ALM-43619 Invalid GraphBase HA Certificate Files
Alarm Description
GraphBase checks whether the HA certificate files are valid (whether the certificate exists and whether its format is correct) in the first health check or at 01:00:00 every day. This alarm is generated when the certificate file is invalid.
Alarm Attributes
Alarm ID |
Alarm Severity |
Alarm Type |
Service Type |
Auto Cleared |
---|---|---|---|---|
43619 |
Major |
Quality of service |
GraphBase |
Yes |
Alarm Parameters
Type |
Alarm Parameters |
Description |
---|---|---|
Location Information |
Source |
Specifies the cluster for which the alarm is generated. |
ServiceName |
Specifies the service for which the alarm is generated. |
|
RoleName |
Specifies the role for which the alarm is generated. |
|
HostName |
Specifies the host for which the alarm is generated. |
Impact on the System
The HA root certificate file or HA user certificate file has expired. As a result, functions are restricted and cannot be used.
Possible Causes
The HA root certificate file or HA user certificate file is invalid.
Handling Procedure
View alarm information.
- Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms, and locate the row that contains ALM-43619 Invalid GraphBase HA Certificate Files. Check the host name in the location information and the file name in the additional information. Use PuTTY to log in to the host where the alarm is generated as user omm.
Check whether the HA root certificate file in the system is valid.
- Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
- Run the ls -l command to check whether the root-ca.crt file exists.
- Run the openssl x509 -in root-ca.crt -text -noout command and check whether the command output is normal.
- In the alarm list on FusionInsight Manager, check whether ALM-12054 Invalid Certificate File is reported.
- Clear the alarm according to the handling procedure of ALM-12054 Invalid Certificate File.
- Run the cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.crt root-ca.crt and cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.key root-ca.pem commands to copy the HA root certificate again. Run the rm ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin/CHECK_FLAG command. Wait for 1 minute and check whether the alarm with the same additional information is cleared.
- Log in to the node where the other LoadBalancer instance is deployed as user omm and repeat 2 to 7.
- Check whether the alarm with the same additional information is generated again during the periodic check.
- If yes, go to 16.
- If no, no further action is required.
Check whether the HA user certificate file in the system is valid.
- Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
- Run the ls -l command to check whether the server.crt file exists.
- Run the openssl x509 -in server.crt -text -noout command and check whether the command output is normal.
- Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin command to go to the directory where the miner script is stored.
- Run the sh miner-ha-re-gencert.sh command to generate a new HA certificate. Then, check whether the alarm with the same additional information is cleared 1 minute later.
- Check whether the alarm with the same additional information is generated again during the periodic check.
- If yes, go to 16.
- If no, no further action is required.
Collect the fault information.
- On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
- Select GraphBase in the required cluster for Service.
- Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
- Contact technical support and provide the collected logs.
Alarm Clearance
This alarm is automatically cleared after the fault is rectified.
Related Information
None.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot