Deployment Troubleshooting - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

Deployment events

The following events can affect deployment:

  • The server load of both Address Manager and DNS/DHCP Server. The lack of resources such as memory disk space can cause a deployment failure.
  • The datarake files related to performance and disk utilization.
  • Whether a cleanup script or backup were running simultaneously. This could cause a high load and affect the deployment indirectly.
  • Network interruptions in syslog and kernel.log (dmesg).
  • All running queries.

API deployments

If you're using APIs for deployment, consider the following:
  • Always check the API diagnostics log (/var/log/jetty/api-diagnostics.log).
  • Check the following files for the Address Manager datarake:
    • /var/log/jetty/api-diagnostics.log – API requests and answers
    • /var/log/server.log – error messages
    • /var/log/syslog – general error and warning messages
  • For full and diffential deployments, you must be logged in during the deployment. Logging out during deployment will cause the deployment to fail.
  • For selective deployments, the following will cause deployment to fail:
    • Deploying dynamic or external records
    • Deploying more than 100 records in a single API call
    • Deploying records from more than one primary
    • Moving records from one zone to another
    • Not executing a full deployment with no errors (green check mark) to a new server or when the deployment flag resets.

API error messages

  • Error message: "Unauthorized User"

    Resolution: Add the Authorization Header with a valid token collected from a login call.

  • Error message: "405 Method not allowed"

    Resolution: Check the WADL API description for the proper request type.

  • Error message: "405 Not found"

    Resolution: Use the correct method name (case sensitive).

  • Error message: "varname cannot be null"

    Resolutions: Add the missing variable in the parameter list. API calls like update() and selectiveDeploy() require payload (body) data.

Important files and folders in Address Manager

/data/deployment

Contains XML files that are sent to DNS/DHCP Server. Unless Java is in debug mode, the files in this directory are removed after a deployment.

/var/log/jetty/server.log

The Address Manager Java log. This file contains information, warnings, and errors from Java.

/usr/local/bluecat/server.properties

Contains the following variables used by Java to control deployments:
Note: The deploy.serial variable has been deprecated and is no longer available.
  • deploy.timeout.minute = 20: The default deployment timeout. The default is 20 minutes.
  • maxConcurrentDeployedServers = 20: The maximum number of servers that can be deployed simultaneously. The default is 20 and the range is 1-20.

/etc/hosts

Contains the hostname for Java and replication.

Configuration files and directories on DNS/DHCP Server

/replicated/jail/named/etc/named.conf

BIND’s main configuration file. It contains information regarding DNS options, views, and zone configuration files.

/replicated/jail/named/etc/active/

Contains all of the configuration files for active DNS zones.

/replicated/etc/dhcpd.conf

The DHCP configuration file.

/var/bluecat/deploy

Contains the deployment XML files copied from DNS/DHCP server.

/usr/local/bluecat/cert.ks

Contains the certificate keys.

/replicated/jail/named/var/dns-config/state/

Contains deployment XML files that are written and parsed as .img files.

/replicated/jail/named/var/dns-config/state/views.state

Contains a list of views by object ID and loopback address.

/replicated/jail/named/var/dns-config/dbs/

Contains the BIND zone .db and .jnl files.

/validation/, /validation-dns/, /validation-dhcp/

These directories are dynamically created with configuration files, zone files, and other files which are validated before deployment. Once validation is complete, the files are removed. /validation/ is completely removed after validation and deployment.

/etc/service-type.key

Contains DNS/DHCP Server services.

/usr/local/bluecat/masterPassword.dat

A hash of the old deployment password.

/usr/local/bluecat/indigoKitten.dat

A hash of the new deployment password.

/usr/local/bluecat/log4j2.xml

Configures the level of detail from the commandServer, the size of the log files, and the number of archived/rolled log files.

/usr/local/bluecat/server.properties

Configures different system variables such as configuration files, log files, and various timers.

DNS/DHCP Server utilities and scripts

nsupdate

Provides dynamic updates to BIND and zones. nsupdate is controlled using the loopback interface:

127.0.0.2 (view1)

127.0.0.3 (view2)

127.0.0.4 (view3)

The loopback interfaces will be mapped to views in views.state.

rndc freeze/thaw

The name server control utility used for troubleshooting deployment problems. When freezing a zone, all dynamic changes stored in the zone's journal file will be written to the zone's database file.

/usr/local/bluecat/postDeploy.sh

Runs tasks after deployment from Address Manager is complete. This script is not executed manually.

/usr/local/bluecat/check-bind.sh

Validates the BIND configuration files. Checks named-checkconf for several conditions in the DNS zone files based on options slected when enabling zone validation. The output is placed in /var/log/check-zone.log.

/usr/local/bluecat/check-dhcp.sh

Calls /usr/local/validate-dhcp to validate the syntax of the dhcpd.conf file. The output is placed in /var/log/check/dhcpd.log.

/usr/local/bluecat/backupNamedConfig.sh

Restores and deletes the current BIND configuration files and directories:

  • /replicated/jail/named
  • /etc/rndc.conf
  • /replicated/etc/rndc.key
  • /repicated/etc/named.conf
  • /replicated/var/dns-config
  • /replicated/var/dnssec-keys

This script also provides a back up to these files.

/usr/local/bluecat/archiveDHCPFiles.sh

Restores and deletes the MAC authentication distributor and DHCPD configuration files and directories:

  • /replicated/etc/mad.conf
  • /replicated/etc/madweb.conf
  • /replicated/usr/local//jetty/webapps
  • /repicated/usr/local/jetty/etc/keystore
  • /replicated/etc/dhcpd.conf
  • /replicated/etc/dhcp6s.conf
  • etc/cron.minutely
  • /replicated/etc/bcn/sophos-nac.conf

This script also provides a back up to these files.

Log files in Address Manager

  • /var/log/jetty/server.log

Log files in DNS/DHCP Server

  • /var/log/syslog
  • /var/log/commandServer.log
  • /var/log/check-bind.log
  • /var/log/check-zone.log
  • /var/log/check-dhcpd.log