Help Center/ MapReduce Service/ User Guide (Ankara Region)/ Alarm Reference/ ALM-43621 GraphBase HA Certificate Files Have Expired
Updated on 2024-11-29 GMT+08:00
View PDF
Share

ALM-43621 GraphBase HA Certificate Files Have Expired

Alarm Description

GraphBase checks whether HA certificate files have expired in the first health check or at 01:00:00 every day. This alarm is generated when the HA certificate has expired.

Alarm Attributes

Alarm ID

Alarm Severity

Alarm Type

Service Type

Auto Cleared

43621

Major

Quality of service

GraphBase

Yes

Alarm Parameters

Type

Parameter

Description

Location Information

Source

Specifies the cluster for which the alarm is generated.

ServiceName

Specifies the service for which the alarm is generated.

RoleName

Specifies the role for which the alarm is generated.

HostName

Specifies the host for which the alarm is generated.

Impact on the System

The HA root certificate file or HA user certificate file has expired. As a result, functions are restricted and cannot be used.

Possible Causes

The HA root certificate file or HA user certificate file has expired.

Handling Procedure

View alarm information.

  1. Log in to FusionInsight Manager and choose O&M. In the navigation pane on the left, choose Alarm > Alarms, and locate the row that contains ALM-43621 GraphBase HA Certificate Files Have Expired Check the host name in the location information and the file name in additional information. Use PuTTY to log in to the host where the alarm is generated as user omm.

    • If the file name displayed in additional information is root-ca.crt, go to 2.
    • If the file name displayed in additional information is server.crt, go to 9.

Check whether the HA root certificate file in the system is valid. If it is not, generate new HA certificate files.

  1. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
  2. Run the openssl x509 -noout -text -in root-ca.crt command to query the effective time and due time of the HA root certificate and check whether the file is valid.

    • If yes, go to 15.
    • If no, go to 4.

  3. In the alarm list on FusionInsight Manager, check whether ALM-12054 Invalid Certificate File is reported.

    • If yes, go to 5.
    • If no, go to 6.

  4. Clear the alarm according to the handling procedure of ALM-12054 Invalid Certificate File.
  5. Run the cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.crt root-ca.crt and cp ${NODE_AGENT_HOME}/security/cert/subcert/certFile/ca.key root-ca.pem commands to copy the HA root certificate again. Run the rm ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin/CHECK_FLAG command. Wait for 1 minute and check whether the alarm with the same additional information is cleared.

    • If yes, go to 7.
    • If no, go to 15.

  6. Log in to the node where the other LoadBalancer instance is deployed as user omm and repeat 2 to 6.
  7. Check whether the alarm with the same additional information is generated again during the periodic check.

    • If yes, go to 15.
    • If no, no further action is required.

Check whether the HA user certificate file in the system is valid. If it is not, generate new HA certificate files.

  1. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/ha/local/cert command to go to the directory where the HA certificate is stored.
  2. Run the openssl x509 -noout -text -in server.crt command to query the effective time and due time of the HA user certificate and check whether the file is valid.

    • If yes, go to 15.
    • If no, go to 11.

  3. Run the cd ${BIGDATA_HOME}/FusionInsight_GraphBase_*/install/FusionInsight-GraphBase-*/miner/bin command to go to the directory where the miner script is stored.
  4. Run the sh miner-ha-re-gencert.sh command to generate a new HA certificate. Then, check whether the alarm is cleared 1 minute later.

    • If yes, go to 14.
    • If no, go to 13.

  5. On the node where the standby LoadBalancer instance is located, repeat 11 to 12. Then, check whether the alarm is cleared 1 minute later.

    • If yes, go to 14.
    • If no, go to 15.

  6. Check whether this alarm is generated again during periodic system check.

    • If yes, go to 15.
    • If no, no further action is required.

Collect the fault information.

  1. On FusionInsight Manager, choose O&M. In the navigation pane on the left, choose Log > Download.
  2. Select GraphBase in the required cluster for Service.
  3. Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
  4. Contact technical support and provide the collected logs.

Alarm Clearance

This alarm is automatically cleared after the fault is rectified.

Related Information

None.

Parent topic: Alarm Reference