Help Center/ MapReduce Service/ User Guide (Ankara Region)/ Alarm Reference/ ALM-46010 MOTService Certificate File Is About to Expire
Updated on 2024-11-29 GMT+08:00
View PDF
Share

ALM-46010 MOTService Certificate File Is About to Expire

Alarm Description

The system checks the certificate file in the system on the hour. This alarm is generated when the certificate file is about to expire in less than 30 days.

This alarm is cleared when a certificate that is not about to expire is imported and the alarm detection mechanism is triggered on the next hour.

Alarm Attributes

Alarm ID

Alarm Severity

Alarm Type

Service Type

Auto Cleared

46010

Minor

Security

MOTService

Yes

Alarm Parameters

Type

Parameter

Description

Location Information

Source

Specifies the cluster or system for which the alarm was generated.

ServiceName

Specifies the service for which the alarm was generated.

RoleName

Specifies the role for which the alarm was generated.

HostName

Specifies the host for which the alarm was generated.

Additional Information

Trigger Condition

Specifies the threshold for triggering the alarm.

Impact on the System

If the MOTService certificate is about to expire, the system is not affected. If the certificate has expired, functions such as data import and query cannot be provided for upper-layer services.

Possible Causes

The remaining validity period of the MOTService certificate file (MOTService root certificate or MOTService user certificate) is less than 30 days.

Handling Procedure

Locate the alarm cause.

  1. Log in to FusionInsight Manager and choose O&M > Alarm > Alarms. In the right pane, locate this alarm and click .

    View Additional Information to obtain the additional information about the alarm.

    • If MOTService HA root Certificate is displayed in the additional information, view Location to obtain the name of the host for which the alarm is generated. Then, log in to the host as user omm and go to 2.
    • If MOTService HA server Certificate is displayed in the additional information, view Location to obtain the name of the host for which the alarm is generated. Then, log in to the host as user omm and go to 3.
    • If MOTService root Certificate is displayed in the additional information, view Location to obtain the name of the host for which the alarm is generated. Then, log in to the host as user omm and go to 4.
    • If MOTService server Certificate is displayed in the additional information, view Location to obtain the name of the host for which the alarm is generated. Then, log in to the host as user omm and go to 5.

Check the validity period of the certificate files in the system.

  1. Check whether the remaining validity period of the MOTService HA root certificate is smaller than the alarm threshold.

    Run the openssl x509 -noout -text -in ${MOTSERVER_HOME}/ha/local/cert/root-ca.crt command to check the effective time and due time of the MOTService HA root certificate.

    • If yes, go to 6.
    • If no, go to 8.

  2. Check whether the remaining validity period of the MOTService HA user certificate is smaller than the alarm threshold.

    Run the openssl x509 -noout -text -in ${MOTSERVER_HOME}/ha/local/cert/server.crt command to check the effective time and due time of the MOTService HA user certificate.

    • If yes, go to 6.
    • If no, go to 8.

  3. Check whether the remaining validity period of the MOTService root certificate is smaller than the alarm threshold.

    Run the openssl x509 -noout -text -in ${MOTSERVER_HOME}/security/root-ca.crt command to check the effective time and due time of the MOTService root certificate.

    • If yes, go to 7.
    • If no, go to 8.

  4. Check whether the remaining validity period of the MOTService user certificate is smaller than the alarm threshold.

    Run the openssl x509 -noout -text -in ${MOTSERVER_HOME}/security/server.crt command to check the effective time and due time of the MOTService user certificate.

    • If yes, go to 7.
    • If no, go to 8.

The following is an example of the effective time and due time of a certificate: 
Certificate: 
    Data: 
        Version: 3 (0x2) 
        Serial Number: 
            97:d5:0e:84:af:ec:34:d8 
        Signature Algorithm: sha256WithRSAEncryption 
        Issuer: C=CN, ST=xxx, L=yyy, O=zzz, OU=IT, CN=HADOOP.COM 
        Validity 
            Not Before: Dec 13 06:38:26 2016 GMT             // Effective time
            Not After : Dec 11 06:38:26 2026 GMT             // Due time

Import certificate files.

  1. Import a new MOTService HA certificate file.

    Apply for or generate a new HA certificate file and import it to the system. Manually clear the alarm and check whether this alarm is generated again during periodic check.

    • If yes, go to 8.
    • If no, no further action is required.

  2. Import a new MOTService certificate file.

    Apply for or generate a new MOTService certificate file and import it to the system. Manually clear the alarm and check whether this alarm is generated again during periodic check.

    • If yes, go to 8.
    • If no, no further action is required.

Collect fault information.

  1. On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
  2. Expand the Service drop-down list, select Controller, OmmServer, OmmCore, and Tomcat, and click OK.
  3. Click the edit icon in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
  4. Contact O&M personnel/Technical support and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None

Parent topic: Alarm Reference