Help Center/ MapReduce Service/ User Guide/ Alarm Reference (Applicable to MRS 3.x)/ ALM-24010 Flume Certificate File Is Invalid or Damaged
Updated on 2024-04-11 GMT+08:00

ALM-24010 Flume Certificate File Is Invalid or Damaged

This section applies to MRS 3.2.0 or later.

Alarm Description

Flume checks whether the Flume certificate file is valid (whether the certificate exists and whether the certificate format is correct) every hour. This alarm is generated when the certificate file is invalid or damaged. This alarm is automatically cleared when the certificate file becomes valid again.

Alarm Attributes

Alarm ID

Alarm Severity

Auto Cleared

24010

Major

Yes

Alarm Parameters

Parameter

Description

Source

Specifies the cluster for which the alarm was generated.

ServiceName

Specifies the service for which the alarm was generated.

RoleName

Specifies the role for which the alarm was generated.

HostName

Specifies the host for which the alarm was generated.

Impact on the System

The Flume client cannot access the Flume server.

Possible Causes

The Flume certificate file is invalid or damaged.

Handling Procedure

View alarm information.

  1. Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms. On the page that is displayed, locate the row containing ALM-24010 Flume Certificate File Is Invalid or Damaged, and view the Location information. View the IP address of the instance for which the alarm is generated.

Check whether the certificate file in the system is valid. If it is not, generate a new one.

  1. Log in to the node for which the alarm is generated as user root and run the su - omm command to switch to user omm.
  2. Run the following command to go to the Flume service certificate directory:

    cd ${BIGDATA_HOME}/FusionInsight_Porter_*/install/FusionInsight-Flume-*/flume/conf

  3. Run the ls -l command to check whether the flume_sChat.crt file exists.

    • If yes, go to 5.
    • If no, go to 6.

  4. Run the openssl x509 -in flume_sChat.crt -text -noout command to check whether certificate details are displayed properly.

    • If yes, go to 9.
    • If no, go to 6.

  5. Run the following command to go to the Flume script directory:

    cd ${BIGDATA_HOME}/FusionInsight_Porter_*/install/FusionInsight-Flume-*/flume/bin

  6. Run the following command to generate a new certificate file. Then check whether the alarm is automatically cleared one hour later.

    sh geneJKS.sh -f Custom certificate password of the Flume role on the server -g Custom certificate password of the Flume role on the client
    • If yes, go to 8.
    • If no, go to 9.
      The custom certificate passwords must meet the following complexity requirements:
      • Contain at least four types of uppercase letters, lowercase letters, digits, and special characters.
      • Contain 8 to 64 characters.
      • Be changed periodically (for example, every three months), and certificates and trust lists are generated again to ensure security.

  7. Check whether this alarm is generated again during periodic system check.

    • If yes, go to 9.
    • If no, no further action is required.

Collect fault information.

  1. On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
  2. Expand the Service drop-down list, and select Flume for the target cluster.
  3. Click the edit icon in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
  4. Contact O&M personnel and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None