP=10.43.146.9
export SERVER_PORT=8443
echo | openssl s_client -showcerts \
-servername gnupg.org \
-connect ${SERVER_IP}:${SERVER_PORT} 2>/dev/null \
| openssl x509 -inform pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2781022223073201926 (0x26982cfa36becf06)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
        Validity
            Not Before: Sep 27 19:34:54 2019 GMT
            Not After : Sep 27 19:34:54 2020 GMT


Re: SDC-BE SSL certificate expiry causing SDC PODs to fails in Elalto

Vivekanandan Muthukrishnan
 

Hi Chris/Morgan

Now we are hitting the AAI certificate expiry in Elalto and SO, SDNC and other components are failing to interact with AAI.

Could you please point us to any workaround or steps to replace AAI certificates.

aai302332020-09-27 19:34:544C=US;O=ONAP;OU=OSAAF;CN=intermediateCA_9

Regards
Vivek

On Thu, Sep 24, 2020 at 5:44 PM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Hi Chris,

We are able successfully bring up SDC from Ealto maintenance branch and now we see that Robot heath check is passing.

Thank you very much for the support. 

Here is the log snippet for your reference.

Regards
Vivek

$ kubectl get pods -n onap | grep sdc

dev-sdc-sdc-be-7c84b484f9-xd72v                         2/2     Running      0          38m
dev-sdc-sdc-be-config-backend-85pdw                     0/1     Completed    0          38m
dev-sdc-sdc-cs-config-cassandra-477n6                   0/1     Completed    0          38m
dev-sdc-sdc-dcae-be-769dc949b5-vq6n5                    2/2     Running      0          38m
dev-sdc-sdc-dcae-be-tools-6fmdt                         0/1     Init:Error   0          38m
dev-sdc-sdc-dcae-be-tools-fdbbw                         0/1     Init:Error   0          28m
dev-sdc-sdc-dcae-be-tools-zvq88                         0/1     Completed    0          18m
dev-sdc-sdc-dcae-dt-6b77b4c58b-l89gw                    2/2     Running      0          38m
dev-sdc-sdc-dcae-fe-6944957b49-g96md                    2/2     Running      0          38m
dev-sdc-sdc-dcae-tosca-lab-5b95864759-9xtjh             2/2     Running      0          38m
dev-sdc-sdc-es-7945dc9cb7-f8rgv                         1/1     Running      0          38m
dev-sdc-sdc-es-config-elasticsearch-fjgmp               0/1     Completed    0          38m
dev-sdc-sdc-fe-5d7c789c76-sh2xj                         2/2     Running      0          38m
dev-sdc-sdc-kb-bf94b5f87-xcb7g                          1/1     Running      0          38m
dev-sdc-sdc-onboarding-be-cassandra-init-m9d6l          0/1     Completed    0          38m
dev-sdc-sdc-onboarding-be-cc88bc576-qnqft               2/2     Running      0          38m
dev-sdc-sdc-wfd-be-84bcb46894-w2dv6                     1/1     Running      0          38m
dev-sdc-sdc-wfd-be-workflow-init-wpf8g                  0/1     Completed    0          38m
dev-sdc-sdc-wfd-fe-7d786c447c-bz749                     2/2     Running      0          38m

$ kubectl get jobs -n onap | grep sdc

dev-sdc-sdc-be-config-backend              1/1           20m        41m
dev-sdc-sdc-cs-config-cassandra            1/1           3m26s      41m
dev-sdc-sdc-dcae-be-tools                  1/1           24m        41m
dev-sdc-sdc-es-config-elasticsearch        1/1           2m21s      41m
dev-sdc-sdc-onboarding-be-cassandra-init   1/1           3m44s      41m
dev-sdc-sdc-wfd-be-workflow-init           1/1           3m35s      41m

