ALM-24014 Flume MonitorServer Certificate Is About to Expire
This section applies to MRS 3.2.0 or later.
Alarm Description
MonitorServer checks whether its certificate file is about to expire every hour. This alarm is generated when the remaining validity period is at most 30 days. This alarm is automatically cleared when the remaining validity period is greater than 30 days.
Alarm Attributes
Alarm ID |
Alarm Severity |
Auto Cleared |
---|---|---|
24014 |
Major |
Yes |
Alarm Parameters
Parameter |
Description |
---|---|
Source |
Specifies the cluster for which the alarm was generated. |
ServiceName |
Specifies the service for which the alarm was generated. |
RoleName |
Specifies the role for which the alarm was generated. |
HostName |
Specifies the host for which the alarm was generated. |
Impact on the System
Currently, there is no impact on the system.
Possible Causes
The MonitorServer certificate file is about to expire.
Handling Procedure
View alarm information.
- Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms. On the page that is displayed, locate the row containing ALM-24014 MonitorServer Certificate Is About to Expire, and view the Location information. View the IP address of the instance for which the alarm is generated.
Check whether the certificate file in the system is valid. If it is not, generate a new one.
- Log in to the node for which the alarm is generated as user root and run the su - omm command to switch to user omm.
- Run the following command to go to the MonitorServer certificate file directory:
cd ${BIGDATA_HOME}/FusionInsight_Porter_*/install/FusionInsight-Flume-*/flume/conf
- Run the following command to check the effective time and expiration time of the MonitorServer user certificate:
openssl x509 -noout -text -in ms_sChat.crt
- Perform 6 to 7 during off-peak hours to update the certificate file as needed.
- Run the following command to go to the Flume script directory:
cd ${BIGDATA_HOME}/FusionInsight_Porter_*/install/FusionInsight-Flume-*/flume/bin
- Run the following command to generate a new certificate file. Then, check whether the alarm is automatically cleared one hour later.
sh geneJKS.sh -m Custom password of the MonitorServer certificate on the server -n Custom password of the MonitorServer certificate on the client
- If yes, go to 9.
- If no, go to 8.
The custom certificate passwords must meet the following complexity requirements:
- Contain at least four types of uppercase letters, lowercase letters, digits, and special characters.
- Contain 8 to 64 characters.
- Be changed periodically (for example, every three months), and certificates and trust lists are generated again to ensure security.
- Log in to the Flume node for which the alarm is generated as user omm and repeat 6 to 7. Then, check whether the alarm is automatically cleared one hour later.
- Check whether this alarm is generated again during periodic system check.
- If yes, go to 10.
- If no, no further action is required.
Collect fault information.
- On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
- Select MonitorServer in the required cluster for Service.
- Click the edit icon in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
- Contact O&M personnel and provide the collected logs.
Alarm Clearance
This alarm is automatically cleared after the fault is rectified.
Related Information
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot