----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62125/#review184719 -----------------------------------------------------------
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py Lines 519 (patched) <https://reviews.apache.org/r/62125/#comment260911> This assumes that alais is hostname we should allow a config of type prefix.cert.hostname.alias to allow alias mapped to cert coming from the collector. - Sid Wagle On Sept. 6, 2017, 5:31 p.m., Aravindan Vijayan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62125/ > ----------------------------------------------------------- > > (Updated Sept. 6, 2017, 5:31 p.m.) > > > Review request for Ambari, Dmytro Sen, Jayush Luniya, and Sid Wagle. > > > Bugs: AMBARI-21893 > https://issues.apache.org/jira/browse/AMBARI-21893 > > > Repository: ambari > > > Description > ------- > > PROBLEM > This issue is because of AMS HTTPS + HA scenario. The CA cert file > (/etc/ambari-metrics-monitor/conf/ca.pem) found on every host is generated by > fetching a specific metric collector host's certificate from the truststore. > This certificate file is being used by alert script, service check and even > monitors to talk to collector. > > For example, in a cluster with hosts H1 to H5, let's say there are 2 > collectors - H1 & H2. > On a node H3, let's say the ca.pem file was constructed using the certificate > for collector H2. > Service check or metric monitor on H3 will NOT be able to talk to H1 since it > does not have the certificate for that host. > > FIX > Import certificates from metric collectors onto the pem file, if > metric_truststore_alias is not specified. If the cluster has multiple > collectors and the same certificate is used for all the collectors, then the > metric_truststore_alias must be used to specify the alias to import the > certificate. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py > 9a31ade > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py > 6975bec > > > Diff: https://reviews.apache.org/r/62125/diff/1/ > > > Testing > ------- > > Manually tested. > python unit tests pass. > > > Thanks, > > Aravindan Vijayan > >