$ ./ete-k8s.sh onap health-sdc

++ export NAMESPACE=onap
++ NAMESPACE=onap
+++ kubectl --namespace onap get pods
+++ sed 's/ .*//'
+++ grep robot
++ POD=dev-robot-robot-6d444f4cdd-b42sw
++ TAGS='-i health-sdc'
+++ dirname ./ete-k8s.sh
++ DIR=.
++ SCRIPTDIR=scripts/etescript
++ ETEHOME=/var/opt/ONAP
++ [[ health-sdc == \e\x\e\c\s\c\r\i\p\t ]]
+++ kubectl --namespace onap exec dev-robot-robot-6d444f4cdd-b42sw -- bash -c 'ls -1q /share/logs/ | wc -l'
++ export GLOBAL_BUILD_NUMBER=1
++ GLOBAL_BUILD_NUMBER=1
+++ printf %04d 1
++ OUTPUT_FOLDER=0001_ete_health-sdc
++ DISPLAY_NUM=91
++ VARIABLEFILES='-V /share/config/robot_properties.py'
++ VARIABLES='-v GLOBAL_BUILD_NUMBER:15588'
++ kubectl --namespace onap exec dev-robot-robot-6d444f4cdd-b42sw -- /var/opt/ONAP/runTags.sh -V /share/config/robot_properties.py -v GLOBAL_BUILD_NUMBER:15588 -d /share/logs/0001_ete_health-sdc -i health-sdc --display 91
Starting Xvfb on display :91 with res 1280x1024x24
Executing robot tests at log level TRACE
==============================================================================
Testsuites
==============================================================================
Testsuites.Health-Check :: Test that ONAP components are available via basi...
==============================================================================
Basic SDC Health Check                                                (DMaaP:UP)
| PASS |
------------------------------------------------------------------------------
Testsuites.Health-Check :: Test that ONAP components are available... | PASS |
1 critical test, 1 passed, 0 failed
1 test total, 1 passed, 0 failed
==============================================================================
Testsuites                                                            | PASS |
1 critical test, 1 passed, 0 failed
1 test total, 1 passed, 0 failed
==============================================================================
Output:  /share/logs/0001_ete_health-sdc/output.xml
Log:     /share/logs/0001_ete_health-sdc/log.html
Report:  /share/logs/0001_ete_health-sdc/report.html
aarna@anod-master:~/oom/kubernetes/robot$



On Thu, Sep 24, 2020 at 5:25 PM Vivekanandan Muthukrishnan via lists.onap.org <vmuthukrishnan=aarnanetworks.com@...> wrote:
Hi Chris,

Thanks for your quick response and I really appreciate that.

We were using Elalto maintenance branch as of July/10'th and we did not pull the latest code changes from the maintenance branch as our team qualified some of the critical ONAP uses.

We looked at the git logs and there are many changes specific to SDC docker image versions after July/10'th. Now we are trying to bring up Elalto again from the least maintenance branch. I guess it should fix the issue that we are facing.

I will update you soon.

Regards
Vivek

On Thu, Sep 24, 2020 at 12:08 PM Closset, Christophe <christophe.closset@...> wrote:

Hello,

 

What version of El Alto are you using ? Can you describe SDC BE Pod ?

There was already a maintenance release on El Alto and I suspect you might be using the original El alto which has even more expired certificates.

 

As Morgan suggest, it would be good to upgrade to Frankfurt which is a step forward for certificate renewal.

 

Best Regards

Christophe

 

From: <onap-discuss@...> on behalf of "Morgan Richomme via lists.onap.org" <morgan.richomme=orange.com@...>
Reply to: "onap-discuss@..." <onap-discuss@...>, "morgan.richomme@..." <morgan.richomme@...>
Date: Thursday, 24 September 2020 at 08:29
To: "vmuthukrishnan@..." <vmuthukrishnan@...>, "onap-discuss@..." <onap-discuss@...>
Subject: Re: [onap-discuss] SDC-BE SSL certificate expiry causing SDC PODs to fails in Elalto

 

According to the scan on our El alto CI chain, SDC-BE is still valid

BUT

lots of components expired and some critical components are about to expire (see attached file)

 

The cert management has been improved in Frankfurt and in Guilin but was a bit painful in El Alto. 

I do not think we can afford a maintenance release now.

My recommendation would be to move to frankfurt assuming than since frankfurt, renewal has been simplified.

But it is a question for the TSC.

 

/Morgan

 

 

Le mercredi 23 septembre 2020 à 23:56 +0530, Vivekanandan Muthukrishnan a écrit :

Dear SDC team,

 

It seems like SDC-BE Elalto certificates expired on Sep/09/2020 due to this Readiness Probe is failing and all the other dependent pods are failing to come up.

 

Are there any workarounds to resolve this issue? We would appreciate any help in this regard.

 

Here are our findings and log snippet for your reference.

 

1) Readiness probe failure

 

bash-4.4# bash -x /var/lib/ready-probe.sh
++ curl -k --max-time 5 -o /dev/null -w '%{http_code}' https://127.0.0.1:8443/sdc2/rest/healthCheck
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2254  100  2254    0     0  46958      0 --:--:-- --:--:-- --:--:-- 47957
+ health_Check_http_code=500
+ [[ 500 -eq 200 ]]
+ exit 500

 

2) SDC-BE error.log snippet

 

2020-09-23T18:12:18.953Z [BE-Health-Check-Task] ERROR o.o.s.b.c.h.HealthCheckBusinessLogic RequestId=null ErrorCategory=ERROR ServiceName=SDC catalog ErrorCode=500 TargetEntity=ExecuteRestRequest ON_BOARDING unexpected response:
org.openecomp.sdc.common.http.client.api.HttpExecuteException: Execute request GET https://sdc-onboarding-be.onap:8445/onboarding-api/v1.0/healthcheck HTTP/1.1 failed with exception: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at org.openecomp.sdc.common.http.client.api.HttpClient.execute(HttpClient.java:125)
at org.openecomp.sdc.common.http.client.api.HttpClient.get(HttpClient.java:69)
at org.openecomp.sdc.common.http.client.api.HttpRequestHandler.get(HttpRequestHandler.java:81)
at org.openecomp.sdc.common.http.client.api.HttpRequest.get(HttpRequest.java:62)
at org.openecomp.sdc.common.http.client.api.HttpRequest.get(HttpRequest.java:58)
at org.openecomp.sdc.be.components.health.HealthCheckBusinessLogic.getHostedComponentsBeHealthCheck(HealthCheckBusinessLogic.java:276)
at org.openecomp.sdc.be.components.health.HealthCheckBusinessLogic.getAmdocsHealthCheck(HealthCheckBusinessLogic.java:256)
at org.openecomp.sdc.be.components.health.HealthCheckBusinessLogic.getBeHealthCheckInfos(HealthCheckBusinessLogic.java:149)
at org.openecomp.sdc.be.components.health.HealthCheckBusinessLogic.access$100(HealthCheckBusinessLogic.java:71)
at org.openecomp.sdc.be.components.health.HealthCheckBusinessLogic$HealthCheckScheduledTask.run(HealthCheckBusinessLogic.java:456)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.openecomp.sdc.common.http.client.api.HttpClient.execute(HttpClient.java:118)
... 16 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at org.apache.http.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:298)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:992)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 35 common frames omitted
Caused by: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
... 43 common frames omitted
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Sep 09 11:33:20 GMT 2020
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 48 common frames omitted
2020-09-23T18:12:19.568Z [qtp1685538367-190] INFO o.o.sdc.be.filters.BeServletFilter RequestId=null serviceInstanceID=nullPartnerName=curl/7.61.1 auditOn=true ServerFQDN=dev-sdc-sdc-be-558b9967df-vsv99 userId=null uuid=a28eb520-4d1c-48dc-8f0f-62ae947f04b2 AuditBeginTimestamp=2020-09-23 18:12:19.568Z ErrorCategory=INFO ServerIPAddress=10.42.3.45 ServiceName=/healthCheck ErrorCode=0 localAddr=127.0.0.1 remoteAddr=127.0.0.1 No requestID  provided -> Generated UUID a28eb520-4d1c-48dc-8f0f-62ae947f04b2

 

3) SDC POD failure

kubectl get pods -n onap | grep sdc

 

dev-cds-cds-sdc-listener-cdfb48dd9-5r9zx                      1/1     Running      2          3h14m
dev-pomba-pomba-sdcctxbuilder-db6554c74-t8r48                 2/2     Running      0          138m
dev-sdc-sdc-be-558b9967df-8xtck                               2/2     Running      0          94s
dev-sdc-sdc-be-config-backend-2k6md                           0/1     Init:Error   0          79m
dev-sdc-sdc-be-config-backend-7bzms                           0/1     Init:Error   0          57m
dev-sdc-sdc-be-config-backend-7mtmc                           0/1     Init:Error   0          17m
dev-sdc-sdc-be-config-backend-8rxnc                           0/1     Init:Error   0          129m
dev-sdc-sdc-be-config-backend-bbmh8                           0/1     Init:Error   0          46m
dev-sdc-sdc-be-config-backend-c5v7s                           0/1     Init:Error   0          99m
dev-sdc-sdc-be-config-backend-cr5jn                           1/1     Running      0          72s
dev-sdc-sdc-be-config-backend-hsl7l                           0/1     Init:Error   0          68m
dev-sdc-sdc-be-config-backend-jfndx                           0/1     Error        0          119m
dev-sdc-sdc-be-config-backend-kwr78                           0/1     Init:Error   0          109m
dev-sdc-sdc-be-config-backend-p5hzb                           0/1     Init:Error   0          89m
dev-sdc-sdc-be-config-backend-tshrs                           0/1     Init:Error   0          33m
dev-sdc-sdc-cs-0                                              1/1     Running      0          129m
dev-sdc-sdc-cs-1                                              1/1     Running      0          127m
dev-sdc-sdc-cs-2                                              1/1     Running      0          125m
dev-sdc-sdc-cs-config-cassandra-sfs9c                         0/1     Completed    0          129m
dev-sdc-sdc-dcae-be-575959f7d7-cclzs                          0/2     Init:1/2     12         129m
dev-sdc-sdc-dcae-be-tools-9vwtd                               0/1     Init:Error   0          48m
dev-sdc-sdc-dcae-be-tools-bp9sq                               0/1     Init:Error   0          15m
dev-sdc-sdc-dcae-be-tools-gcqmq                               0/1     Init:Error   0          31m
dev-sdc-sdc-dcae-be-tools-hn4bs                               0/1     Init:Error   0          98m
dev-sdc-sdc-dcae-be-tools-jnxq2                               0/1     Init:Error   0          63m
dev-sdc-sdc-dcae-be-tools-jvdwj                               0/1     Init:Error   0          129m
dev-sdc-sdc-dcae-be-tools-mpkgw                               0/1     Init:Error   0          108m
dev-sdc-sdc-dcae-be-tools-nwj8c                               0/1     Init:Error   0          76m
dev-sdc-sdc-dcae-be-tools-pbh5w                               0/1     Init:Error   0          119m
dev-sdc-sdc-dcae-be-tools-xl87t                               0/1     Init:Error   0          87m
dev-sdc-sdc-dcae-dt-748446bcd8-47x22                          0/2     Init:0/2     12         129m
dev-sdc-sdc-dcae-fe-7f9bdbbd87-wf7jm                          0/2     Init:0/2     12         129m
dev-sdc-sdc-dcae-tosca-lab-5b95864759-wwgt2                   0/2     Init:0/1     12         129m
dev-sdc-sdc-es-58c98d8577-vbz8w                               1/1     Running      0          94s
dev-sdc-sdc-es-config-elasticsearch-pvmjg                     0/1     Completed    0          129m
dev-sdc-sdc-fe-8546449997-2xlgh                               0/2     Init:1/2     0          94s
dev-sdc-sdc-kb-bf94b5f87-b7x52                                1/1     Running      0          129m
dev-sdc-sdc-onboarding-be-547b7589d5-x28cj                    2/2     Running      0          129m
dev-sdc-sdc-onboarding-be-cassandra-init-pk6w9                0/1     Completed    0          129m
dev-sdc-sdc-wfd-be-84bcb46894-hndmt                           1/1     Running      0          129m
dev-sdc-sdc-wfd-be-workflow-init-8g74s                        0/1     Completed    0          129m
dev-sdc-sdc-wfd-fe-7d786c447c-ml95k                           2/2     Running      0          129m
dev-so-so-sdc-controller-5fd77ccdc9-ttcwf                     1/1     Running      0          119m

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


[Action Required] October Developer Forum - Your input for session scheduling #poll-notice

Ranny Haiby (Samsung)
 

Hi,

Please help us plan the schedule by indicating your intentions to attend the different proposed ONAP sessions on the LFN Developer Forum - October 13-15. We have so many excellent session proposals, and such short time for the event, so there will be multiple tracks running in parallel.

Please take a moment and check the session in the list you are likely to attend (this is informational only, you may change your mind later).

*Your input is very important as it will help us schedule in a way that would minimize overlap between popular sessions* 

For more information about the content of each session, take a look here:
https://wiki.lfnetworking.org/display/LN/2020+October+Virtual+Technical+Event+Topic+Proposals#id-2020OctoberVirtualTechnicalEventTopicProposals-ONAPTopics

Thank you.

The October Event Organizing Committee.

Thank you for voting.



What is AAI SSL keystore & key file org.onap.aai.p12 password ?

Vivekanandan Muthukrishnan
 

Dear AAI team,

The Elalto version of AAI certificate expired on Sep 27 19:34:54 2020 GMT

It seems like AAI is obfuscating the password as shown below.

components/aai-resources/values.yaml:  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10

I was referring to the hardcoded password list to https://wiki.onap.org/display/DW/OOM+Hardcoded+Passwords+List

The onapSecret & changeit did not work. 

I would appreciate any references to AAI keystore password and key file password.

Regards
Vivek

# Log snipped for your reference
# AAI SSL certificate issue

export SERVER_IP=10.43.146.9
export SERVER_PORT=8443
echo | openssl s_client -showcerts \
-servername gnupg.org \
-connect ${SERVER_IP}:${SERVER_PORT} 2>/dev/null \
| openssl x509 -inform pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2781022223073201926 (0x26982cfa36becf06)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
        Validity
            Not Before: Sep 27 19:34:54 2019 GMT
            Not After : Sep 27 19:34:54 2020 GMT

1081 - 1100 of 23232