Data Aggregator can't be added as a data source in NetOps Portal after HTTPS configuration

Products

Network Observability

Issue/Introduction

After HTTPS configuration, NetOps Portal can't reach the Data Aggregator. The karaf.log on the DA reports the following error:

java.nio.file.AccessDeniedException: /opt/IMDataAggregator/apache-karaf-4.4.6/etc/keystore

at sun.nio.fs.UnixException.translateToIOException(Unknown Source) ~[?:?]

at sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source) ~[?:?]

at sun.nio.fs.UnixFileSystemProvider.newByteChannel(Unknown Source) ~[?:?]

at java.nio.file.Files.newByteChannel(Unknown Source) ~[?:?]

at java.nio.file.spi.FileSystemProvider.newInputStream(Unknown Source) ~[?:?]

at java.nio.file.Files.newInputStream(Unknown Source) ~[?:?]

at org.eclipse.jetty.util.resource.PathResource.getInputStream(PathResource.java:463) ~[?:?]

at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52) ~[?:?]

at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1203) ~[?:?]

at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:322) ~[?:?]

at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) ~[?:?]

at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]

at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]

at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]

at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) ~[?:?]

at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]

at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]

at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]

at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) ~[?:?]

at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[?:?]

at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) ~[?:?]

at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]

at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]

at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]

at org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:626) ~[?:?]

at org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) ~[?:?]

at org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:555) ~[?:?]

at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:445) ~[?:?]

at org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) ~[?:?]

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?]

at java.util.concurrent.FutureTask.run(Unknown Source) [?:?]

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]

at java.lang.Thread.run(Unknown Source) [?:?]

Environment

This will only apply to environments where the DA was installed with a non root user.

Cause

After using sudo to run sslConfig on the DA, the /opt/IMDataAggregator/apache-karaf-4.4.6/etc/keystore and /opt/IMDataAggregator/apache-karaf-4.4.6/etc/truststore files are owned by root and not the sudo user.

Resolution

Change ownership of the below files from root to the sudo install user:

/opt/IMDataAggregator/apache-karaf-4.4.6/etc/keystore

/opt/IMDataAggregator/apache-karaf-4.4.6/etc/truststore

Restart the dadaemon service.

Additional Information

This is a known defect that is going to be resolved in the 24.3.12 release.