No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Alarm and Event Reference 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ALM-2000493 Certificate Exception Alarm

ALM-2000493 Certificate Exception Alarm

Description

The system checks the certificate used by SMN every one hour. This alarm is generated when the certificate has expired, the validity period is within 30 days, or the certificate is invalid.

Attribute

Alarm ID

Alarm Severity

Auto Clear

2000493

Critical

Yes

Parameters

Parameter

Description

Resource name

Name of the device for which the alarm is generated

Resource type

MONITOR

Monitor type

Service monitoring

Host IP address

IP address of the host

Details

Data in recent periods

Threshold

Threshold for generating an alarm

Impact on the System

After the certificate expires, the system will become unavailable. You must handle the alarm immediately.

Possible Causes

  • If the threshold is 1, the certificate is about to expire.
  • If the threshold is 2, the certificate has expired.
  • If the threshold is 3, the certificate is invalid or does not exist.

Prerequisites

  • You have obtained the certificate in .jks format and certificate encryption password. For example, the certificate is smn_ps.jks.
  • A service certificate whose alias is silvan_server is available.
  • You have obtained a tool, such as PuTTY, used for remote access on various platforms.
  • You have obtained a file transfer tool, such as WinSCP.
  • You have obtained the management IP address of the PS node and the login passwords of users hermes and root.
NOTE:

The default password of user root is Cloud12#$ and that of user hermes is Hermes@123. You can use the default password of the JKS certificate store, which is Onframework@szx333.

Procedure

  1. Use a file transfer tool, such as WinSCP, to upload the obtained certificate to the /opt/hermes/publishServer/config directory on the PS node.
  2. Decompress the software package using the decompression tool.

    Encryption tool software package safetool-x.x.x-release.tar.gz is contained in the package.

  3. Use a file transfer tool, such as WinSCP, to upload the encryption tool software package safetool-x.x.x-release.tar.gz to the opt/hermes directory on the PS node.
  4. Use PuTTY to log in to the PS node as user hermes.
  5. Run the following command to switch to the root user:

    sudo su - root

    The default password is Cloud12#$.

  6. Run the following command to disable user logout upon system timeout:

    TMOUT=0

    NOTE:

    If the default password Onframework@szx333 is used, skip 7 to 13.

  7. Run the following command to import the environment variable:

    source /etc/profile

  8. Run the following command to switch to the certificate store directory:

    cd /opt/hermes/publishServer/config

  9. Run the following commands to configure the permission for the certificate:

    chmod 400 smn_ps.jks

    chown hermes:hermes smn_ps.jks

  10. Run the following commands to encrypt the certificate password:

    cd /opt/hermes/safetool/bin

    sh safetool -b

    The following information is displayed:

    Please input the path of root key:

  11. Enter /opt/hermes/publishServer/config/rootkey and press Enter.

    The following information is displayed:
    Please input your password:

  12. Enter the certificate encryption password and press Enter.

    The following information is displayed:

    Please input your password again:

  13. Enter the certificate encryption password again and press Enter.

    Record the generated ciphertext of the password.

  14. Run the following command to open the rest.properties file using the vi editor:

    vi /opt/hermes/publishServer/config/rest.properties

  15. Press i to enter the editing mode.
  16. Modify the value of parameter server.rest.ssl.keystore in the configuration file.

    If the name of the new JKS certificate store is the same as that of the original certificate store, for example, both being smn_ps.jks, do not change the certificate name. Change the value of server.rest.ssl.keystore to config/smn_ps.jks (directory where the certificate is stored).

  17. Press Esc, enter :wq, and press Enter.

    Save the changes and exit the vi editor.

  18. Run the following commands to delete the encryption tool:

    cd /opt/hermes

    rm -rf safetool*

  19. Run the following command to delete the original certificate store:

    rm -rf /opt/hermes/publishServer/config/smn_ps.jks

  20. Run the following command to restart the PS process:

    sh /opt/hermes/publishServer/bin/publishServer_monitor.sh restart

    The certificate is replaced if the PS process successfully restarts.

Reference

None

Translation
Download
Updated: 2019-08-30

Document ID: EDOC1100062365

Views: 48992

Downloads: 33

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next