Help Center/ MapReduce Service/ User Guide (Ankara Region)/ Alarm Reference/ ALM-43620 GraphBase HA Certificates Are About to Expire
Updated on 2024-11-29 GMT+08:00

ALM-43620 GraphBase HA Certificates Are About to Expire

Alarm Description

GraphBase checks whether HA certificate files are about to expire in the first health check or at 01:00:00 every day. This alarm is generated when the validity period is less than 30 days.

Alarm Attributes

Alarm ID

Alarm Severity

Alarm Type

Service Type

Auto Cleared

43620

Major

Quality of service

GraphBase

Yes

Alarm Parameters

Type

Parameter

Description

Location Information

Source

Specifies the cluster for which the alarm is generated.

ServiceName

Specifies the service for which the alarm is generated.

RoleName

Specifies the role for which the alarm is generated.

HostName

Specifies the host for which the alarm is generated.

Impact on the System

Currently, there is no impact on the system.

Possible Causes

The HA root certificate file or HA user certificate file is about to expire.

Handling Procedure

View alarm information.

  1. Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms, and locate the row that contains ALM-43620 GraphBase HA Certificates Are About to Expire Check the host name in the location information and the file name in additional information. Use PuTTY to log in to the host where the alarm is generated as user omm.

    • If the file name displayed in additional information is root-ca.crt, go to 2.
    • If the file name displayed in additional information is server.crt, go to 10.

Check whether the HA root certificate file in the system is valid. If it is not, generate new HA certificate files.

  1. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the HA certificate directory.
  2. Run the openssl x509 -noout -text -in root-ca.crt command to query the effective time and due time of the HA root certificate.
  3. Perform 5 to 9 during off-peak hours to update HA certificate files as needed.
  4. In the alarm list on FusionInsight Manager, check whether the ALM-12055 Certificate File About to Expire alarm is generated.

    • If yes, go to 6.
    • If no, go to 7.

  5. Clear the alarm according to the handling procedure of ALM-12055 Certificate File About to Expire.
  6. Run the cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.crt root-ca.crt and cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.key root-ca.pem commands to copy the HA root certificate again. Run the rm ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin/CHECK_FLAG command. Wait for 1 minute and check whether the alarm with the same additional information is cleared.

    • If yes, go to 8.
    • If no, go to 18.

  7. Log in to the node where the other LoadBalancer instance is deployed as user omm and repeat 2 to 7.
  8. Check whether the alarm with the same additional information is generated again during the periodic check.

    • If yes, go to 18.
    • If no, no further action is required.

Check whether the HA user certificate file in the system is valid. If it is not, generate new HA certificate files.

  1. Use PuTTY to log in to the host for which the alarm is generated as user omm.
  2. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the HA certificate directory.
  3. Run the openssl x509 -noout -text -in server.crt command to query the effective time and due time of the HA user certificate.
  4. Perform 14 to 15 update the HA certificate during off-peak hours as required.
  5. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin command to go to the directory where the miner script is stored.
  6. Run the sh miner-ha-re-gencert.sh command to generate a new HA certificate. Then, check whether the alarm is cleared 1 minute later.

    • If yes, go to 17.
    • If no, go to 16.

  7. On the node where the standby LoadBalancer instance is located, repeat 14 to 15. Then, check whether the alarm is cleared 1 minute later.

    • If yes, go to 17.
    • If no, go to 18.

  8. Check whether this alarm is generated again during periodic system check.

    • If yes, go to 18.
    • If no, no further action is required.

Collect the fault information.

  1. On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
  2. Select GraphBase in the required cluster for Service.
  3. Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
  4. Contact technical support and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None.