Topics

Policy Portal issue #clamp #policy #casablanca


jkzcristiano
 

Dear all,

I deploy casablanca branch 4 days ago. When I try to go to Policy UI (either directly or through Portal), I have the following issue:




At the same time, I have an error when deploying a CL from CLAMP. This issue maybe related with Policy not working properly or because some certificate has expired as clamp-clamp logs suggest:

17:00:24.246 [https-jsse-nio-8443-exec-17] INFO  org.onap.clamp.clds.client.DcaeHttpConnectionManager - Using HTTPS URL to contact DCAE:https://deployment-handler.onap:8443/dcae-deployments/closedLoop_0f85dc15-6906-401b-a1ae-2da98733d01c_deploymentId
17:00:24.254 [https-jsse-nio-8443-exec-17] ERROR org.onap.clamp.clds.client.DcaeDispatcherServices - Exception occurred getting response from DCAE
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Tue Mar 12 15:58:00 UTC 2019

I have read there are some issues with expired certificates in several ONAP services (due to Mar 12). Wonder if this issue will be solved in next ONAP tag 3.0.2-ONAP (hopefully, next Monday).

Kind regards!
Xoan




Yang Xu
 

Xoan,

 

Thanks for reporting the issue. We recently tested Casablanca 3.0.2 candidate on Integration-SB-04. I could access Portal and VID directly, but not through Portal. Could you try on Integration-SB-04 and let us know if it works for you asap?

 

Regards,

-Yang

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of jkzcristiano
Sent: Friday, April 12, 2019 2:32 PM
To: onap-discuss@...
Subject: [onap-discuss] Policy Portal issue #casablanca #clamp #policy

 

Dear all,

I deploy casablanca branch 4 days ago. When I try to go to Policy UI (either directly or through Portal), I have the following issue:




At the same time, I have an error when deploying a CL from CLAMP. This issue maybe related with Policy not working properly or because some certificate has expired as clamp-clamp logs suggest:

17:00:24.246 [https-jsse-nio-8443-exec-17] INFO  org.onap.clamp.clds.client.DcaeHttpConnectionManager - Using HTTPS URL to contact DCAE:https://deployment-handler.onap:8443/dcae-deployments/closedLoop_0f85dc15-6906-401b-a1ae-2da98733d01c_deploymentId

17:00:24.254 [https-jsse-nio-8443-exec-17] ERROR org.onap.clamp.clds.client.DcaeDispatcherServices - Exception occurred getting response from DCAE

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Tue Mar 12 15:58:00 UTC 2019

I have read there are some issues with expired certificates in several ONAP services (due to Mar 12). Wonder if this issue will be solved in next ONAP tag 3.0.2-ONAP (hopefully, next Monday).

Kind regards!
Xoan



Marco Platania
 

Xoan,

 

Try to access Policy and VID from their own GUIs, accepting the certificates when the warning pops up. After that, try again from Portal. Typically, accepting the certificate when connecting to Policy and VID directly makes my Portal instance work.

 

https://policy.api.simpledemo.onap.org:30219/onap/login.htm

https://vid.api.simpledemo.onap.org:30200/vid/login.htm

 

Marco

 

 

From: <onap-discuss@...> on behalf of Yang Xu <Yang.Xu3@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Yang.Xu3@..." <Yang.Xu3@...>
Date: Friday, April 12, 2019 at 9:52 PM
To: "onap-discuss@..." <onap-discuss@...>, "jkzcristiano@..." <jkzcristiano@...>
Subject: Re: [onap-discuss] Policy Portal issue #casablanca #clamp #policy

 

Xoan,

 

Thanks for reporting the issue. We recently tested Casablanca 3.0.2 candidate on Integration-SB-04. I could access Portal and VID directly, but not through Portal. Could you try on Integration-SB-04 and let us know if it works for you asap?

 

Regards,

-Yang

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of jkzcristiano
Sent: Friday, April 12, 2019 2:32 PM
To: onap-discuss@...
Subject: [onap-discuss] Policy Portal issue #casablanca #clamp #policy

 

Dear all,

I deploy casablanca branch 4 days ago. When I try to go to Policy UI (either directly or through Portal), I have the following issue:




At the same time, I have an error when deploying a CL from CLAMP. This issue maybe related with Policy not working properly or because some certificate has expired as clamp-clamp logs suggest:

17:00:24.246 [https-jsse-nio-8443-exec-17] INFO  org.onap.clamp.clds.client.DcaeHttpConnectionManager - Using HTTPS URL to contact DCAE:https://deployment-handler.onap:8443/dcae-deployments/closedLoop_0f85dc15-6906-401b-a1ae-2da98733d01c_deploymentId

17:00:24.254 [https-jsse-nio-8443-exec-17] ERROR org.onap.clamp.clds.client.DcaeDispatcherServices - Exception occurred getting response from DCAE

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Tue Mar 12 15:58:00 UTC 2019

I have read there are some issues with expired certificates in several ONAP services (due to Mar 12). Wonder if this issue will be solved in next ONAP tag 3.0.2-ONAP (hopefully, next Monday).

Kind regards!
Xoan




jkzcristiano
 

Dear Marco,

the procedure you mention is what I used to do before but I don't think it is now the case. Actually, Yang has tried this weekend and opened a Jira ticket https://jira.onap.org/browse/PORTAL-554 regarding policy issue.

I would also like to add in this message #oom, #clamp and  #dcae since I also have an issue when I deploy a CL from CLAMP (when contacting with deployment-handler).

Kind Regards!


Andreas Geissler
 

Hi Marco and Yang,

I tried it with the today's latest Casablanca version including all 3.0.2 fixes.

The procedure to start the VID and Poliy UIs outside the portal worked only for VID.

For Policy the situation is as Xoan described above.
Best regards
Andreas


Jorge Hernandez
 

See some discussion in PORTAL-554 and pointers to a potential workaround, if you can give it a try.

Best regards,

Jorge

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Andreas Geissler
Sent: Monday, April 15, 2019 7:21 AM
To: jkzcristiano <jkzcristiano@...>; onap-discuss@...
Subject: Re: [onap-discuss] Policy Portal issue #casablanca #clamp #policy #oom #clamp #dcae

 

Hi Marco and Yang,

I tried it with the today's latest Casablanca version including all 3.0.2 fixes.

The procedure to start the VID and Poliy UIs outside the portal worked only for VID.

For Policy the situation is as Xoan described above.
Best regards
Andreas


jkzcristiano
 

Dear Jorge,

the workaround works to access Policy UI via https://policy.api.simpledemo.onap.org:30219/onap/login.htm:

1. Log to policy-pap-xxx
2. sed -i 's/role_access/#role_access/g' /opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/portal.properties
3. source /opt/app/policy/etc/profile.d/env.sh;
4. policy.sh stop;
5. policy.sh start;

Thank you very much!
Xoan


jkzcristiano
 

Still,

CL deploy operation from CLAMP is not working. I attach clamp logs of the "deploy" action I've just tried.

Message in CLAMP UI:
Action Failure: deploy, Exception occurred during createNewDeployment Operation with DCAE

Initial clamp logs:

10:35:56.607 [https-jsse-nio-8443-exec-25] INFO  org.onap.clamp.clds.client.DcaeHttpConnectionManager - Using HTTPS URL to contact DCAE:https://deployment-handler.onap:8443/dcae-deployments/closedLoop_b18be34d-29b4-4f37-9de6-e3fdeb92e5ed_deploymentId
10:35:56.615 [https-jsse-nio-8443-exec-25] ERROR org.onap.clamp.clds.client.DcaeDispatcherServices - Exception occurred getting response from DCAE
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Tue Mar 12 15:58:00 UTC 2019
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)