-
Bug
-
Resolution: Done
-
High
-
Dublin Release
-
None
-
ONAP environment deployed on 29 April
root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt"
Enter keystore password: secret
keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied)
Certificate was added to keystore
root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt -storepass secret"
keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied)
root@excl-lego-eeiwbue-april-node-1:~# mv user-ca.crt ca.crt
root@excl-lego-eeiwbue-april-node-1:~# openssl x509 -outform der -in ca.crt -out ftp.der
root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh^C
root@excl-lego-eeiwbue-april-node-1:~# kubectl cp ftp.der dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap
Defaulting container name to dcae-datafile-collector.
root@excl-lego-eeiwbue-april-node-1:~#
root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh
Defaulting container name to dcae-datafile-collector.
Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod.
/opt/app/datafile $ ^C
/opt/app/datafile $ cd /opt/app/datafile/config
/opt/app/datafile/config $ cd /opt/app/datafile/config/
/opt/app/datafile/config $ ls
application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 ftp.der ftp.jks ftp.jks.b64
/opt/app/datafile/config $ keytool -import -alias ftp -keystore ftp.jks -file ftp.der
Enter keystore password:
Owner: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se
Issuer: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se
Serial number: d4cc090c37fa853c
Valid from: Tue Jan 14 19:03:42 GMT 2014 until: Thu Sep 23 19:03:42 GMT 2027
Certificate fingerprints:
MD5: B3:22:AA:DB:17:AF:83:6B:11:F3:96:F9:D4:72:1E:F3
SHA1: F4:40:94:3F:8E:FE:50:F9:F2:C6:E7:19:29:5F:BB:1C:C0:E6:67:E3
SHA256: 29:45:78:31:8F:3C:D8:89:5F:B7:D7:21:6F:20:96:2B:5D:1C:38:60:F7:9E:C8:E0:DB:1E:AF:9A:EA:01:D3:99
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 27 4C 8B C2 7A 5B 96 AC 5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M.
0010: 7F 18 BA 00 ....
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 27 4C 8B C2 7A 5B 96 AC 5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M.
0010: 7F 18 BA 00 ....
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: ftp.jks (Permission denied)
/opt/app/datafile/config $ ls
application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 ftp.der ftp.jks ftp.jks.b64
/opt/app/datafile/config $ ls -l
total 28
-rwxr-xr-x 1 root root 663 Apr 29 08:14 application.yaml
-rwxr-xr-x 1 root root 1525 Apr 29 08:14 datafile_endpoints.json
-rwxr-xr-x 1 root root 2151 Apr 29 08:16 dfc.jks
-rwxr-xr-x 1 root root 2906 Apr 29 08:14 dfc.jks.b64
rw-rr- 1 datafile onap 943 May 1 12:15 ftp.der-rwxr-xr-x 1 root root 855 Apr 29 08:16 ftp.jks
-rwxr-xr-x 1 root root 1155 Apr 29 08:14 ftp.jks.b64
/opt/app/datafile/config $ chmod 777 ftp.jks
chmod: ftp.jks: Operation not permitted
/opt/app/datafile/config $ keytool -list -v -keystore ftp.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ftp1
Creation date: Apr 4, 2019
Entry type: trustedCertEntry
Owner: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE
Issuer: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE
Serial number: da886bde58e5ea36
Valid from: Thu Apr 04 08:02:40 GMT 2019 until: Fri Apr 03 08:02:40 GMT 2020
Certificate fingerprints:
MD5: 04:F8:C4:31:1D:77:67:32:65:A9:CD:29:8F:6C:77:AF
SHA1: 9B:E1:7C:AF:93:F1:B3:56:E1:4B:19:54:65:5A:EA:44:1A:FA:89:5A
SHA256: E3:06:48:50:61:9E:B0:0F:F4:E7:77:5C:DC:8D:20:E9:A1:41:DC:F3:1E:4A:DC:51:81:56:30:41:A7:33:6B:F3
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1
*******************************************
*******************************************
/opt/app/datafile/config $ exit
root@excl-lego-eeiwbue-april-node-1:~# ls
addSubscriber.json addSubscribermapper.json ca.crt ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files
root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.key dfc.key
root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.crt dfc.crt
root@excl-lego-eeiwbue-april-node-1:~# openssl pkcs12 -export -in dfc.crt -inkey dfc.key -chain -CAfile ca.crt -name dfc -out dfc.p12
Enter Export Password:
Verifying - Enter Export Password:
root@excl-lego-eeiwbue-april-node-1:~# ls
addSubscriber.json addSubscribermapper.json ca.crt dfc.crt dfc.key dfc.p12 ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files
root@excl-lego-eeiwbue-april-node-1:~# kubectl cp dfc.p12 dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap
Defaulting container name to dcae-datafile-collector.
root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh
Defaulting container name to dcae-datafile-collector.
Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod.
/opt/app/datafile $ cd /config
/bin/sh: cd: can't cd to /config: No such file or directory
/opt/app/datafile $ cd /opt/app/datafile/config/
/opt/app/datafile/config $ ls
application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 dfc.p12 ftp.der ftp.jks ftp.jks.b64
/opt/app/datafile/config $ keytool -importkeystore -deststorepass secret -destkeypass secret -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass secret -alias dfc
Importing keystore dfc.p12 to dfc.jks...
keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied)
/opt/app/datafile/config $ ls -l
total 32
-rwxr-xr-x 1 root root 663 Apr 29 08:14 application.yaml
-rwxr-xr-x 1 root root 1525 Apr 29 08:14 datafile_endpoints.json
-rwxr-xr-x 1 root root 2151 Apr 29 08:16 dfc.jks
-rwxr-xr-x 1 root root 2906 Apr 29 08:14 dfc.jks.b64
rw-rr- 1 datafile onap 2900 May 1 12:26 dfc.p12rw-rr- 1 datafile onap 943 May 1 12:15 ftp.der-rwxr-xr-x 1 root root 855 Apr 29 08:16 ftp.jks
-rwxr-xr-x 1 root root 1155 Apr 29 08:14 ftp.jks.b64
/opt/app/datafile/config $ date
Wed May 1 12:30:24 UTC 2019
/opt/app/datafile/config $ keytool -importkeystore -srckeystore dfc.jks -destkeystore dfc.jks -deststoretype pkcs12
Enter source keystore password:
Entry for alias dfc-alias successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied)
/opt/app/datafile/config $ exit
command terminated with exit code 1
ONAP environment deployed on 29 April root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt" Enter keystore password: secret keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied) Certificate was added to keystore root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt -storepass secret" keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied) root@excl-lego-eeiwbue-april-node-1:~# mv user-ca.crt ca.crt root@excl-lego-eeiwbue-april-node-1:~# openssl x509 -outform der -in ca.crt -out ftp.der root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh^C root@excl-lego-eeiwbue-april-node-1:~# kubectl cp ftp.der dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap Defaulting container name to dcae-datafile-collector. root@excl-lego-eeiwbue-april-node-1:~# root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh Defaulting container name to dcae-datafile-collector. Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod. /opt/app/datafile $ ^C /opt/app/datafile $ cd /opt/app/datafile/config /opt/app/datafile/config $ cd /opt/app/datafile/config/ /opt/app/datafile/config $ ls application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 ftp.der ftp.jks ftp.jks.b64 /opt/app/datafile/config $ keytool -import -alias ftp -keystore ftp.jks -file ftp.der Enter keystore password: Owner: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se Issuer: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se Serial number: d4cc090c37fa853c Valid from: Tue Jan 14 19:03:42 GMT 2014 until: Thu Sep 23 19:03:42 GMT 2027 Certificate fingerprints: MD5: B3:22:AA:DB:17:AF:83:6B:11:F3:96:F9:D4:72:1E:F3 SHA1: F4:40:94:3F:8E:FE:50:F9:F2:C6:E7:19:29:5F:BB:1C:C0:E6:67:E3 SHA256: 29:45:78:31:8F:3C:D8:89:5F:B7:D7:21:6F:20:96:2B:5D:1C:38:60:F7:9E:C8:E0:DB:1E:AF:9A:EA:01:D3:99 Signature algorithm name: SHA1withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 27 4C 8B C2 7A 5B 96 AC 5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M. 0010: 7F 18 BA 00 .... