Deployment events
The following events can affect deployment:
- The server load of both Address Manager and DNS/DHCP Server. The lack of resources such as memory disk space can cause a deployment failure.
- The datarake files related to performance and disk utilization.
- Whether a cleanup script or backup were running simultaneously. This could cause a high load and affect the deployment indirectly.
- Network interruptions in syslog and kernel.log (dmesg).
- All running queries.
API deployments
- Always check the API diagnostics log (/var/log/jetty/api-diagnostics.log).
- Check the following files for the Address Manager datarake:
- /var/log/jetty/api-diagnostics.log – API requests and answers
- /var/log/server.log – error messages
- /var/log/syslog – general error and warning messages
- For full and diffential deployments, you must be logged in during the deployment. Logging out during deployment will cause the deployment to fail.
- For selective deployments, the following will cause deployment to fail:
- Deploying dynamic or external records
- Deploying more than 100 records in a single API call
- Deploying records from more than one primary
- Moving records from one zone to another
- Not executing a full deployment with no errors (green check mark) to a new server or when the deployment flag resets.
API error messages
- Error message: "Unauthorized User"
Resolution: Add the Authorization Header with a valid token collected from a login call.
- Error message: "405 Method not allowed"
Resolution: Check the WADL API description for the proper request type.
- Error message: "405 Not found"
Resolution: Use the correct method name (case sensitive).
- Error message: "
varname
cannot be null"Resolutions: Add the missing variable in the parameter list. API calls like update() and selectiveDeploy() require payload (body) data.
Important files and folders in Address Manager
/data/deployment
Contains XML files that are sent to DNS/DHCP Server. Unless Java is in debug mode, the files in this directory are removed after a deployment.
/var/log/jetty/server.log
The Address Manager Java log. This file contains information, warnings, and errors from Java.
/usr/local/bluecat/server.properties
- deploy.timeout.minute = 20: The default deployment timeout. The default is 20 minutes.
-
maxConcurrentDeployedServers = 20: The maximum number of servers that can be deployed simultaneously. The default is 20 and the range is 1-20.
/etc/hosts
Contains the hostname for Java and replication.
Configuration files and directories on DNS/DHCP Server
/replicated/jail/named/etc/named.conf
BIND’s main configuration file. It contains information regarding DNS options, views, and zone configuration files.
/replicated/jail/named/etc/active/
Contains all of the configuration files for active DNS zones.
/replicated/etc/dhcpd.conf
The DHCP configuration file.
/var/bluecat/deploy
Contains the deployment XML files copied from DNS/DHCP server.
/usr/local/bluecat/cert.ks
Contains the certificate keys.
/replicated/jail/named/var/dns-config/state/
Contains deployment XML files that are written and parsed as .img files.
/replicated/jail/named/var/dns-config/state/views.state
Contains a list of views by object ID and loopback address.
/replicated/jail/named/var/dns-config/dbs/
Contains the BIND zone .db and .jnl files.
/validation/, /validation-dns/, /validation-dhcp/
These directories are dynamically created with configuration files, zone files, and other files which are validated before deployment. Once validation is complete, the files are removed. /validation/ is completely removed after validation and deployment.
/etc/service-type.key
Contains DNS/DHCP Server services.
/usr/local/bluecat/masterPassword.dat
A hash of the old deployment password.
/usr/local/bluecat/indigoKitten.dat
A hash of the new deployment password.
/usr/local/bluecat/log4j2.xml
Configures the level of detail from the commandServer, the size of the log files, and the number of archived/rolled log files.
/usr/local/bluecat/server.properties
Configures different system variables such as configuration files, log files, and various timers.
DNS/DHCP Server utilities and scripts
nsupdate
Provides dynamic updates to BIND and zones. nsupdate is controlled using the loopback interface:
127.0.0.2 (view1)
127.0.0.3 (view2)
127.0.0.4 (view3)
The loopback interfaces will be mapped to views in views.state.
rndc freeze/thaw
The name server control utility used for troubleshooting deployment problems. When freezing a zone, all dynamic changes stored in the zone's journal file will be written to the zone's database file.
/usr/local/bluecat/postDeploy.sh
Runs tasks after deployment from Address Manager is complete. This script is not executed manually.
/usr/local/bluecat/check-bind.sh
Validates the BIND configuration files. Checks named-checkconf for several conditions in the DNS zone files based on options slected when enabling zone validation. The output is placed in /var/log/check-zone.log.
/usr/local/bluecat/check-dhcp.sh
Calls /usr/local/validate-dhcp to validate the syntax of the dhcpd.conf file. The output is placed in /var/log/check/dhcpd.log.
/usr/local/bluecat/backupNamedConfig.sh
Restores and deletes the current BIND configuration files and directories:
- /replicated/jail/named
- /etc/rndc.conf
- /replicated/etc/rndc.key
- /repicated/etc/named.conf
- /replicated/var/dns-config
- /replicated/var/dnssec-keys
This script also provides a back up to these files.
/usr/local/bluecat/archiveDHCPFiles.sh
Restores and deletes the MAC authentication distributor and DHCPD configuration files and directories:
- /replicated/etc/mad.conf
- /replicated/etc/madweb.conf
- /replicated/usr/local//jetty/webapps
- /repicated/usr/local/jetty/etc/keystore
- /replicated/etc/dhcpd.conf
- /replicated/etc/dhcp6s.conf
- etc/cron.minutely
- /replicated/etc/bcn/sophos-nac.conf
This script also provides a back up to these files.
Log files in Address Manager
- /var/log/jetty/server.log
Log files in DNS/DHCP Server
- /var/log/syslog
- /var/log/commandServer.log
- /var/log/check-bind.log
- /var/log/check-zone.log
- /var/log/check-dhcpd.log