FND故障排除工具
簡介
本文檔介紹如何使用現場網路導向器(FND)部署中提供的故障排除工具。FND解決方案範圍廣泛,包含多種技術和專業化認證。因此,有許多指令碼和命令列工具可幫助驗證特定情況下的行為或診斷複雜問題。
作者:Cisco TAC工程師Ryan Bowman。
必要條件
需求
思科建議您擁有一個具有註冊前端路由器(HER)、現場區域路由器和連線網格終端(CGE)的完全運行的生產或實驗室環境。 要使用getStats.sh驗證CoAP簡單管理協定(CSMP)統計資訊,必須至少有一個生成CSMP流量的CGE。
為了使用/opt/cgms-tools/目錄中的檔案,必須在應用程式伺服器上安裝cgms-tools RPM包。
採用元件
本文檔中的資訊全部使用FND版本3.0.1-36收集,所有Linux伺服器都安裝在運行RHEL 6.5的虛擬機器上。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
命令列工具
本節介紹作為cgms和cgms-tools包的一部分提供的CLI實用程式。cgms RPM的預設安裝路徑為/opt/cgms/,cgms-tools的預設安裝路徑為/opt/cgms-tools/。
setupCgms.sh(/opt/cgms/bin/setupCgms.sh):
首次安裝FND後,應運行此指令碼以配置必要的應用程式變數。一旦開始生產,您仍然可以使用此實用程式更改關鍵配置引數。在執行此指令碼之前,必須停止cgms服務,導航到/opt/cgms/bin/目錄,然後執行./setupCgms命令。
[root@fnd bin]#./setupCgms.sh Are you sure you want to setup IoT-FND (y/n)? n Do you wish to configure another database server for this IoT-FND ? (y/n)? n Do you want to change the database password (y/n)? n Do you want to change the keystore password (y/n)? n Do you want to change the web application 'root' user password (y/n)? n Do you want to change the FTP settings (y/n)? n Do you want to change router CGDM protocol settings (y/n)? n Do you want to change log file settings)? (y/n)? n
getstats.sh(/opt/cgms/bin/getstats.sh):
此指令碼將在應用程式啟動並運行時執行。當您分析負載均衡集群和主用/備用資料庫對的效能時,它非常有用。每個效能度量都超出了本文的範圍,但下面是運行指令碼時的輸出示例。
對群集中的FND部署進行故障排除時,請在每台伺服器上執行此指令碼,以驗證負載平衡是否正常工作。如果其中一個應用伺服器的CSMP處理速率比其它應用伺服器高得多,則負載均衡可能沒有配置錯誤。此外,當您分析此輸出時,如果您看到您的隊列大小增加,則表明某處存在瓶頸進程。
[root@fnd bin]# ./getstats.sh Current Time: 2017-03-08 01:06 ============ events statistics ============== ElapsedTimePrepareForRules (ms):...........................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Events request rate:.......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeSendToSyslog (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ metric statistics ============== ElapsedTimePersistBatch (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistNetElementMetrics (ms):..................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Incoming message rate to Metric Server:....................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeFindCurrentMetric (ms):.........................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimefindCurrentMetricsForNetObject (ms):............................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] sendMetricEvents:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistNetElementMetric (ms):...................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeAddMetricWithoutPropagation (ms):...............................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Rate of message drop at the metric server:.................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeAddMetricsInBulkWithoutPropagation (ms):........................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ issues statistics ============== Issues Incoming Rate:......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] UpdateEventAndIssues (ms):.................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Issues Processing Rate:....................