Details
-
Bug
-
Status: Closed
-
Medium
-
Resolution: Done
-
El Alto Release
Description
Hi,
We are deploying ONAP Elalto release in our lab.
'aaf-sms-preload' job is not completing, due to which AAF health check failing.
We noticed that 'aaf-sms-preload' certificate is expired. Please find below steps.
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get pods -o wide|grep rnd-aaf-aaf-sms-preload
rnd-aaf-aaf-sms-preload-l2rtf 1/1 Running 0 9h 10.42.7.45 rndelalto-k8s-04 <none> <none>
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get services -o wide|grep aaf-sms
aaf-sms ClusterIP 10.43.1.91 <none> 10443/TCP 9h app=aaf-sms,release=rnd-aaf
aaf-sms-db ClusterIP 10.43.13.6 <none> 8200/TCP 9h app=aaf-sms-vault,release=rnd-aaf
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get jobs|grep aaf
rnd-aaf-aaf-sms-preload 0/1 9h 9h
rnd-aaf-aaf-sshsm-distcenter 1/1 76s 9h
rnd-aaf-aaf-sshsm-testca 1/1 88s 9h
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl -it exec rnd-aaf-aaf-sms-preload-l2rtf bash
bash-4.4#
bash-4.4#
bash-4.4# openssl s_client -showcerts -connect 10.43.1.91:10443 |openssl x509 -inform pem -noout -text | grep -E "Not After|Not Before|Issuer:|Subject:"
depth=1 C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
verify error:num=20:unable to get local issuer certificate
Issuer: C=US, O=ONAP, OU=OSAAF, CN=intermediateCA_9
Not Before: Jun 3 20:08:21 2019 GMT
Not After : Jun 3 20:08:21 2020 GMT
Subject: CN=aaf-sms/emailAddress=, OU=aaf-sms@aaf-sms.onap.org, OU=OSAAF, O=ONAP, C=US
^C
bash-4.4#
bash-4.4#
bash-4.4# exit
exit
ubuntu@rndelalto-nfs:~$
So, Please provide fix for this certificate expiry issue for Elalto release.
There is fix for similar issue(i.e. *https://jira.onap.org/browse/AAF-1159*) in Frankfurt release.
Regards,
Manjunath.
