-
Bug
-
Resolution: Done
-
Medium
-
Amsterdam Release
-
None
-
None
Since OOM and HEAT are using two different ways of interacting with the system, hostname validation shouldn't be enforced, because OOM using internal kunermetes resolution, while HEAT uses plain hostname resolution.
[2018-01-05 17:52:21,418|ERROR|RESTManager|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.6.0:closedloop-amsterdam] Failed to POST to https://aai-service.onap-aai:8443/aai/search/named-query
javax.net.ssl.SSLPeerUnverifiedException: Host name 'aai-service.onap-aai' does not match the certificate subject provided by the peer (EMAILADDRESS=aai-host@api.simpledemo.openecomp.org, CN=aai.api.simpledemo.openecomp.org, O=ONAP, L=Bedminister, ST=NJ, C=US)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at org.onap.policy.rest.RESTManager.post(RESTManager.java:81)
at org.onap.policy.aai.AAIManager.postQuery(AAIManager.java:51)
at org.onap.policy.controlloop.actor.appclcm.AppcLcmActorServiceProvider.vnfNamedQuery(AppcLcmActorServiceProvider.java:168)
at org.onap.policy.controlloop.eventmanager.ControlLoopOperationManager.<init>(ControlLoopOperationManager.java:199)
at org.onap.policy.controlloop.eventmanager.ControlLoopEventManager.processControlLoop(ControlLoopEventManager.java:339)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER252219256.defaultConsequence(Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER252219256.java:145)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER252219256DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
at org.onap.policy.controlloop.Rule_com$u46$Config_BRMS_Param_BRMSParamvFirewall$u46$EVENT$u46$MANAGER252219256DefaultConsequenceInvoker.evaluate(Unknown Source)
at org.drools.core.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1052)
at org.drools.core.phreak.RuleExecutor.fire(RuleExecutor.java:121)
at org.drools.core.phreak.RuleExecutor.evaluateNetworkAndFire(RuleExecutor.java:74)
at org.drools.core.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:970)
at org.drools.core.common.DefaultAgenda.fireLoop(DefaultAgenda.java:1312)
at org.drools.core.common.DefaultAgenda.fireUntilHalt(DefaultAgenda.java:1232)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireUntilHalt(StatefulKnowledgeSessionImpl.java:1398)
at org.drools.core.impl.StatefulKnowledgeSessionImpl.fireUntilHalt(StatefulKnowledgeSessionImpl.java:1377)
at org.onap.policy.drools.core.PolicySession$DefaultThreadModel.run(PolicySession.java:563)
at java.lang.Thread.run(Thread.java:748)
- blocks
-
OOM-672 hardcoded clusterIP for aai breaks auto installation
- Closed
- relates to
-
POLICY-595 hostname validation in kubernates environment
- Closed