Community Articles

Find and share helpful community-sourced technical articles.
Labels (2)

ISSUE : Even after configuring falcon to use https, ambari alert checks Falcon UI on http and fails. Falcon service will be running fine but Ambari shows Falcon WEB UI alert.

ROOT CAUSE : Ambari alert script is hardcoded to check Falcon on http


1. Login to Ambari UI

2. Open one more tab and go to this UI : http://AMBARI_HOST:8080/api/v1/clusters/CLUSTER_NAME/alert_definitions

3. Search for falcon_server_webui and get the alert definitions ID.

Example :     {
      "href" : "",
      "AlertDefinition" : {
        "cluster_name" : "ironman",
        "id" : 301,       
 	 "label" : "Falcon Server Web UI",       
	  "name" : "falcon_server_webui"

301 is the alert definition here.

4. Delete this alert definition using curl

curl -u admin:admin -H "X-Requested-By: ambari" -X DELETE http://AMBARI_HOST:8080/api/v1/clusters/CLUSTER_NAME/alert_definitions/301 

5. On the ambari server, edit this file /var/lib/ambari-server/resources/common-services/FALCON/

Change "http": "{{falcon-env/falcon_port}}", to "https": "{{falcon-env/falcon_port}}",

6. Restart Ambari server

We should be all good now. Falcon web UI alert should clear up.


Does this apply to all versions of Ambari that support Falcon?

@Beverley Andalora

That's correct. All versions of Ambari have this issue.

Although this will technically work, there is a supported way of doing this. The Falcon alert definition can specify the parameter to monitor for determining whether to use HTTP or HTTPS:

  "name": "falcon_server_webui",
  "label": "Falcon Server Web UI",
  "description": "This host-level alert is triggered if the Falcon Server Web UI is unreachable.",
  "interval": 1,
  "scope": "ANY",
  "enabled": true,
  "source": {
    "type": "WEB",
    "uri": {
      "http": "{{falcon-env/falcon_port}}",
      "https": "{{falcon-env/falcon_port}}",
      "https_property": "{{hdfs-site/falcon.enableTLS}}",
      "https_property_value": "true",
      "default_port": 15000,
      "kerberos_keytab": "{{*.falcon.http.authentication.kerberos.keytab}}",
      "kerberos_principal": "{{*.falcon.http.authentication.kerberos.principal}}",
      "connection_timeout": 5
    "reporting": {
      "ok": {
        "text": "HTTP {0} response in {2:.3f}s"
      "warning": {
        "text": "HTTP {0} response from {1} in {2:.3f}s ({3})"
      "critical": {
        "text": "Connection failed to {1} ({3})"

Falcon should respect the port, regardless of plaintext vs encryption. However, this way, the alert framework will understand whether to use plaintext or TLS.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎02-22-2017 11:28 PM
Updated by:
Top Kudoed Authors