ALM-1320019 Certificate exception Alarm
Description
This is a customized monitoring item. The system checks whether all certificates used by CCS expire every 5 minutes. An alarm is generated when the certificates expire.
Attribute
Alarm ID |
Alarm Severity |
Auto Clear |
|---|---|---|
1320019 |
Critical |
Yes |
Parameters
Parameter |
Description |
|
|---|---|---|
Location Info |
Resource name |
Name of the device for which the alarm is generated |
Resource type |
MONITOR |
|
Monitor type |
Service monitoring |
|
Host IP address |
IP address of the VM for which the alarm is generated |
|
Details |
Data in recent periods |
|
Impact on the System
The system is unavailable after certificates expire. The issue must be handled promptly.
Possible Causes
- If the threshold is 1, the certificate is about to expire.
- If the threshold is 2, the certificate has expired.
- If the threshold is 3, the certificate is invalid or does not exist.
Procedure
- Log in to ManageOne Maintenance Portal using a browser.
- URL: https://Address for accessing the homepage of ManageOne Maintenance Portal:31943, for example, https://oc.type.com:31943
- Default username: admin; default password: Huawei12#$
- On the menu bar in the upper part of the page, choose Alarms > Current Alarms.
- In the alarm list, locate the alarm to be handled, and click
![]()
on the left of the alarm. The Details page is displayed. - Choose Location Info, obtain the host IP address, that is, the IP address of the node where the alarm is generated.
on the left of the alarm. The Details page is displayed.- Use PuTTY to log in to the CCS node whose certificate is to be replaced.
- Username: ccs
- Password: IaaS@OS-CLOUD9!
![]()
NOTE: The default password is IaaS@OS-CLOUD9!. If the system displays a message indicating that the password is incorrect, obtain the new password as required.
- Run the following command and enter the password of user root to switch to user root:
sudo su - root
- Run the following command to disable user logout upon system timeout:
TMOUT=0
- Run the following commands to switch to the directory that contains certificate:
cd /etc/ccs/server-cert
ll
- Run the following command to stop the CCS process:
sh /etc/ccs/init-script/start_ccs_service.sh -A STOP -M VM
- In the /etc/ccs/server-cert directory, run the following commands to modify the original certificates:
mv ccs_ca.crt ccs_ca.crt.bak
mv ccs_server.crt ccs_server.crt.bak
mv ccs_server.key ccs_server.key.bak
- Use a file transfer tool (such as WinSCP) to copy the new certificate to the /etc/ccs/server-cert directory on the current node. The certificate name must be the same as the original one.
- Run the following command to change the owner of the certificate files to docker:
chown docker:docker /etc/ccs/server-cert/*
![]()
NOTE: New certificate files must be stored in the same directory as the existing ones.
- Run the following command to restart CCS:
sh /etc/ccs/init-script/start_ccs_service.sh -M VM
View log file /var/log/ccs/ccs-init/ccs_server_check.log and check whether the certificates have taken effect or there is valid log information output.
If the following information is displayed, the certificates have taken effect.
![]()
- Repeat 5 to 13 on other CCS nodes.
- If the alarm persists after the certificate is replaced, contact technical support for assistance.
Reference
None
Previous
