Help Center/ MapReduce Service/ User Guide (Ankara Region)/ Alarm Reference/ ALM-43619 Invalid GraphBase HA Certificate Files
Updated on 2024-11-29 GMT+08:00
View PDF
Share

ALM-43619 Invalid GraphBase HA Certificate Files

Alarm Description

GraphBase checks whether the HA certificate files are valid (whether the certificate exists and whether its format is correct) in the first health check or at 01:00:00 every day. This alarm is generated when the certificate file is invalid.

Alarm Attributes

Alarm ID

Alarm Severity

Alarm Type

Service Type

Auto Cleared

43619

Major

Quality of service

GraphBase

Yes

Alarm Parameters

Type

Alarm Parameters

Description

Location Information

Source

Specifies the cluster for which the alarm is generated.

ServiceName

Specifies the service for which the alarm is generated.

RoleName

Specifies the role for which the alarm is generated.

HostName

Specifies the host for which the alarm is generated.

Impact on the System

The HA root certificate file or HA user certificate file has expired. As a result, functions are restricted and cannot be used.

Possible Causes

The HA root certificate file or HA user certificate file is invalid.

Handling Procedure

View alarm information.

  1. Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms, and locate the row that contains ALM-43619 Invalid GraphBase HA Certificate Files. Check the host name in the location information and the file name in the additional information. Use PuTTY to log in to the host where the alarm is generated as user omm.

    • If the file name displayed in additional information is root-ca.crt, go to 2.
    • If the file name displayed in additional information is server.crt, go to 10.

Check whether the HA root certificate file in the system is valid.

  1. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
  2. Run the ls -l command to check whether the root-ca.crt file exists.

    • If yes, go to 4.
    • If no, go to 16.

  3. Run the openssl x509 -in root-ca.crt -text -noout command and check whether the command output is normal.

    • If yes, go to 16.
    • If no, go to 5.

  4. In the alarm list on FusionInsight Manager, check whether ALM-12054 Invalid Certificate File is reported.

    • If yes, go to 6.
    • If no, go to 7.

  5. Clear the alarm according to the handling procedure of ALM-12054 Invalid Certificate File.
  6. Run the cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.crt root-ca.crt and cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.key root-ca.pem commands to copy the HA root certificate again. Run the rm ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin/CHECK_FLAG command. Wait for 1 minute and check whether the alarm with the same additional information is cleared.

    • If yes, go to 8.
    • If no, go to 16.

  7. Log in to the node where the other LoadBalancer instance is deployed as user omm and repeat 2 to 7.
  8. Check whether the alarm with the same additional information is generated again during the periodic check.

    • If yes, go to 16.
    • If no, no further action is required.

Check whether the HA user certificate file in the system is valid.

  1. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
  2. Run the ls -l command to check whether the server.crt file exists.

    • If yes, go to 12.
    • If no, go to 13.

  3. Run the openssl x509 -in server.crt -text -noout command and check whether the command output is normal.

    • If yes, go to 16.
    • If no, go to 13.

  4. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin command to go to the directory where the miner script is stored.
  5. Run the sh miner-ha-re-gencert.sh command to generate a new HA certificate. Then, check whether the alarm with the same additional information is cleared 1 minute later.

    • If yes, go to 15.
    • If no, go to 16.

  6. Check whether the alarm with the same additional information is generated again during the periodic check.

    • If yes, go to 16.
    • If no, no further action is required.

Collect the fault information.

  1. On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
  2. Select GraphBase in the required cluster for Service.
  3. Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
  4. Contact technical support and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None.

Parent topic: Alarm Reference