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ label statistics ============== Label drop rate:...........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimePersistBatch (ms):..............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Label processing rate:.....................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ElapsedTimeBatchCommit (ms):...............................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Label request rate:........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] Batch Commit Size :........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ csmp statistics ============== csmpConNotificationRate:...................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNonNotificationRate:...................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNonQueueSize:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpNotificationRate:......................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpDropRate:..............................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpProcessingRate:........................................................[ val: 0/s over 1 min ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] csmpConQueueSize:..........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ============================================== ============ database connection pool statistics ============== dbConFlushCount:...........................................................[ val: 0 ] [ avg: 0.0 ] [ counter: 0 ] [ lastUpdate: never ] ActiveCount:...............................................................[ val: 13 ] InUseCount:................................................................[ val: 7 ] AvailableCount:............................................................[ val: 243 ] CreatedCount:..............................................................[ val: 13 ] DestroyedCount:............................................................[ val: 0 ]
keytool(/opt/cgms/jre/bin/keytool):
必須瞭解FND安裝附帶有Java。您需要使用keytool實用程式來建立和管理cgms_keystore,該儲存庫必須在FND和隧道調配伺服器(TPS)上正確配置。
在某些環境中,伺服器已經安裝了Java,任何使用者只要使用$PATH環境變數即可使用keytool命令。如果使用keytool命令並找到此錯誤,則還有一個解決方案適合您:
[root@fnd]# keytool -bash: keytool: command not found
您可以導航到/opt/cgms/jre/bin/目錄,然後在此目錄中呼叫keytool實用程式,例如:
[root@fnd ~]# keytool -v -list -keystore /opt/cgms/server/cgms/conf/cgms_keystore -bash: keytool: command not found [root@fnd ~]# cd /opt/cgms/jre/bin/ [root@fnd bin]# ./keytool -v -list -keystore /opt/cgms/server/cgms/conf/cgms_keystore Enter keystore password:
cgdm-client.sh(/opt/cgms-tools/bin/cgdm-client.sh):
FND使用HTTPS上的Netconf來存取與現場區域路由器(FAR)通訊。 Netconf使用XML格式的消息來提供服務,該服務不僅可靠、可靠,而且可以很容易地分解並傳送到資料庫。有一個稱為cgdm-client的CLI工具,該工具將開啟一個手動連線到網格裝置管理器(CGDM)會話,連線到您選擇的FAR,執行遠端命令,並將從FAR響應時收到的XML傳送到BASH中的stdout。
如果執行指令碼時沒有選項,則會顯示使用指南:
[root@fnd bin]# ./cgdm-client ERROR: Please specify an IP address and a command usage: cgdm-client <cgr ip address> <cgdm CLI command> -c <arg> Conf and keystore directory path, default = /opt/cgms/server/cgms/conf -v Verbose mode
例如,假設您要驗證管理IP(.csv檔案中的「IP」值)為192.0.2.1的路由器上時間是否完全同步。從FND應用程式伺服器上的終端會話中,可以使用show clock命令查詢CGR上的時間:
