-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62125/
-----------------------------------------------------------
Review request for Ambari, Dmytro Sen, Jayush Luniya, and Sid Wagle.
Bugs: AMBARI-21893
https://issues.apache.org/jira/browse/AMBARI-21893
Repository: ambari
Description
-------
PROBLEM
This issue is because of AMS HTTPS + HA scenario. The CA cert file
(/etc/ambari-metrics-monitor/conf/ca.pem) found on every host is generated by
fetching a specific metric collector host's certificate from the truststore.
This certificate file is being used by alert script, service check and even
monitors to talk to collector.
For example, in a cluster with hosts H1 to H5, let's say there are 2 collectors
- H1 & H2.
On a node H3, let's say the ca.pem file was constructed using the certificate
for collector H2.
Service check or metric monitor on H3 will NOT be able to talk to H1 since it
does not have the certificate for that host.
FIX
Import certificates from metric collectors onto the pem file, if
metric_truststore_alias is not specified. If the cluster has multiple
collectors and the same certificate is used for all the collectors, then the
metric_truststore_alias must be used to specify the alias to import the
certificate.
Diffs
-----
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py
9a31ade
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
6975bec
Diff: https://reviews.apache.org/r/62125/diff/1/
Testing
-------
Manually tested.
python unit tests pass.
Thanks,
Aravindan Vijayan