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 27 4C 8B C2 7A 5B 96 AC 5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M. 0010: 7F 18 BA 00 .... ] ] Trust this certificate? [no] : yes Certificate was added to keystore keytool error: java.io.FileNotFoundException: ftp.jks (Permission denied) /opt/app/datafile/config $ ls application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 ftp.der ftp.jks ftp.jks.b64 /opt/app/datafile/config $ ls -l total 28 -rwxr-xr-x 1 root root 663 Apr 29 08:14 application.yaml -rwxr-xr-x 1 root root 1525 Apr 29 08:14 datafile_endpoints.json -rwxr-xr-x 1 root root 2151 Apr 29 08:16 dfc.jks -rwxr-xr-x 1 root root 2906 Apr 29 08:14 dfc.jks.b64 rw-r r - 1 datafile onap 943 May 1 12:15 ftp.der -rwxr-xr-x 1 root root 855 Apr 29 08:16 ftp.jks -rwxr-xr-x 1 root root 1155 Apr 29 08:14 ftp.jks.b64 /opt/app/datafile/config $ chmod 777 ftp.jks chmod: ftp.jks : Operation not permitted /opt/app/datafile/config $ keytool -list -v -keystore ftp.jks Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry Alias name: ftp1 Creation date: Apr 4, 2019 Entry type: trustedCertEntry Owner: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE Issuer: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE Serial number: da886bde58e5ea36 Valid from: Thu Apr 04 08:02:40 GMT 2019 until: Fri Apr 03 08:02:40 GMT 2020 Certificate fingerprints: MD5: 04:F8:C4:31:1D:77:67:32:65:A9:CD:29:8F:6C:77:AF SHA1: 9B:E1:7C:AF:93:F1:B3:56:E1:4B:19:54:65:5A:EA:44:1A:FA:89:5A SHA256: E3:06:48:50:61:9E:B0:0F:F4:E7:77:5C:DC:8D:20:E9:A1:41:DC:F3:1E:4A:DC:51:81:56:30:41:A7:33:6B:F3 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 1 ******************************************* ******************************************* /opt/app/datafile/config $ exit root@excl-lego-eeiwbue-april-node-1:~# ls addSubscriber.json addSubscribermapper.json ca.crt ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.key dfc.key root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.crt dfc.crt root@excl-lego-eeiwbue-april-node-1:~# openssl pkcs12 -export -in dfc.crt -inkey dfc.key -chain -CAfile ca.crt -name dfc -out dfc.p12 Enter Export Password: Verifying - Enter Export Password: root@excl-lego-eeiwbue-april-node-1:~# ls addSubscriber.json addSubscribermapper.json ca.crt dfc.crt dfc.key dfc.p12 ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files root@excl-lego-eeiwbue-april-node-1:~# kubectl cp dfc.p12 dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap Defaulting container name to dcae-datafile-collector. root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh Defaulting container name to dcae-datafile-collector. Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod. /opt/app/datafile $ cd /config /bin/sh: cd: can't cd to /config: No such file or directory /opt/app/datafile $ cd /opt/app/datafile/config/ /opt/app/datafile/config $ ls application.yaml datafile_endpoints.json dfc.jks dfc.jks.b64 dfc.p12 ftp.der ftp.jks ftp.jks.b64 /opt/app/datafile/config $ keytool -importkeystore -deststorepass secret -destkeypass secret -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass secret -alias dfc Importing keystore dfc.p12 to dfc.jks... keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied) /opt/app/datafile/config $ ls -l total 32 -rwxr-xr-x 1 root root 663 Apr 29 08:14 application.yaml -rwxr-xr-x 1 root root 1525 Apr 29 08:14 datafile_endpoints.json -rwxr-xr-x 1 root root 2151 Apr 29 08:16 dfc.jks -rwxr-xr-x 1 root root 2906 Apr 29 08:14 dfc.jks.b64 rw-r r - 1 datafile onap 2900 May 1 12:26 dfc.p12 rw-r r - 1 datafile onap 943 May 1 12:15 ftp.der -rwxr-xr-x 1 root root 855 Apr 29 08:16 ftp.jks -rwxr-xr-x 1 root root 1155 Apr 29 08:14 ftp.jks.b64 /opt/app/datafile/config $ date Wed May 1 12:30:24 UTC 2019 /opt/app/datafile/config $ keytool -importkeystore -srckeystore dfc.jks -destkeystore dfc.jks -deststoretype pkcs12 Enter source keystore password: Entry for alias dfc-alias successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied) /opt/app/datafile/config $ exit command terminated with exit code 1
When trying to add xNF certificates to DFC, Im getting permissions denied this is due to the file ownership of files in /opt/app/datafile/config being incorrect.
This will prevent DFC from creating an FTPes connection to xNFs.