[root@fnd bin]# ./cgdm-client 192.0.2.1 show clock <?xml version="1.0" encoding="ISO-8859-1"?> <nf:rpc-reply xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="http://www.cisco.com/nxos:1.0" message-id="1"> <nf:data>15:44:58.092 CST Mon Mar 13 2017 </nf:data> </nf:rpc-reply>
或者,可以在命令中使用「v」標誌指定詳細輸出。請注意,詳細輸出來自Java和Cisco軟體進程和語法。在以下輸出中看不到任何其它網路或裝置資訊:
[root@fnd bin]# ./cgdm-client -v 192.0.2.1 show clock < output omitted >
csmp-request.sh(/opt/cgms-tools/bin/csmp-request.sh):
除cgdm-client FAR工具外,還有一種稱為csmp-request的終端工具。與cgdm-client指令碼類似,該指令碼允許您使用CSMP從CGE查詢資訊。您只需指定網狀終端的IPv6地址和在裝置上查詢的TLV(型別長度值)。TLV代碼的完整清單超出本文的範圍,但下面將顯示一些已知示例。指令碼的語法為:
./csmp-request -r [] TLV-Value
1.在具有IP 2001:db8::1/32的儀表上查詢CGE韌體版本
[root@fnd bin]# ./csmp-request -r [2001:db8:0:0:0:0:0:1] 75
2. IP 2001:db8::1/32儀表上的查詢正常運行時間
[root@fnd bin]# ./csmp-request -r [2001:db8:0:0:0:0:0:1] 22
signature-tool(/opt/cgms-tools/bin/signature-tool):
簽名工具是一種Java實用程式,它允許您加密明文測試密碼、解密加密的密碼或字串並以明文形式列印SSM_CSMP證書。應使用此工具為.csv檔案生成加密的密碼字串,以使其不包含明文形式的管理員密碼。
要檢視命令語法,請執行不帶選項的指令碼:
[root@fnd bin]# ./signature-tool usage: signature-tool print signature-tool export <binary|base64> <filename> signature-tool decrypt <keystore> <filename> signature-tool encrypt <keystore> <filename>
要列印SSM_CSMP證書,請使用:
[root@fnd bin]# ./signature-tool print
要加密明文管理員密碼:
- 導航到/opt/cgms-tools/bin目錄:
[root@fnd ~]# cd /opt/cgms-tools/bin [root@fnd bin]# pwd /opt/cgms-tools/bin
-
建立一個新的文本檔案,該檔案僅包含明文形式的相關字串/密碼:
-
[root@fnd bin]# echo AdminPassword > clear-text-password.txt [root@fnd bin]# cat clear-text-password.txt AdminPassword
- 使用「encrypt」選項執行簽名工具指令碼,並指定cgms_keystore檔案的準確路徑和您剛剛建立的具有明文密碼的檔名。當提示輸入別名時,請僅使用「cgms」,因為FND應用程式會使用帶有「cgms」別名的cgms_keystore檔案中的證書來向CA進行身份驗證:
[root@fnd bin]# ./signature-tool encrypt /opt/cgms/server/cgms/conf/cgms_keystore clear-text-password.txt Enter alias: cgms Enter password: pXHcF+YxyoJarz4YAqvFVMrLT2I//caHLddiJfrb7k65RmceIJUNlDd2dUPhGyGZTeEfz8beh8tWSGZ4lc66rhAQ9mYNaw2XSPaL8psoK+U0wzHgY068tnc7q17t05CZ5HQh8tWSGZ4lc66rhAQ9mOivj1B3XRKFmkpSXo4ZubeKRJ4NNaGAKFV8cjBJQDWsh7NAXL3x5D62/7w4Mhmftf2XiGlqeWlc66rhAQF+YxyoJarz4YAqvFVMrLT2I//caHLIDYoKoeTVB2SLQXtSZR+dwxYjQsE0hCmBpHv0lDD/l4gg==
要解密加密的字串,請執行以下操作:
- 在/opt/cgms-tools/bin/目錄下使用加密字串創建新的.txt檔案:
[root@fnd bin]# echo pXHcF+YxyoJarz4YAqvFVMrLT2I//caHLddiJfrb7k65RmceIJUNlDd2dUPhGyGZTeEfz8beh8tWSGZ4lc66rhAQ9mYNaw2XSPaL8psoK+U0wzHgY068tnc7q17t05CZ5HQh8tWSGZ4lc66rhAQ9mOivj1B3XRKFmkpSXo4ZubeKRJ4NNaGAKFV8cjBJQDWsh7NAXL3x5D62/7w4Mhmftf2XiGlqeWlc66rhAQF+YxyoJarz4YAqvFVMrLT2I//caHLIDYoKoeTVB2SLQXtSZR+dwxYjQsE0hCmBpHv0lDD/l4gg== > encrypted-password.txt
2.使用decrypt選項執行簽名工具,並再次指定金鑰庫檔案的準確路徑以及儲存加密密碼的.txt檔案的名稱。
[root@fnd bin]# ./signature-tool decrypt /opt/cgms/server/cgms/conf/cgms_keystore encrypted-password.txt Enter alias: cgms Enter password: AdminPassword
資料庫工具
與強大的命令列工具/實用程式集類似,FND包含一套基於GUI的良好工具,可幫助您分析和診斷資料庫問題。要訪問DB工具,請登入到FND部署的主儀表板,然後在URL的.com部分後面貼上/pages/diag/db.seam。
此區域有三個頁籤:資料庫查詢、資料庫資訊和日誌檢視器。通過資料庫查詢頁籤,您可以運行自定義查詢;如果按一下「查詢」按鈕右邊的顯示所有表,則該頁籤將提供所有表的清單。例如,要檢視所有裝置介面的第1層和第2層狀態,請在SQL查詢框中鍵入SELECT * FROM NET_INTERFACES,然後按一下Query按鈕。您將獲得所有HER和FAR介面、其MAC地址、每個介面的管理第1層狀態和第2層鏈路狀態的清單。
如果要驗證資料庫連線設定,請按一下db.seam頁的DB Info頁籤。在這裡,您將擁有對多個資料庫變數的只讀訪問許可權,例如連線URL、資料庫使用者名稱、Oracle版本、埠號、SID以及每個表的大小。此頁上還列出了快閃記憶體恢復區(FRA)的資訊,例如FRA上儲存的每種檔案使用的空間以及可回收的空間大小。
意見