ALM-43620 GraphBase HA Certificates Are About to Expire

Updated on 2024-11-29 GMT+08:00

View PDF

Alarm Description

GraphBase checks whether HA certificate files are about to expire in the first health check or at 01:00:00 every day. This alarm is generated when the validity period is less than 30 days.

Alarm Attributes

Alarm ID	Alarm Severity	Alarm Type	Service Type	Auto Cleared
43620	Major	Quality of service	GraphBase	Yes

Alarm Parameters

Type	Parameter	Description
Location Information	Source	Specifies the cluster for which the alarm is generated.
	ServiceName	Specifies the service for which the alarm is generated.
	RoleName	Specifies the role for which the alarm is generated.
	HostName	Specifies the host for which the alarm is generated.

Impact on the System

Currently, there is no impact on the system.

Possible Causes

The HA root certificate file or HA user certificate file is about to expire.

Handling Procedure

View alarm information.

Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms, and locate the row that contains ALM-43620 GraphBase HA Certificates Are About to Expire Check the host name in the location information and the file name in additional information. Use PuTTY to log in to the host where the alarm is generated as user omm.
- If the file name displayed in additional information is root-ca.crt, go to 2.
- If the file name displayed in additional information is server.crt, go to 10.

Check whether the HA root certificate file in the system is valid. If it is not, generate new HA certificate files.

Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the HA certificate directory.
Run the openssl x509 -noout -text -in root-ca.crt command to query the effective time and due time of the HA root certificate.
Perform 5 to 9 during off-peak hours to update HA certificate files as needed.
In the alarm list on FusionInsight Manager, check whether the ALM-12055 Certificate File About to Expire alarm is generated.
- If yes, go to 6.
- If no, go to 7.
Clear the alarm according to the handling procedure of ALM-12055 Certificate File About to Expire.
Run the cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.crt root-ca.crt and cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.key root-ca.pem commands to copy the HA root certificate again. Run the rm ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin/CHECK_FLAG command. Wait for 1 minute and check whether the alarm with the same additional information is cleared.
- If yes, go to 8.
- If no, go to 18.
Log in to the node where the other LoadBalancer instance is deployed as user omm and repeat 2 to 7.
Check whether the alarm with the same additional information is generated again during the periodic check.
- If yes, go to 18.
- If no, no further action is required.

Check whether the HA user certificate file in the system is valid. If it is not, generate new HA certificate files.

Use PuTTY to log in to the host for which the alarm is generated as user omm.
Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the HA certificate directory.
Run the openssl x509 -noout -text -in server.crt command to query the effective time and due time of the HA user certificate.
Perform 14 to 15 update the HA certificate during off-peak hours as required.
Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin command to go to the directory where the miner script is stored.
Run the sh miner-ha-re-gencert.sh command to generate a new HA certificate. Then, check whether the alarm is cleared 1 minute later.
- If yes, go to 17.
- If no, go to 16.
On the node where the standby LoadBalancer instance is located, repeat 14 to 15. Then, check whether the alarm is cleared 1 minute later.
- If yes, go to 17.
- If no, go to 18.
Check whether this alarm is generated again during periodic system check.
- If yes, go to 18.
- If no, no further action is required.

Collect the fault information.

On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
Select GraphBase in the required cluster for Service.
Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
Contact technical support and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None.

Parent topic: Alarm Reference

Previous topic: ALM-43619 Invalid GraphBase HA Certificate Files

Next topic: ALM-43621 GraphBase HA Certificate Files Have Expired

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot