Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: High
Fix Version/s: Dublin Release
Affects Version/s: Dublin Release
Component/s: None
Labels:
Environment:

Hide

ONAP environment deployed on 29 April

root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt"

Enter keystore password: secret

keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied)

Certificate was added to keystore

root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt -storepass secret"

keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied)

root@excl-lego-eeiwbue-april-node-1:~# mv user-ca.crt ca.crt

root@excl-lego-eeiwbue-april-node-1:~# openssl x509 -outform der -in ca.crt -out ftp.der

root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh^C

root@excl-lego-eeiwbue-april-node-1:~# kubectl cp ftp.der dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap

Defaulting container name to dcae-datafile-collector.

root@excl-lego-eeiwbue-april-node-1:~#

root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh

Defaulting container name to dcae-datafile-collector.

Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod.

/opt/app/datafile $ ^C

/opt/app/datafile $ cd /opt/app/datafile/config

/opt/app/datafile/config $ cd /opt/app/datafile/config/

/opt/app/datafile/config $ ls

application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              ftp.der                  ftp.jks                  ftp.jks.b64

/opt/app/datafile/config $ keytool -import -alias ftp -keystore ftp.jks -file ftp.der

Enter keystore password:

Owner: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se

Issuer: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se

Serial number: d4cc090c37fa853c

Valid from: Tue Jan 14 19:03:42 GMT 2014 until: Thu Sep 23 19:03:42 GMT 2027

Certificate fingerprints:

                MD5: B3:22:AA:DB:17:AF:83:6B:11:F3:96:F9:D4:72:1E:F3

                SHA1: F4:40:94:3F:8E:FE:50:F9:F2:C6:E7:19:29:5F:BB:1C:C0:E6:67:E3

                SHA256: 29:45:78:31:8F:3C:D8:89:5F:B7:D7:21:6F:20:96:2B:5D:1C:38:60:F7:9E:C8:E0:DB:1E:AF:9A:EA:01:D3:99

Signature algorithm name: SHA1withRSA

Subject Public Key Algorithm: 2048-bit RSA key

Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 27 4C 8B C2 7A 5B 96 AC   5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M.

0010: 7F 18 BA 00                                        ....

]

]

#2: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:true

PathLen:2147483647

]

#3: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 4C 8B C2 7A 5B 96 AC   5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M.

0010: 7F 18 BA 00                                        ....

]

]

Trust this certificate? [no]: yes

Certificate was added to keystore

keytool error: java.io.FileNotFoundException: ftp.jks (Permission denied)

/opt/app/datafile/config $ ls

application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              ftp.der                  ftp.jks                  ftp.jks.b64

/opt/app/datafile/config $ ls -l

total 28

-rwxr-xr-x    1 root    root           663 Apr 29 08:14 application.yaml

-rwxr-xr-x    1 root     root          1525 Apr 29 08:14 datafile_endpoints.json

-rwxr-xr-x    1 root     root          2151 Apr 29 08:16 dfc.jks

-rwxr-xr-x    1 root     root          2906 Apr 29 08:14 dfc.jks.b64

~~rw-r~~r-    1 datafile onap           943 May 1 12:15 ftp.der

-rwxr-xr-x    1 root     root           855 Apr 29 08:16 ftp.jks

-rwxr-xr-x    1 root     root          1155 Apr 29 08:14 ftp.jks.b64

/opt/app/datafile/config $ chmod 777 ftp.jks

chmod: ftp.jks: Operation not permitted

/opt/app/datafile/config $ keytool -list -v -keystore ftp.jks

Enter keystore password:

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: ftp1

Creation date: Apr 4, 2019

Entry type: trustedCertEntry

Owner: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE

Issuer: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE

Serial number: da886bde58e5ea36

Valid from: Thu Apr 04 08:02:40 GMT 2019 until: Fri Apr 03 08:02:40 GMT 2020

Certificate fingerprints:

                MD5: 04:F8:C4:31:1D:77:67:32:65:A9:CD:29:8F:6C:77:AF

                SHA1: 9B:E1:7C:AF:93:F1:B3:56:E1:4B:19:54:65:5A:EA:44:1A:FA:89:5A

                SHA256: E3:06:48:50:61:9E:B0:0F:F4:E7:77:5C:DC:8D:20:E9:A1:41:DC:F3:1E:4A:DC:51:81:56:30:41:A7:33:6B:F3

Signature algorithm name: SHA256withRSA

Subject Public Key Algorithm: 2048-bit RSA key

Version: 1

*******************************************

*******************************************

/opt/app/datafile/config $ exit

root@excl-lego-eeiwbue-april-node-1:~# ls

addSubscriber.json addSubscribermapper.json ca.crt ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files

root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.key dfc.key

root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.crt dfc.crt

root@excl-lego-eeiwbue-april-node-1:~# openssl pkcs12 -export -in dfc.crt -inkey dfc.key -chain -CAfile ca.crt -name dfc -out dfc.p12

Enter Export Password:

Verifying - Enter Export Password:

root@excl-lego-eeiwbue-april-node-1:~# ls

addSubscriber.json addSubscribermapper.json ca.crt dfc.crt dfc.key dfc.p12 ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files

root@excl-lego-eeiwbue-april-node-1:~# kubectl cp dfc.p12 dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap

Defaulting container name to dcae-datafile-collector.

root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh

Defaulting container name to dcae-datafile-collector.

Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod.

/opt/app/datafile $ cd /config

/bin/sh: cd: can't cd to /config: No such file or directory

/opt/app/datafile $ cd /opt/app/datafile/config/

/opt/app/datafile/config $ ls

application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              dfc.p12                  ftp.der                  ftp.jks                  ftp.jks.b64

/opt/app/datafile/config $ keytool -importkeystore -deststorepass secret -destkeypass secret -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass secret -alias dfc

Importing keystore dfc.p12 to dfc.jks...

keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied)

/opt/app/datafile/config $ ls -l

total 32

-rwxr-xr-x    1 root     root           663 Apr 29 08:14 application.yaml

-rwxr-xr-x    1 root     root          1525 Apr 29 08:14 datafile_endpoints.json

-rwxr-xr-x    1 root     root          2151 Apr 29 08:16 dfc.jks

-rwxr-xr-x    1 root     root          2906 Apr 29 08:14 dfc.jks.b64

~~rw-r~~r-    1 datafile onap          2900 May 1 12:26 dfc.p12

~~rw-r~~r-    1 datafile onap           943 May 1 12:15 ftp.der

-rwxr-xr-x    1 root     root           855 Apr 29 08:16 ftp.jks

-rwxr-xr-x    1 root     root          1155 Apr 29 08:14 ftp.jks.b64

/opt/app/datafile/config $ date

Wed May 1 12:30:24 UTC 2019

/opt/app/datafile/config $ keytool -importkeystore -srckeystore dfc.jks -destkeystore dfc.jks -deststoretype pkcs12

Enter source keystore password:

Entry for alias dfc-alias successfully imported.

Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied)

/opt/app/datafile/config $ exit

command terminated with exit code 1

Show
ONAP environment deployed on 29 April root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt" Enter keystore password: secret keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied) Certificate was added to keystore root@excl-lego-eeiwbue-april-node-2:~# docker exec -i 39d3c333911b sh -c "keytool -import -alias ftp -keystore /opt/app/datafile/config/ftp.jks -file /opt/app/datafile/config/ftp.der -noprompt -storepass secret" keytool error: java.io.FileNotFoundException: /opt/app/datafile/config/ftp.jks (Permission denied) root@excl-lego-eeiwbue-april-node-1:~# mv user-ca.crt ca.crt root@excl-lego-eeiwbue-april-node-1:~# openssl x509 -outform der -in ca.crt -out ftp.der root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh^C root@excl-lego-eeiwbue-april-node-1:~# kubectl cp ftp.der dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap Defaulting container name to dcae-datafile-collector. root@excl-lego-eeiwbue-april-node-1:~# root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh Defaulting container name to dcae-datafile-collector. Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod. /opt/app/datafile $ ^C /opt/app/datafile $ cd /opt/app/datafile/config /opt/app/datafile/config $ cd /opt/app/datafile/config/ /opt/app/datafile/config $ ls application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              ftp.der                   ftp.jks                   ftp.jks.b64 /opt/app/datafile/config $ keytool -import -alias ftp -keystore ftp.jks -file ftp.der Enter keystore password: Owner: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se Issuer: CN=etxlg's CA, OU=EAB/FJP/HO, O=RBS-CS, L=Kista, ST=Stockholm, C=se Serial number: d4cc090c37fa853c Valid from: Tue Jan 14 19:03:42 GMT 2014 until: Thu Sep 23 19:03:42 GMT 2027 Certificate fingerprints:                 MD5: B3:22:AA:DB:17:AF:83:6B:11:F3:96:F9:D4:72:1E:F3                 SHA1: F4:40:94:3F:8E:FE:50:F9:F2:C6:E7:19:29:5F:BB:1C:C0:E6:67:E3                 SHA256: 29:45:78:31:8F:3C:D8:89:5F:B7:D7:21:6F:20:96:2B:5D:1C:38:60:F7:9E:C8:E0:DB:1E:AF:9A:EA:01:D3:99 Signature algorithm name: SHA1withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 27 4C 8B C2 7A 5B 96 AC   5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M. 0010: 7F 18 BA 00                                        .... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 27 4C 8B C2 7A 5B 96 AC   5E AB 3D A5 9D 1D 4D 9E 'L..z[..^.=...M. 0010: 7F 18 BA 00                                        .... ] ] Trust this certificate? [no] : yes Certificate was added to keystore keytool error: java.io.FileNotFoundException: ftp.jks (Permission denied) /opt/app/datafile/config $ ls application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              ftp.der                   ftp.jks                   ftp.jks.b64 /opt/app/datafile/config $ ls -l total 28 -rwxr-xr-x    1 root    root           663 Apr 29 08:14 application.yaml -rwxr-xr-x    1 root     root          1525 Apr 29 08:14 datafile_endpoints.json -rwxr-xr-x    1 root     root          2151 Apr 29 08:16 dfc.jks -rwxr-xr-x    1 root     root          2906 Apr 29 08:14 dfc.jks.b64 rw-r r -    1 datafile onap           943 May 1 12:15 ftp.der -rwxr-xr-x    1 root     root           855 Apr 29 08:16 ftp.jks -rwxr-xr-x    1 root     root          1155 Apr 29 08:14 ftp.jks.b64 /opt/app/datafile/config $ chmod 777 ftp.jks chmod: ftp.jks : Operation not permitted /opt/app/datafile/config $ keytool -list -v -keystore ftp.jks Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry Alias name: ftp1 Creation date: Apr 4, 2019 Entry type: trustedCertEntry Owner: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE Issuer: CN=EST, OU=EST, O=0, L=0, ST=0, C=SE Serial number: da886bde58e5ea36 Valid from: Thu Apr 04 08:02:40 GMT 2019 until: Fri Apr 03 08:02:40 GMT 2020 Certificate fingerprints:                 MD5: 04:F8:C4:31:1D:77:67:32:65:A9:CD:29:8F:6C:77:AF                 SHA1: 9B:E1:7C:AF:93:F1:B3:56:E1:4B:19:54:65:5A:EA:44:1A:FA:89:5A                 SHA256: E3:06:48:50:61:9E:B0:0F:F4:E7:77:5C:DC:8D:20:E9:A1:41:DC:F3:1E:4A:DC:51:81:56:30:41:A7:33:6B:F3 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 1 ******************************************* ******************************************* /opt/app/datafile/config $ exit root@excl-lego-eeiwbue-april-node-1:~# ls addSubscriber.json addSubscribermapper.json ca.crt ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.key dfc.key root@excl-lego-eeiwbue-april-node-1:~# cp user_expert.crt dfc.crt root@excl-lego-eeiwbue-april-node-1:~# openssl pkcs12 -export -in dfc.crt -inkey dfc.key -chain -CAfile ca.crt -name dfc -out dfc.p12 Enter Export Password: Verifying - Enter Export Password: root@excl-lego-eeiwbue-april-node-1:~# ls addSubscriber.json addSubscribermapper.json ca.crt dfc.crt dfc.key dfc.p12 ftp.der mount_nfs.sh user_expert.crt user_expert.key var_files root@excl-lego-eeiwbue-april-node-1:~# kubectl cp dfc.p12 dep-dcae-datafile-collector-7f98b947c8-pb2nn:/opt/app/datafile/config/ -n onap Defaulting container name to dcae-datafile-collector. root@excl-lego-eeiwbue-april-node-1:~# kubectl -n onap exec -it dep-dcae-datafile-collector-7f98b947c8-pb2nn /bin/sh Defaulting container name to dcae-datafile-collector. Use 'kubectl describe pod/dep-dcae-datafile-collector-7f98b947c8-pb2nn' to see all of the containers in this pod. /opt/app/datafile $ cd /config /bin/sh: cd: can't cd to /config: No such file or directory /opt/app/datafile $ cd /opt/app/datafile/config/ /opt/app/datafile/config $ ls application.yaml         datafile_endpoints.json dfc.jks                  dfc.jks.b64              dfc.p12                  ftp.der                   ftp.jks                   ftp.jks.b64 /opt/app/datafile/config $ keytool -importkeystore -deststorepass secret -destkeypass secret -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass secret -alias dfc Importing keystore dfc.p12 to dfc.jks... keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied) /opt/app/datafile/config $ ls -l total 32 -rwxr-xr-x    1 root     root           663 Apr 29 08:14 application.yaml -rwxr-xr-x    1 root     root          1525 Apr 29 08:14 datafile_endpoints.json -rwxr-xr-x    1 root     root          2151 Apr 29 08:16 dfc.jks -rwxr-xr-x    1 root     root          2906 Apr 29 08:14 dfc.jks.b64 rw-r r -    1 datafile onap          2900 May 1 12:26 dfc.p12 rw-r r -    1 datafile onap           943 May 1 12:15 ftp.der -rwxr-xr-x    1 root     root           855 Apr 29 08:16 ftp.jks -rwxr-xr-x    1 root     root          1155 Apr 29 08:14 ftp.jks.b64 /opt/app/datafile/config $ date Wed May 1 12:30:24 UTC 2019 /opt/app/datafile/config $ keytool -importkeystore -srckeystore dfc.jks -destkeystore dfc.jks -deststoretype pkcs12 Enter source keystore password: Entry for alias dfc-alias successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled keytool error: java.io.FileNotFoundException: dfc.jks (Permission denied) /opt/app/datafile/config $ exit command terminated with exit code 1

When trying to add xNF certificates to DFC, Im getting permissions denied this is due to the file ownership of files in /opt/app/datafile/config being incorrect.

This will prevent DFC from creating an FTPes connection to xNFs.

Assignee:: tamasbakai

Reporter:: liamburke

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Due:: 03/May/19

Created:: 02/May/19 11:19 AM

Updated:: 06/May/19 1:48 PM

Resolved:: 06/May/19 1:48 PM

Details

Description

Attachments

Activity

People

Dates