Re: Review Request 62125: AMBARI-21893 : NameNode Heap Usage (Daily) metric alert status flips to UNKNOWN intermittently when AMS HTTPS is enabled.

Tue, 12 Sep 2017 11:26:21 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62125/
-----------------------------------------------------------

(Updated Sept. 12, 2017, 6:25 p.m.)


Review request for Ambari, Dmytro Sen, Jayush Luniya, and Sid Wagle.


Changes
-------

Fixed review issue.


Bugs: AMBARI-21893
    https://issues.apache.org/jira/browse/AMBARI-21893


Repository: ambari


Description
-------

PROBLEM
This issue is because of AMS HTTPS + HA scenario. The CA cert file 
(/etc/ambari-metrics-monitor/conf/ca.pem) found on every host is generated by 
fetching a specific metric collector host's certificate from the truststore. 
This certificate file is being used by alert script, service check and even 
monitors to talk to collector.

For example, in a cluster with hosts H1 to H5, let's say there are 2 collectors 
- H1 & H2.
On a node H3, let's say the ca.pem file was constructed using the certificate 
for collector H2.
Service check or metric monitor on H3 will NOT be able to talk to H1 since it 
does not have the certificate for that host.

FIX
Import certificates from metric collectors onto the pem file, if 
metric_truststore_alias is not specified. If the cluster has multiple 
collectors and the same certificate is used for all the collectors, then the 
metric_truststore_alias must be used to specify the alias to import the 
certificate.


Diffs (updated)
-----

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
 9e145c0 
  
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml
 cac39de 
  
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py
 4672501 
  
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
 071882b 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog260Test.java
 db6ebc1 


Diff: https://reviews.apache.org/r/62125/diff/2/

Changes: https://reviews.apache.org/r/62125/diff/1-2/


Testing
-------

Manually tested.
python unit tests pass.


Thanks,

Aravindan Vijayan

Reply via email to