----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62125/ -----------------------------------------------------------
(Updated Sept. 12, 2017, 6:25 p.m.) Review request for Ambari, Dmytro Sen, Jayush Luniya, and Sid Wagle. Changes ------- Fixed review issue. Bugs: AMBARI-21893 https://issues.apache.org/jira/browse/AMBARI-21893 Repository: ambari Description ------- PROBLEM This issue is because of AMS HTTPS + HA scenario. The CA cert file (/etc/ambari-metrics-monitor/conf/ca.pem) found on every host is generated by fetching a specific metric collector host's certificate from the truststore. This certificate file is being used by alert script, service check and even monitors to talk to collector. For example, in a cluster with hosts H1 to H5, let's say there are 2 collectors - H1 & H2. On a node H3, let's say the ca.pem file was constructed using the certificate for collector H2. Service check or metric monitor on H3 will NOT be able to talk to H1 since it does not have the certificate for that host. FIX Import certificates from metric collectors onto the pem file, if metric_truststore_alias is not specified. If the cluster has multiple collectors and the same certificate is used for all the collectors, then the metric_truststore_alias must be used to specify the alias to import the certificate. Diffs (updated) ----- ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java 9e145c0 ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml cac39de ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py 4672501 ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py 071882b ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog260Test.java db6ebc1 Diff: https://reviews.apache.org/r/62125/diff/2/ Changes: https://reviews.apache.org/r/62125/diff/1-2/ Testing ------- Manually tested. python unit tests pass. Thanks, Aravindan Vijayan