- /var/log/syslog on Debian and Ubuntu.
- /var/log/messages on RHEL and CentOS.
You can retrieve and view the contents of this file to diagnose and troubleshoot issues with Cloud Resolver.
The following section lists out common errors that might be found in the log file.
Cloud Resolver cannot resolve endpoints
bluecat-cr-vm01 cloud-resolver: ERROR run:discover: cloud_resolver::services::server: Failed to Update Edge Domain List: error sending request for url (https://api-example.edge.bluec.at/v1/api/authentication/token): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution
If you see this message, the host machine might not be able to resolve endpoints using DNS. To resolve this issue, ensure that you have the correct nameserver entries in the /etc/resolv.conf file so that the host machine can resolve endpoints.
Cloud Resolver API timeouts
bluecat-cr-vm01 cloud-resolver: ERROR run:discover:discover:list_zones: cloud_resolver::azure::discover: error=error sending request for url (https://management.azure.com/subscriptions/abcdef12-98fe-6789-c321-aaabbbcccfff/providers/Microsoft.Network/privateDnsZones?api-version=2018-09-01): operation timed out
This message can appear if the connection between Cloud Resolver and the cloud environment times out due to connection issues or latency. If you see this message consistently, check the connection between Cloud Resolver and the cloud environment, as this may indicate a network issue.
messages, you can also retrieve the number of API failures by viewing the
csp_api_total_errorsvalues in the diagnostics endpoint.
discover_live_errorsdisplays the number of DNS zone discoveries that have failed since the last successful DNS zone discovery. If Cloud Resolver reconnects to the cloud environment and successfully issues an API call, the value resets to 0.
csp_api_total_errorsdisplays the total number of errors encountered by Cloud Resolver performing an API call against the cloud service provider.
For more information on the Cloud Resolver diagnostics endpoint, refer to Viewing the Cloud Resolver diagnostics endpoint.
Cloud Resolver port issues
bluecat-cr-vm01 cloud-resolver.service: Address already in use (os error 98)
- 53—used for inbound and outbound DNS traffic.
- 443—used for API access to the Cloud environment.
- 8080—used for simple TCP checks.
- 8090—used for verifying whether Kubernetes service is ready.
- 9000—used for the diagnostics endpoint.
- 9050—used for creating snapshots.
- 9090—used for pulling data to Prometheus.
For more information on ports used by Cloud Resolver, refer to the "Network requirements" section of Prerequisites.
Cloud Resolver vault issues
bluecat-cr-vm01 cloud-resolver.service: 2022-06-03T20:23:15.750054Z ERROR secret:edge_secrets:get_single_secret: cloud_resolver::azure: Error None for /CRS-EDGE-API-KEY/?api-version=7.2: builder error: relative URL without a base #033[3msecret_id#033[0m#033[2m=#033[0m"/CRS-EDGE-API-KEY" bluecat-cr-vm01 cloud-resolver.service: 2022-06-03T20:23:15.750101Z ERROR secret:edge_secrets:get_single_secret: cloud_resolver::azure: error=builder error: relative URL without a base #033[3msecret_id#033[0m#033[2m=#033[0m"/CRS-EDGE-API-KEY"
This message appears if you have a vault entry in the Cloud Resolver configuration file that is misconfigured or not in use. If you have not configured a vault to store your Edge API key and Edge Secret key, remove the vault entry and restart the Cloud Resolver service. If you have configured vault, ensure that Cloud Resolver can access the vault endpoint to retrieve the keys.
Cloud Resolver cannot create a snapshot
bluecat-cr-vm01 cloud-resolver.service: Snapshot Directory doesn't exist
This message appears if Cloud Resolver cannot create a snapshot. To resolve this issue, ensure that the /var/lib/bluecat directory exists on the Cloud Resolver host machine and that the directory has write permissions. If you configured a custom Cloud Resolver directory, ensure that the directory exists and has write permissions.