Deployment Troubleshooting - BlueCat Integrity - 9.3.0

Deployment events

The following events can affect deployment:

• The server load of both Address Manager and DNS/DHCP Server. The lack of resources such as memory disk space can cause a deployment failure.
• The datarake files related to performance and disk utilization.
• Whether a cleanup script or backup were running simultaneously. This could cause a high load and affect the deployment indirectly.
• Network interruptions in syslog and kernel.log (dmesg).
• All running queries.

API deployments

API error messages

• Error message: "Unauthorized User"

  Resolution: Add the Authorization Header with a valid token collected from a login call.

• Error message: "405 Method not allowed"

  Resolution: Check the WADL API description for the proper request type.

• Error message: "405 Not found"

  Resolution: Use the correct method name (case sensitive).

• Error message: "varname cannot be null"

  Resolutions: Add the missing variable in the parameter list. API calls like update() and selectiveDeploy() require payload (body) data.

Important files and folders in Address Manager

/data/deployment

Contains XML files that are sent to DNS/DHCP Server. Unless Java is in debug mode, the files in this directory are removed after a deployment.

/var/log/jboss.log

The Address Manager Java log. This file contains information, warnings, and errors from Java.

/usr/local/bluecat/server.properties

Contains the following variables used by Java to control deployments:

• deploy.timeout.minute = 20: The default deployment timeout. The default is 20 minutes.

• maxConcurrentDeployedServers = 20: The maximum number of servers that can be deployed simultaneously. The default is 20 and the range is 1-20.

• deploy.serial = true: Determines whether Address Manager deploys to multiple servers serially. The default is false.

/etc/hosts

Contains the hostname for Java and replication.

Configuration files and directories on DNS/DHCP Server

/replicated/jail/named/etc/named.conf

BIND’s main configuration file. It contains information regarding DNS options, views, and zone configuration files.

/replicated/jail/named/etc/active/

Contains all of the configuration files for active DNS zones.

/replicated/etc/dhcpd.conf

The DHCP configuration file.

/var/bluecat/deploy

Contains the deployment XML files copied from DNS/DHCP server.

/usr/local/bluecat/cert.ks

Contains the certificate keys.

/replicated/jail/var/dns-config/state/

Contains deployment XML files that are written and parsed as .img files.

/replicated/jail/named/var/dns-config/state/views.state

Contains a list of views by object ID and loopback address.

/replicated/jail/named/var/dns-config/dbs/

Contains the BIND zone .db and .jnl files.

/validation/, /validation-dns/, /validation-dhcp/

These directories are dynamically created with configuration files, zone files, and other files which are validated before deployment. Once validation is complete, the files are removed. /validation/ is completely removed after validation and deployment.

/etc/service-type.key

Contains DNS/DHCP Server services.

/usr/local/bluecat/masterPassword.dat

A hash of the old deployment password.

/usr/local/bluecat/indigoKitten.dat

A hash of the new deployment password.

/usr/local/bluecat/logging.properties

Configures the level of detail from the commandServer, the size of the log files, and the number of archived/rolled log files.

/usr/local/bluecat/server/properties

Configures different system variables such as configuration files, log files, and various timers.

Address Manager scripts

nsupdate

Provides dynamic updates to BIND and zones. nsupdate is controlled using the loopback interface:

127.0.0.2 (view1)

127.0.0.3 (view2)

127.0.0.4 (view3)

The loopback interfaces will be mapped to views in views.state.

rndc freeze/thaw

The name server control utility used for troubleshooting deployment problems. When freezing a zone, all dynamic changes stored in the zone's journal file will be written to the zone's database file.

/usr/local/bluecat/postDeploy.sh

Runs tasks after deployment from Address Manager is complete. This script is not executed manually.

/usr/local/bluecat/check-bind.sh

Validates the BIND configuration files. Checks named-checkconf for several conditions in the DNS zone files based on options slected when enabling zone validation. The output is placed in /var/log/check-zone.log.

/usr/local/bluecat/check-dhcp.sh

Calls /usr/local/validate-dhcp to validate the syntax of the dhcpd.conf file. The output is placed in /var/log/check/dhcpd.log.

/usr/local/bluecat/backupNamedConfig.sh

Restores and deletes the current BIND configuration files and directories:

• /replicated/jail/named
• /etc/rndc.conf
• /replicated/etc/rndc.key
• /repicated/etc/named.conf
• /replicated/var/dns-config
• /replicated/var/dnssec-keys

This script also provides a back up to these files.

/usr/local/bluecat/archiveDHCPFiles.sh

Restores and deletes the MAC authentication distributor and DHCPD configuration files and directories:

• /replicated/etc/mad.conf
• /replicated/etc/madweb.conf
• /replicated/usr/local//jetty/webapps
• /repicated/usr/local/jetty/etc/keystore
• /replicated/etc/dhcpd.conf
• /replicated/etc/dhcp6s.conf
• etc/cron.minutely
• /replicated/etc/bcn/sophos-nac.conf

This script also provides a back up to these files.

/usr/local/bluecat/commandServer.sh

Allows Address Manager to communicate with the server. Also implements the server control and deployment commands issued by Address Manager. The ouput is placed in /var/log/commandServer.log.

Log files in Address Manager

• /var/log/jboss.log

Log files in DNS/DHCP Server

• /var/log/syslog
• /var/log/commandServer.log
• /var/log/check-bind.log
• /var/log/check-zone.log
• /var/log/check-dhcpd.log