----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62125/#review185245 -----------------------------------------------------------
Fix it, then Ship it! ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py Lines 101 (patched) <https://reviews.apache.org/r/62125/#comment261548> More redable as host.alias vs the other way. - Sid Wagle On Sept. 12, 2017, 7:21 p.m., Aravindan Vijayan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62125/ > ----------------------------------------------------------- > > (Updated Sept. 12, 2017, 7:21 p.m.) > > > Review request for Ambari, Dmytro Sen, Jayush Luniya, and Sid Wagle. > > > Bugs: AMBARI-21893 > https://issues.apache.org/jira/browse/AMBARI-21893 > > > Repository: ambari > > > Description > ------- > > PROBLEM > This issue is because of AMS HTTPS + HA scenario. The CA cert file > (/etc/ambari-metrics-monitor/conf/ca.pem) found on every host is generated by > fetching a specific metric collector host's certificate from the truststore. > This certificate file is being used by alert script, service check and even > monitors to talk to collector. > > For example, in a cluster with hosts H1 to H5, let's say there are 2 > collectors - H1 & H2. > On a node H3, let's say the ca.pem file was constructed using the certificate > for collector H2. > Service check or metric monitor on H3 will NOT be able to talk to H1 since it > does not have the certificate for that host. > > FIX > Import certificates from metric collectors onto the pem file, if > metric_truststore_alias is not specified. If the cluster has multiple > collectors and the same certificate is used for all the collectors, then the > metric_truststore_alias must be used to specify the alias to import the > certificate. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java > 9e145c0 > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-ssl-client.xml > cac39de > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/ams.py > 4672501 > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py > 071882b > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog260Test.java > db6ebc1 > > > Diff: https://reviews.apache.org/r/62125/diff/2/ > > > Testing > ------- > > Manually tested. > python unit tests pass. > > > Thanks, > > Aravindan Vijayan > >
